Express Computer
Home  »  Exclusives  »  Organisations Need To Have a Comprehensive Cybersecurity Policy: Antriksh Johri, Director-IT, CBSE

Organisations Need To Have a Comprehensive Cybersecurity Policy: Antriksh Johri, Director-IT, CBSE

0 345

The Central Board of Secondary Education (CBSE), a national education board with schools present across India and 26 foreign countries, has pioneered multiple digital transformation initiatives to bring ease of doing business and ease of living for its primary stakeholders including students, parents, teachers, school administration, and its own employees. Antriksh Johri, Director (IT and Projects), CISO and CDO, CBSE opened up on the board’s innovative initiatives to spur digitalisation and adopt new-gen technologies to match the global pace of growth.

How are you leveraging cutting-edge technologies like AI, ML, automation, and blockchain to transform operations at CBSE?

We have strengthened our affiliation system – SARAS by incorporating the capabilities of Artificial Intelligence (AI) and Machine Learning (ML). The documents submitted by the schools for the affiliation process undergo checks by AI and ML tools for the validity of documents and inconsistencies in the information submitted.

CBSE has also created an Academic Blockchain Document repository that utilises blockchain to store various kinds of academic documents. In technical collaboration with the Centre of Excellence for Blockchain Technology of National Informatics Centre under the Ministry of Electronics and Information Technology (MeitY), Government of India, we have developed and implemented a solution using blockchain named “Academic {Blockchain} Documents (ABCD)”. Blockchain ensures that academic documents are recorded in a secure and tamper-proof manner. These academic documents can be accessed online in a trusted and verifiable manner.

Data analytics is yet another tool that CBSE uses to unlock insights from data to drive informed decision-making, optimise processes by extracting valuable insights and patterns from large and complex data sets. Also, we harness its power in analysing the student registration data, examination data, training portal data, etc. For example, with the help of almost real-time analysis of examination evaluation, we are able to predict the number of teachers required per evaluation centre per subject to get all of the copies evaluated within the targeted timeframe. Moreover, we are able to monitor the scoring pattern. Another example could be from training data analytics where we are able to pre-determine the training requirements for teachers across geography and plan our training sessions accordingly in advance. Other than these, Data Forensics is used at CBSE to ensure fairness in our administered examinations.

There have hardly been any cases of question paper leaks regarding CBSE board examinations. What steps has CBSE implemented to ensure such a high level of security? Has adopting the digital approach played a major role?

With the help of advanced IT capabilities, we have taken strict measures to strengthen our examination system and protect it from any kind of external intervention. We have created an end-to-end monitoring and vigilance system fully governed and supported by IT applications to restrict any unwanted access.

CBSE has developed and implemented apps for effective material tracking, monitoring, and electronic surveillance of confidential material. Various apps have been developed for electronic surveillance, tracking, and monitoring of highly confidential and sensitive materials for exam functionaries. These apps ensure a real-time, geo-tagged, and tamper-proof image collection of the person and confidential material uploaded on the cloud for cross-examination.

The app ensures 4Rs – Right  person, Right location, Right timeline, Right disclosure

We have also developed OEQPD (Online Encrypted Question Paper Delivery System). It is a system for just-in-time encryption, dissemination, decryption of encrypted, and printing of question papers for instant and secure delivery of question papers to prevent any possible chance of malpractices. This leads to just-in-time availability of question papers, saves logistic expenditure, and reduces carbon footprint.

In your opinion, do you think CBSE can pose a case study for other Indian and global education boards in terms of digital adoption?

Definitely. Although it is an uphill task yet, CBSE has gradually developed multiple digital systems towards the creation of a comprehensive and digitally-transformed ecosystem for all of its domains. To highlight a few of our multiple digital adoptions that may pose themselves as case studies for both Indian and global education boards, we can talk about:

Parinam Manjusha: An online repository of CBSE result data, developed and implemented by CBSE in collaboration with the National e-Governance Division (NeGD) and provides us digitally signed, QR coded, and tamper-proof digital academic documents immediately after the declaration of results.

