Cyber Security audit of different Ministries and Departments has revealed repetitive critical oversights and non-conformities, particularly connectivity of internal networks with the internet, ineffective password management policy, and credentials sharing.
The National Telecommunication and Information Security Board (NTISB) has issued a ‘Cyber Security Advisory – User Level Common Oversights’ while saying that cyber security audit of different Ministries/Departments has revealed repetitive critical oversights/non-conformities, particularly the following:
- Connectivity of internal networks with the internet.
- Ineffective password management policy.
- Credentials sharing.
- Device control mechanisms are observed.
Recommendations
Following remedial measures to safeguard against falling prey to Cyber incidents are emphasized:
- All internal-network-based IT systems/user terminals (including official correspondence system) should not be connected to internet.
- Password policy be enforced on all systems. Minimum criteria should include 10x character length (at least 1x special and 1x upper case character).
- Passwords must not be saved in browsers nor written/pasted on desks. Clear desk/clear screen policy be ensured by all appointments.
- Sharing of credentials (user name/password) be strictly avoided.
- Separate USBs (after whitelisting) be used for official systems.
- Strict device-control policy, particularly on USBs be implemented.
- Forwarding of official e-mails to personal e-mail accounts be strictly avoided.
Follow ProPakistani on Google News & scroll through your favourite content faster!
Support independent journalism
If you want to join us in our mission to share independent, global journalism to the world, we’d love to have you on our side. If you can, please support us on a monthly basis. It takes less than a minute to set up, and you can rest assured that you’re making a big impact every single month in support of open, independent journalism. Thank you.
Govt employees who can hardly speak Urdu don’t even know what cyber security beast is. For them “conpooter” is an another planet thing. Better to replace the staff with good one.
Good
Good
Good