When governments, business and the citizens are migrating from physical world to “e” world to meet their requirements and achieve objectives through electronic channels, cyber security becomes one of the most important and complex topic for all stakeholders.
Cyber security is not limited to emails, social media, websites and web based applications but also to the network security and operating systems.
The hacking of social media accounts, websites and web applications has been on the rise globally during the past few years. Sri Lanka is no exception, and has been a victim of a number of politically motivated cyber attacks in the past few years.
Being the apex body for ICT in Sri Lanka, ICTA recognized that cyber security is a specialized field, and set up a subsidiary called Sri Lanka Computer Emergency Readiness Team| Coordinating Centre (Sri Lanka CERT|CC) www.slcert.gov.lk to meet the information security needs of the nation. Sri Lanka CERT|CC provides advisory and technical assistance to all types of stakeholders.
Sri Lanka CERT|CC provides advisory and technical assistance to all types of stakeholders.
- Business Establishments
- Government Organizations
- If your government organization has a website or web/mobile based applications, you should immediately contact Sri Lanka CERT|CC and request them to carry out an Information Security (IS) Audit. IS audits on your IT systems should be carried out every 6 months, at the very minimum.
- Sri Lanka CERT|CC conducted a web security workshop/seminar for government CIOs on 2013-03-20. This workshop gave a clear overview of type of web security threat and how to be prepared for such challenges. It also covered how CIOs could handle media in relation to cyber security issue. These useful presentations are available at http://www.slcert.gov.lk/sat.htm and it is highly recommended for government organizations to refer the presentations and contact Sri Lanka CERT|CC if you need any clarifications.
- Ensure your website is compliant with Sri Lanka Government web standards. Adherence to the government web standards is a requirement of eGovernment policy which was approved by the Cabinet of Ministers. This makes it mandatory for all government organizations to adhere to the government web standards. The Government Web Standard can be downloaded the link given below; http://www.icta.lk/attachments/254_Government_web_standards_v3.0.pdf
- Ensure that your web developer or the party responsible for maintain the website comply with Information Security checklist compiled ICTA and the compliance check are carried out in every 6 months. Information Security checklist can be downloaded the link given below; http://www.icta.lk/attachments/254_Web_security_checklist%20v1.0.pdf
- Ensure that your organization has adopted, implemented and conforming to the Information Security Policy which has been approved by the Cabinet of Ministers through the eGovernment Policy. You may get the assistance of the SLCERT|CC for implementing the IS Policy for your government You can download the condensed IS Policy and the complete IS Policy from the links given below. http://www.icta.lk/en/programmes/re-engineering-government/129-policy-documents/911-information-security-policy.html
Citizens who use emails, social media and many web applications such as e-banking are misled and duped by people who have malicious and financial intents. Citizens are advised to visit Sri Lanka CERT|CC website, subscribe to their email newsletter which provides valuable advice for avoiding such traps. In case citizen have become victims of such malicious acts they are advised to call the Sri Lanka CERT|CC hotline 011 2691692 obtaining advice and assistance.
Business Establishments are also advised to visit Sri Lanka CERT|CC website and subscribe to its IS newsletter for taking preventing measures. If your business organization has become a victim of IS based malicious acts you may call Sri Lanka CERT|CC hot line to get technical assistance which are provided at a reasonable fee.