Section 2 in The Information Technology (Information Security Practices and Procedures for Protected System) Rules, 2018
2. Definitions.
(1)In these rules, unless the context otherwise requires -(a)"Act" means the Information Technology Act, 2000 (21 of 2000);(b)"Chief Information Security Officer" means the designated employee of Senior management, directly reporting to Managing Director /Chief Executive Officer/Secretary of the organisation, having knowledge of information security and related issues, responsible for cyber security efforts and initiatives including planning, developing, maintaining, reviewing and implementation of Information Security Policies;(c)"Critical Information Infrastructure" means Critical Information Infrastructure as referred to in explanation of sub-section (1) of section 70 of the Act;(d)"Cyber Crisis Management Plan" outlines a framework for dealing with cyber related incidents for a coordinated, multi-disciplinary and broad-based approach for rapid identification, information exchange, swift response and remedial actions to mitigate and recover from malicious cyber related incidents impacting critical processes;(e)"Cyber Incident" means any real or suspected adverse event that is likely to cause or causes an offence or contravention, harm to critical functions and services across the public and private sectors by impairing the confidentiality, integrity, or availability of electronic information, systems, services or networks resulting in unauthorised access, denial of service or disruption, unauthorised use of a computer resource, changes to data or information without authorisation; or threatens public health or safety, undermines public confidence, have a negative effect on the national economy, or diminishes the security posture of the nation;(f)"Information Security Management System" means a set of policies, processes and procedures to establish, implement, operate, monitor, review, maintain and continually improve information security and minimize the risks by developing, maintaining, implementing and reviewing the adequate and appropriate security controls;(g)"Information Security Steering Committee" means the committee comprising higher management officials of the organisation, responsible for continuously improving and strengthening the cyber security posture of the Protected System and also plan, develop, review remedial actions to mitigate and recover from malicious cyber incidents;(h)"IT Security Service Level Agreements" means the legally recognised Service Level Agreements between the service providers and officials related to the "Protected System" for securing information related to "Protected System";(i)"National Critical Information Infrastructure Protection Centre" means the agency established under sub-section (1) of section 70A of the Act;(j)"Organisation" means-(i)Ministries or Departments of the Government of India, State Governments and Union territories;(ii)any agency of the Central Government, State Governments and Union territories;(iii)any other entity having a `Protected System'.(k)"Protected System" means any computer, computer system or computer network of any organisationas notified under section 70 of the Act, in the official gazette by appropriate Government.(l)"Service Provider" means any authorised individual(s), Government organisation, Public Sector Units(PSU), private agency, private company, partnership firm or any other body or agency providing services for the smooth and continuous functioning of the `Protected System'.(2)All other words and expressions used and not defined in these rules but defined in the Act shall have the meanings respectively assigned to them in the Act.