Result data of Class X & XII examinees of the last 23 years i.e., 2000-2022, and CTET data for the last five years i.e., 2018-2022 is available for download by students and verification by employers and higher education institutions. There is no need for duplicate document requisition anymore (due to loss, damage of documents) as students can always access their documents through DigiLocker which is integrated with the academic repository. Further, digitisation of legacy data from 1975 onwards is under progress which will make the repository the largest in the world.

The repository also enables data sharing through APIs which enables higher education institutions, Government employers, counseling bodies, and government bodies providing scholarships access/ verify the result data. To facilitate students studying abroad or going for employment, this repository has been integrated with e-SANAD of the Ministry of External Affairs (MEA) for e-apostle of their academic documents. During Covid, a special provision of ‘Face Matching Technology’ was made for foreign students to access their digital academic documents.

Therefore, Parinam Manjusha has helped in alleviating a lot of pain points for education stakeholders including students, higher education institutes, employers, and government bodies.

SARAS: School Affiliation Re-engineered Automation System. The CBSE has developed and implemented an integrated affiliation system in the name of SARAS which follows the National Education Policy (NEP) 2020 guideline of ‘light but tight’ regulatory framework to ensure integrity, transparency, and resource efficiency of the educational system through audit and public disclosure while encouraging innovation and out-of-the-box ideas through autonomy, good governance, and empowerment.

The affiliation process at CBSE has thus now become an end-to-end digitised system that captures and utilises GIS data, integrated payment system, automatic inspection/ review committee allocation, and more.

Some of the major impacts that this system has brought in are as follows: Documents and compliance issues were significantly reduced. The average time for processing has been significantly reduced from six months to approximately less than a month. The delay in payment of the inspection/review committee has been almost eliminated.

Pariksha Sangam: Pariksha Sangam is a comprehensive digital platform for all examination-related resources and digital solutions for all major activities pertaining to all major stakeholders including schools, Regional Offices (ROs) of CBSE, and the Head Office. It is an integrated examination system that encompasses all the tools and applications to be utilised by stakeholders at different stages of the entire examination process. It has three sections namely Ganga (for Schools), Yamuna (for ROs), and Saraswati (for HO). These three sections may be looked upon as gateways for their respective stakeholders to all of the exam-related materials, resources, and portals.

Integrating all these applications at the backend and bringing all these access points under one place for users has helped in enhancing transparency and eliminating the confusion and chaos of searching for resources from multiple points.

Prasikshan Triveni: We have recently developed and launched a new portal, ‘Prashikshan Triveni’ – a one-stop portal for all training activities for CBSE teachers. The portal provides an integrated platform for training reference material, registration of teachers and resource persons for training, communication (HARKARA), and payments systems (IPS) among others. This integrated training system caters to the need of all stakeholders such as Principles/ Teachers, Centres of Excellence (CoEs), and Training Directorate.

Prashikshan Triveni has three sections named ‘Bhagirathi’ for Principals/ Teachers, ‘Kalindi’ for Centres of Excellence, and ‘Sharda’ for the Training Directorate such that these act as one point source for all. Bringing all these useful access points in one portal has helped in enhancing efficiencies of the training department. The data analytics available via MIS is a major contributor in proactively planning the training calendar, eliminating redundant training programmes, and focusing on the most important outcomes.

IPS: Integrated Payment System (IPS) is a single system developed and implemented by CBSE to bring all kinds of payment activities under one platform. It has substantially reduced payment delays for multiple proceedings such as examinations, inspections for affiliation, etc. More than a million faculty members including principals and teachers deputed for various exam duties, training, and affiliation activities are being benefitted by this system. It ensures direct bank transfer (DBT) to the beneficiary’s account. The system has built-in checks/ validations and generates alerts for non-successful payments.

With more digital interventions the need for a robust cybersecurity framework also increases. As per you how significant is cybersecurity in the education sector and what are the endpoints that are most vulnerable to cyber-attacks?

