(Technewonline) Environment using pirated software, lack of maintenance on IT investment and not closely Achille's heel of Asian governments in network security problems.
Although the Government is increasing resources and IT budgets on security issues of network security, but still plenty of spots open and the loose in IT governance methods, using and policies - the main factors causing network attacks towards government networks.
Exposure data from the ...
Recent independent report of TRPC, entitled "Data of risk: The risk to the government website" reflects the Government of the countries of the Asia - Pacific region is now looking for methods implementing a strategic IT solutions to improve performance, data management services and establish a network connection environment, the main objective of network threats. Hazards from risk network is currently leading the government data, national security, the necessary infrastructure and international diplomatic issues.
Commissioned from Microsoft, report an assessment of trends across the entire IT infrastructure and systems of government sector, the IT-related investments, types of data ownership and data stored by the Government, the threat from the network towards the Government.
The objective of the study is to provide a roadmap strategy strong network security, reliability and stability for leaders and senior policy experts from government. TRPC report also indicates that IT investments are not strictly control the causes and open to malicious acts of cyber attacks from the original system.
The procurement of IT infrastructure, administration and IT support, maintenance services online and website to bring more harm to security, because at this stage of network security and vulnerability overlooked, such as the use of the software is not valid or does not have a license, purchase solutions from the supplier problems, and use of the software is out of date, as reported by TRPC.
... And "weak grave" self-defense
Share this regard, Mr. Keshav Dhakad, Regional Director, Division management issues online Crime and Intellectual Property, Microsoft Asia - Pacific stressed: "A comprehensive approach Network security must be implemented if a country is considered to be ready online: since the establishment of the team, "the emergency response to the problem of computer engineering" (CERTS) with high expertise and flexibility, training to serve the people, especially the civil servants do not specialize in IT and staff across the board, further protecting the purchasing process and bidding, to use reliable technology in the defense and response to cyber security attacks, is the main point of building an ecosystem of more secure. "
In addition, a global survey conducted by ISACA firm shows, most security professionals have never handled the constant attacks of advanced (Advanced Persistent Threat -APT) - a network attack Crime will take control and is located on the system without being detected for a long time, usually aimed at stealing data.
Research from ISACA shows that only 21.6% of respondents are met APT attacks. This indicates a risk that the user is not aware of the dangers APT to have adequate defenses. According to the report, 81.8% had not been home to provide updated protections against APT, while 67.3% of respondents did not have any knowledge of APT for their personnel.
So what is the solution?
A strategic network security firm is a comprehensive strategy, handling the full range of different classes attacks, including defense, response and can relieve the risk. Effective roadmap to build a solid strategy experts are proposed as follows:
Increased awareness and knowledge levels for the community, by educating business owners, students and government organizations are required to use the software update and copyrighted, safe surfing more, and the prevention of malicious code through the anti-virus solutions. On the other hand, officials of government IT procurement, contractors and agents units should adhere to strict, rigorous and tested standards of security and safety for the public as well as data security the country.
Ensure availability by creating an organization responsible for linking and coordinating the work of network security and preventive measures against attacks aimed at government institutions. Set up an emergency response team of technical computer problems (CERTS) or participate in a network of trusted CERT members to share knowledge and practice how to deal with the attacks or collect add other confidential information.
Prevents attacks by building and maintaining a proprietary line of IT infrastructure and security, through the implementation of the procurement process and maintaining strong IT. Develop, install and require the use of standard network security with IT providers for every segment of public administration, especially the sensitive national projects and critical infrastructure.
Feedback effective legal instruments in domestic, regional and international issues to deal with after a cyber attack. Development of best practice recommendations and targets under standardized time frame using a software upgrade in the public sector.
Minimize the damage by forming groups "Forensic network" in the region. This group can coordinate with CERT, private enterprise and the police to investigate the security breach and prevent losses. Building or attend a networking security or international organizations or government for more information, or complementary goals of the alliance or other confidential information.
Follow Microsoft
0 Comments