Cyber Security audit of different Ministries and Departments has revealed repetitive critical oversights and non-conformities, particularly connectivity of internal networks with the internet, ineffective password management policy, and credentials sharing.
The National Telecommunication and Information Security Board (NTISB) has issued a ‘Cyber Security Advisory – User Level Common Oversights’ while saying that cyber security audit of different Ministries/Departments has revealed repetitive critical oversights/non-conformities, particularly the following:
- Connectivity of internal networks with the internet.
- Ineffective password management policy.
- Credentials sharing.
- Device control mechanisms are observed.
ALSO READ
Recommendations
Following remedial measures to safeguard against falling prey to Cyber incidents are emphasized:
- All internal-network-based IT systems/user terminals (including official correspondence system) should not be connected to internet.
- Password policy be enforced on all systems. Minimum criteria should include 10x character length (at least 1x special and 1x upper case character).
- Passwords must not be saved in browsers nor written/pasted on desks. Clear desk/clear screen policy be ensured by all appointments.
- Sharing of credentials (user name/password) be strictly avoided.
- Separate USBs (after whitelisting) be used for official systems.
- Strict device-control policy, particularly on USBs be implemented.
- Forwarding of official e-mails to personal e-mail accounts be strictly avoided.
Govt employees who can hardly speak Urdu don’t even know what cyber security beast is. For them “conpooter” is an another planet thing. Better to replace the staff with good one.
Good
Good
Good