Compliance
RBI, SEBI CSCRF, CERT-In, ISO 27001, SOC 2 — Indian regulatory mapping.
Module 6 · RBI / SEBI / IRDAI Cyber Audit — Indian Regulator Patterns
Why this module exists. Indian regulated entities are audited by their sector regulator (RBI, SEBI, IRDAI, TRAI, etc.) on a different cadence…
AcademyModule 4 · SOC 2 Audit Preparation — Type I to Type II
Why this module exists. Most Indian SaaS companies aim for SOC 2 because their customers demand it. The discipline differs materially from…
AcademyModule 5 · Continuous Control Testing and Automation
Why this module exists. Manual quarterly access reviews break the moment the security team is busy with anything else. Continuous control testing…
AcademyModule 3 · ISO 27001 Internal Audit — Pre-Certification Readiness
Why this module exists. ISO 27001:2022 has 93 Annex A controls grouped into four themes. The internal audit verifies these are implemented…
AcademyModule 5 · Cyber Crime Investigation in India — Working with Cybercrime Cells
Why this module exists. Most cyber incidents an enterprise reports do not result in successful prosecution. Sometimes that is because the attacker…
AcademyModule 6 · Indian Evidence Act Section 65B — Electronic Evidence Admissibility
Why this module exists. The most-common reason cyber cases collapse in Indian courts is not investigation failure — it is evidence inadmissibility…
AcademyModule 3 · CERT-In 2022 Directions — The 6-Hour Reporting Reality
Why this module exists. Three years on, most Indian enterprises are still uncertain about which CERT-In Directions apply to them, what counts…
AcademyModule 4 · DPDP Cross-Border Data Transfer and the Negative List
Why this module exists. The cross-border-transfer regime under DPDP is materially different from what came before (the Section 43A regime under IT…
AcademyModule 2 · IT Act 2000 — Practitioner Section Reference
Why this module exists. Indian security practitioners are routinely asked “is this a Section 66 case or a Section 43A case?” or…
AcademyModule 6 · Risk Treatment — Mitigate, Transfer, Accept, Avoid
Why this module exists. A risk register that produces no closed risks is a registry, not a programme. The treatment lifecycle is…