Question map
Not attempted Correct Incorrect Bookmarked
Loading…
Q85 (IAS/2017) Science & Technology › ICT, AI, Cybersecurity & Emerging Tech › Cybersecurity policy and regulation Official Key

In India, it is legally mandatory for which of the following to report on cyber security incidents ? 1. Service providers 2. Data centres 3. Body corporate Select the correct answer using the code given below :

Result
Your answer:  ·  Correct: D
Explanation

The correct answer is option D (1, 2 and 3) because service providers, intermediaries, data centers and body corporate shall report the cyber security incidents to CERT-In within a reasonable[1] time frame. This reporting requirement is established under the provisions of section 70B of Information Technology (IT) Act, 2000[2], which mandates CERT-In to handle response and reporting of cyber incidents[2].

All three entities mentioned in the question—service providers (statement 1), data centres (statement 2), and body corporate (statement 3)—are explicitly included in the list of entities that must mandatorily report cyber security incidents to CERT-In. Therefore, all three statements are correct, making option D the right answer.

This comprehensive reporting framework ensures that CERT-In, as India's national agency for cyber security, can effectively perform its function of collection, analysis and dissemination of information on cyber incidents[3].

Sources
  1. [1] https://naavi.org/importantlaws/itrules/jan4_2017_incident_report.pdf
  2. [2] https://www.cert-in.org.in/PDF/guidelinesgovtentities.pdf
  3. [3] https://prsindia.org/files/bills_acts/bills_parliament/2021/IT%20Act,%202000.pdf
How others answered
Each bar shows the % of students who chose that option. Green bar = correct answer, blue outline = your choice.
Community Performance
Out of everyone who attempted this question.
100%
got it right
PROVENANCE & STUDY PATTERN
Guest preview
Don’t just practise – reverse-engineer the question. This panel shows where this PYQ came from (books / web), how the examiner broke it into hidden statements, and which nearby micro-concepts you were supposed to learn from it. Treat it like an autopsy of the question: what might have triggered it, which exact lines in the book matter, and what linked ideas you should carry forward to future questions.
Q. In India, it is legally mandatory for which of the following to report on cyber security incidents ? 1. Service providers 2. Data centr…
At a glance
Origin: Mostly Current Affairs Fairness: Low / Borderline fairness Books / CA: 0/10 · 3.3/10
You're seeing a guest preview. The Verdict and first statement analysis are open. Login with Google to unlock all tabs.

This question bridges Current Affairs and Statutory Law. While standard books cover the IT Act broadly, the specific 'mandatory reporting' list comes from the 2013 CERT-In Rules, highlighted by 2017-era cyber threats (WannaCry). If a sector (Cyber Security) is in the news, you must know the *obligations* of private players, not just government bodies.

How this question is built

This question can be broken into the following sub-statements. Tap a statement sentence to jump into its detailed analysis.

Statement 1
As of 2017, are service providers in India legally required to report cyber security incidents?
Origin: Web / Current Affairs Fairness: CA heavy Web-answerable

Web source
Presence: 5/5
"Service providers, intermediaries, data centers and body corporate shall report the cyber security incidents to CERT-In within a reasonable ..."
Why this source?
  • Explicitly states the duty of service providers and similar entities to report incidents to CERT-In.
  • The phrasing 'shall report' indicates a legal/mandatory obligation rather than a recommendation.
Web source
Presence: 4/5
"and cyber security incidents in terms of the provisions of section 70B of Information Technology (IT) Act, 2000 (IT Act, 2000) ... issue guidelines, advisories, vulnerability notes and whitepapers relating to information security practices, procedures, prevention, response and reporting of cyber incidents;"
Why this source?
  • Links reporting of cyber security incidents to the statutory provisions of section 70B of the IT Act, 2000, establishing CERT-In's legal role.
  • Describes CERT-In functions including 'collection, analysis and dissemination of information on cyber incidents' and 'reporting of cyber incidents', supporting a legal reporting framework.

Geography of India ,Majid Husain, (McGrawHill 9th ed.) > Chapter 12: Transport, Communications and Trade > Internet > p. 43
Strength: 4/5
“As on December 31, 2006, there are 400 licenses for provision of Internet Services out of which 128 have signed Licenses for Provisions of Internet Services (including Internet Telephony). Based on reports received from Internet Service Providers till March 2006, there are approximately 12.00 million Internet subscribers in India (India 2010).”
Why relevant

Describes a licensing regime for Internet Service Providers (400 licences, 128 signed) indicating an existing regulatory framework governing ISPs.

How to extend

A student could check typical ISP licence conditions (reporting/notification clauses) or compare licence-era regulations around 2017 to see if incident-reporting was mandated.

Geography of India ,Majid Husain, (McGrawHill 9th ed.) > Chapter 17: Contemporary Issues > Cyber Crime > p. 93
Strength: 3/5
“15,000 police stations and 6000 higher offices of the police are connected in the country.• (v) Bengaluru city (Silicon Valley) recorded the most number of cyber cases in 2018 with 5035 FIRs. Delhi registered 84 cases as in 2017. Other metro cities with high record of cybercrime cases are Hyderabad, Kolkata and Chennai. The increasing use of laptops and mobile phones have caused a negative impact on the youth. The cyber crimes against the children and the women account for about 30%.• (vi) Technology evolution and innovations make it challenging to detect the cyber crimes. CAA”
Why relevant

Reports high counts of cybercrime cases (city-level FIRs) and notes technology makes detection challenging, implying government and police engagement with cyber incidents.

