Cyber Secure India (CSI)Cyber Secure Nation by 2030

1. Security commitment

Cyber Secure India (CSI) promotes lawful, ethical and responsible cyber security practice. The website is a static public-information and enquiry platform. We aim to keep it simple, fast and limited in data collection so that its security footprint remains manageable.

2. Responsible disclosure

If you believe you have found a security issue in this website, form handling or Cyber Secure India (CSI) communications, email abhijit@cybersecureindia.org. Include the affected URL, steps to reproduce, expected impact, screenshots if useful and your contact details. Do not publicly disclose the issue before we have had a reasonable opportunity to review it.

3. Prohibited testing

Do not perform denial-of-service testing, social engineering, spam submission, credential attacks, destructive testing, automated high-volume scanning, data extraction or attempts to access systems without written authorisation. Security research must not compromise confidentiality, integrity or availability.

4. CyberCoffee boundaries

CyberCoffee is a practical security conversation and lightweight readiness review. It is not a substitute for a full penetration test, compliance audit, forensic investigation, legal opinion or certification unless a separate written scope is agreed. Any technical testing must be authorised, time-bound and limited to assets approved by the organisation.

5. Training ethics

Cyber Secure India (CSI) teaches offensive techniques only to build awareness, defensive skill and responsible judgement. Demonstrations are conducted in controlled environments such as labs, CTFs or intentionally vulnerable systems. Participants must not use workshop knowledge against real systems without permission.

6. Scope of authorised testing

Any authorised security activity must have a written scope that identifies the systems, dates, methods, contacts and exclusions. If a system is not listed in scope, it must be treated as out of scope. Testing should stop immediately if it risks service disruption, data exposure, privacy harm or impact to third parties.

7. Vulnerability handling

Reports should be factual and reproducible. A good report includes a summary, affected asset, impact, reproduction steps, screenshots or logs where appropriate, and a suggested remediation path. Do not include unnecessary personal data, secrets, downloaded databases or exploit code beyond what is needed to prove the issue safely.

8. Citizen safety note

If you are facing active financial cyber fraud in India, report immediately through the National Cyber Crime Portal or helpline 1930. Cyber Secure India (CSI) is not an emergency law-enforcement service and cannot freeze transactions or investigate crimes on behalf of authorities.

9. Sensitive information

Do not send passwords, OTPs, private keys, production credentials, payment card details, Aadhaar copies or confidential vulnerability details through public forms. Use email first to establish an appropriate channel and scope.

10. No bounty commitment

Unless a separate written program is announced, Cyber Secure India (CSI) does not operate a public bug bounty program and does not promise payment, swag, public recognition or engagement for unsolicited testing. Responsible reports are still appreciated and will be reviewed in good faith.

11. Contact

Security concerns can be sent to abhijit@cybersecureindia.org.