Govt directs immediate security audit of all official websites
Govt directs immediate security audit of all official websites
Employees to be sensitized on fake WhatsApp messages
Step being taken to check menace of spamming, phishing
JAMMU, July 10 : In order to check menace of spamming and phishing, the Government of Union Territory of Jammu and Kashmir has issued directions for immediate security audit of all the official websites and sensitization of all the employees on fake WhatsApp messages. Moreover, it has been made clear that no digital service shall be started without security audit through the empanelled agencies.
As per the Information Technology Act, 2008, it is mandatory to have security audit of all the applications and web services to be eligible for hosting in the State Data Centre (SDC). Since constant changes are being done in the solutions deployed at the SDC, it is strongly recommended that post successful hosting of a website in the SDC, a periodic security audit, as per the required frequency, should be executed for the same.
The issue of security audit of all the official websites came up for discussion in recent meetings of Committee of Secretaries chaired by Chief Secretary Dr Arun Kumar Mehta and accordingly all the departments were directed to get this vital exercise conducted in consultation with the Information Technology Department, official sources told EXCELSIOR.
It is pertinent to mention here that a website security audit is a process that assesses website/ application for vulnerabilities and loopholes.
The audit scans websites and the server for the existing or potential weaknesses that hackers can exploit. “The purpose of this exercise is to proactively look for discrepancies in website’s architecture and eliminates them before hackers, with malicious intent, can notice it”, sources said.
“ The Information Technology Department is in the process of engaging some of the empanelled agencies for the task and hopefully the security audit of all the official websites will begin in next few months”, they said while disclosing that Government has already made it clear that in case of non-compliance of directions regarding security audit the hosting of services will be stopped at the State Data Centre.
Moreover, the Chief Secretary has directed all the departments to get the cyber security audit of their digital services conducted through the empanelled agencies, which shall be coordinated by the concerned Information Security Officer in consultation with the Information Technology Department.
“ The security audit of all the 207 digital services presently available to the public has already been conducted and from now onwards it shall be ensured that no such service is hosted without the security audit as any slackness in this regard may lead to some problems for the Government”, sources further said.
As the menace of spamming and phishing has started worrying the Government, the directions have been issued to the Information Technology Department to sensitize all the Government employees on fake WhatsApp messages besides exploring the use of other applications and official e-mails for official communications.
“ The Information Technology Department is already in the process of using M-Seva Application for sensitizing the Government employees by sending them SMSes”, sources said, adding “Spam is unsolicited email, instant messages, or social media messages.
These messages are fairly easy to spot and can be damaging if one opens or responds while as phishing is an email sent from an internet criminal disguised as an email from a legitimate and trustworthy source”.
It is worthwhile to mention here that beyond the annoyance and the time wasted sifting through unwanted messages, spam can cause significant harm by infecting users’ computers with malicious software capable of damaging systems and stealing personal information.
The goal of the phishing attacks is to steal sensitive data like credit card and login information, or to install malware on the victim’s machine. During the past few years the incidents of spamming and phishing have increased in the Union Territory of Jammu and Kashmir.(DailyExcelsior)