Information Security (InfoSec) is the practice of protecting information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction.
- In the context of Nepal, the growth of ICT (Information and Communication Technology), e-governance, banking systems, and digital services has increased the importance of robust security policies.
Nepal faces unique challenges such as limited resources, lack of awareness, inadequate legal frameworks, and increasing cybercrime incidents. To address these, governmental policies, laws, and institutional mechanisms have been developed.
Objectives of Information Security in Nepal
- Confidentiality – It ensures that sensitive information is only accessible to authorized individuals.
- Integrity – It safeguards data from unauthorized modification.
- Availability – It ensures that systems and information are accessible when needed.
- Accountability – It tracks and monitor user activities for security and transparency.
- National Security – It protects critical infrastructure, financial systems, and government data from cyber threats.
Key Information Security Policies in Nepal
Several policies and acts guide information security in Nepal:
- National Information Security Policy
- Cybersecurity Framework
- Electronic Transaction Act (ETA), 2008
- Cybercrime Laws
- Data Privacy and Protection
a. IT Policy of Nepal (2000, Revised 2010 & 2015)
- Encourages the development of ICT infrastructure.
- Promotes e-governance, e-commerce, and ICT-based education.
- Focuses on building secure digital systems to promote trust in technology.
b. Electronic Transaction Act (ETA), 2008
- Also known as Cyber Law of Nepal.
- Provides legal recognition of electronic transactions and digital signatures.
- Defines cybercrime offenses such as hacking, unauthorized access, computer fraud, identity theft, and publication of illegal content.
- Establishes penalties and legal frameworks for prosecution.
c. Electronic Transaction Rules, 2007
- Implements the provisions of ETA.
- Provides detailed rules for certifying authorities, digital signatures, and secure communications.
d. IT Policy, 2015
- Updated to align with Digital Nepal Framework.
- Emphasizes cybersecurity, ICT capacity building, data protection, and digital inclusion.
- Promotes public-private partnerships in ICT security.
e. Digital Nepal Framework (2019)
- National strategy to transform Nepal into a digital economy.
- Highlights cybersecurity as a critical enabler for sectors like education, health, agriculture, and finance.
- Stresses development of secure digital platforms for public services.
f. National Cyber Security Policy (Draft, 2021 onwards)
- Drafted to strengthen Nepal’s preparedness against rising cybercrime and cyberattacks.
- Focuses on:
- Establishing National Cyber Security Centre (NCSC).
- Promoting cyber awareness and education.
- Setting up incident response teams (CIRT/CSIRT).
- Encouraging international cooperation in cyber defense.
Major Information Security Challenges in Nepal
- Lack of awareness among citizens and businesses.
- Shortage of skilled cybersecurity professionals.
- Weak enforcement of laws and policies.
- Increased cyber threats like phishing, ransomware, hacking, and banking fraud.
- Limited infrastructure and budget for cybersecurity projects.
- Dependence on foreign IT services and outsourcing, creating vulnerabilities.
Measures for Strengthening Information Security in Nepal
- Awareness and Training – Nationwide campaigns to educate individuals and organizations.
- Capacity Building – Training cybersecurity professionals and ethical hackers.
- Legislation and Enforcement – Updating ETA and implementing data protection laws.
- Cyber Incident Response Teams (CIRT) – For quick response and recovery.
- Public-Private Partnerships – Collaboration with banks, telecoms, and IT companies.
- International Cooperation – Sharing cyber threat intelligence with neighboring countries and global organizations.
- Critical Infrastructure Protection – Special focus on power grids, telecom, banking, and government services.