How to extend

One could infer that high incident levels might motivate legal obligations for providers; verify by looking up 2017 policies or advisories from law enforcement/Ministry of Home Affairs on mandatory reporting.

Indian Economy, Nitin Singhania .(ed 2nd 2021-22) > Chapter 5: Indian Tax Structure and Public Finance > GOOGLE TAX OR EQUALISATION LEVY > p. 89
Strength: 3/5
“• This direct tax is applicable on payment exceeding ₹1 lakh during a financial year.• It is withheld by recipient Indian companies at the time of payment to service providers (non-resident companies) for digital service rendered.• Non-resident service providers cannot claim tax credit against it in their home country under the Double Taxation Avoidance Agreements.• From 2016-17 to 2018-19, the Central Government has earned just ₹1800 crore from equalisation levy”
Why relevant

Shows the government imposed specific rules on digital service providers (equalisation levy withheld by Indian companies), demonstrating precedent for targeted regulation of service providers.

How to extend

Use this as a pattern that India enacted service-specific regulatory duties; search for contemporaneous cyber/security-specific rules applying analogous obligations (e.g., reporting) to service providers in 2017.

Indian Economy, Nitin Singhania .(ed 2nd 2021-22) > Chapter 7: Money and Banking > CRYPTOCURRENCIES > p. 160
Strength: 2/5
“In April 2018, RBI banned the trading of virtual currencies or cryptocurrencies in India. However, in 2020, the Supreme Court (SC) lifted the ban on cryptocurrencies which was imposed by the RBI. The SC held that the complete ban on trading was excessive. There is no such Act enacted yet to regulate cryptocurrencies in India.”
Why relevant

States absence of an enacted Act to regulate cryptocurrencies even after major regulatory steps, illustrating that in some digital domains India lacked formal legislation as of the dates referenced.

How to extend

As a cautionary counter-pattern, a student could use this to argue that absence of an Act in one tech area means specific legal obligations (like mandatory incident reporting) are not automatic—so they should look for explicit rules or advisories from 2017.

Statement analysis

This statement analysis shows book citations, web sources and indirect clues. The first statement (S1) is open for preview.

Login with Google to unlock all statements.

Statement analysis

This statement analysis shows book citations, web sources and indirect clues. The first statement (S1) is open for preview.

Login with Google to unlock all statements.

How to study

This tab shows concrete study steps: what to underline in books, how to map current affairs, and how to prepare for similar questions.

Login with Google to unlock study guidance.

Micro-concepts

Discover the small, exam-centric ideas hidden in this question and where they appear in your books and notes.

Login with Google to unlock micro-concepts.

The Vault

Access hidden traps, elimination shortcuts, and Mains connections that give you an edge on every question.

Login with Google to unlock The Vault.

✓ Thank you! We'll review this.

SIMILAR QUESTIONS

CAPF · 2022 · Q95 Relevance score: 4.20

Consider the following statements with reference to the latest guidelines issued by the Indian Computer Emergency Response Team (CERT-In): 1. Data centres and service providers shall compulsorily report cyber security breaches within 24 hours. 2. Virtual Private Network providers shall retain user data for at least five years and share records with authorities when required. Which of the statements given above is/are correct?

IAS · 2020 · Q50 Relevance score: -0.81

In India, under cyber insurance for individuals, which of the following benefits are generally covered, in addition to payment for the loss of funds and other benefits ? 1. Cost of restoration of the computer system in case of malware disrupting access to one's computer 2. Cost of a new computer if some miscreant wilfully damages it, if proved so 3. Cost of hiring a specialized consultant to minimize the loss in case of cyber extortion 4. Cost of defence in the Court of Law if any third party files a suit Select the correct answer using the code given below :

IAS · 2020 · Q99 Relevance score: -3.40

In India, Legal Services Authorities provide free legal services to which of the following type of citizens ? 1. Person with an annual income of less than ₹ 1,00,000 2. Transgender with an annual income of less than ₹ 2,00,000 3. Member of Other Backward Classes (OBC) with an annual income of less than ₹ 3,00,000 4. All Senior Citizens Select the correct answer using the code given below :

CDS-II · 2016 · Q96 Relevance score: -3.82

Under Article 352 of the Constitution of India, an emergency can be declared if security of any part of India is threatened by 1. war 2. external aggression 3. armed rebellion 4. internal disturbance Select the correct answer using the code given below.

IAS · 2020 · Q91 Relevance score: -4.05

Consider the following statements : 1. Aadhaar metadata cannot be stored for more than three months. 2. State cannot enter into any contract with private corporations for sharing of Aadhaar data. 3. Aadhaar is mandatory for obtaining insurance products. 4. Aadhaar is mandatory for getting benefits funded out of the Consolidated Fund of India. Which of the statements given above is/are correct ?