Cybersecurity is of utmost significance in the education sector as educational institutions today rely heavily on technology to store and process sensitive data, including student information, examination results data, and financial records. With the increasing use of digital devices and online platforms in education, the risks associated with cyber threats have become more prevalent.

Considering the entire education sector, endpoints that are most vulnerable to cyber-attacks include:

Web applications such as student registration system, online assessment systems, virtual classrooms, etc.
Communication systems with students and parents such as emails and messages.
Student information systems such as examination data, results data, academic documents storage, and more.

How do you ensure that your employees do not pose a vulnerability to cyber-attacks?

Ensuring that employees do not pose a vulnerability to cyber-attacks is crucial for maintaining the security of our organisation. There are several steps that have been taken to achieve this. Firstly, employee training and awareness programs have been conducted to regularly educate employees about the importance of cybersecurity and how to identify potential cyber threats. Regular training sessions and updates help ensure that employees are equipped with the necessary knowledge and skills to identify and avoid cyber attacks. Additionally, security audits are conducted by a team of specialised professionals with the necessary skillsets to identify potential vulnerabilities and ensure that all necessary security measures are in place.

We have also developed a Cyber Crisis Management Plan (CCMP). Within the office premise, no external drive access is allowed in the systems as USB access is prohibited. Remote access to systems is allowed only via a secure VPN. Creating a culture of cybersecurity awareness and responsibility has been another effective way to ensure that all employees take their role in maintaining the organisation’s security seriously.

What strategies and technologies CBSE is leveraging to safeguard its systems, networks, and data?

The Central Board of Secondary Education employs a range of strategies and technologies to safeguard its systems, networks, and data. These measures are designed to protect against potential cyber threats and ensure the security and confidentiality of CBSE’s information assets. We perform regular security audits with the help of specialised professionals. Other than internal audits, we also get all of our systems audited by CERT-In empanelled agencies to ensure maximum scrutiny and complete elimination of any possibility of vulnerability. In addition, the CBSE maintains all its data in a secured and encrypted form. The firewalls and anti-virus are installed in each and every system and the entire network and it is upgraded at frequent intervals to handle and eradicate any new threats as well. Employees are regularly trained against any possible malpractices. CBSE also takes care of the sensitisation of all of the stakeholders including students, teachers, and principals against possible cyber threats.

Kindly shed light on a few best practices for education boards and institutions to innovate with the best of their capacities while ensuring cybersecurity?

Some best practices that education boards and institutions should follow to innovate while ensuring robust cybersecurity measures should start with, the development and implementation of a comprehensive cybersecurity policy that encompasses guidelines, procedures, and best practices for safeguarding systems, networks, and data. This policy should be regularly reviewed and updated to address emerging threats and technologies.

Other than this, organisations should continuously encourage employees to train and educate themselves towards design thinking and brainstorming while getting trained in the identification of possible vulnerabilities and threats.

Boards and institutions must regularly update their systems by infusing new and upcoming advanced technologies via re-engineering processes but at the same time keep the security measures top-notch and upgraded for quick elimination of any kind of threats by getting periodic security audits.

Get real time updates directly on you device, subscribe now.

Leave A Reply

Your email address will not be published.

LIVE Webinar

Digitize your HR practice with extensions to success factors

Join us for a virtual meeting on how organizations can use these extensions to not just provide a better experience to its’ employees, but also to significantly improve the efficiency of the HR processes
India's Leading e-Governance Summit is here!!! Attend and Know more.
Register Now!
Attend Webinar & Enhance Your Organisation's Digital Experience.
Register Now
Enable A Truly Seamless & Secure Workplace.
Register Now
Attend Inida's Largest BFSI Technology Conclave!
Register Now
Know how to protect your company in digital era.
Register Now
Protect Your Critical Assets From Well-Organized Hackers
Register Now
Find Solutions to Maintain Productivity
Register Now
Live Webinar : Improve customer experience with Voice Bots
Register Now
Live Event: Technology Day- Kerala, E- Governance Champions Awards
Register Now
Virtual Conference : Learn to Automate complex Business Processes
Register Now