Jammu: The J&K e-Governance Agency (JaKeGA) organized two day training cum handholding session on Security Audit of departmental websites for nodal officers of government departments.
The session aimed at providing assistance for onboarding of security audit agencies so that necessary security compliance of their applications and websites is ensured by the concerned departments. The session was attended by 43 officers and officials from 36 departments.
The session was organized under the supervision of Chief Executive Officer, JaKeGA, Anuradha Gupta while team of officials including Saima Mir, Project Manager JaKeGA and Arun Panotra, Analyst IT, JaKeGA conducted the training and handholding session.
It was highlighted during the session that as per Information Technology Act, it is mandatory to get the security audit of all the web applications and web services being carried out in order to be eligible for hosting in Data Centre.
The security audit reduces vulnerabilities and minimizes damage from cyber incidents and most importantly it aims at protecting government data hosted in SDC. Therefore, it is imperative that websites and applications are audited and updated with latest security certificates on periodic basis as per the guidelines issued by the Cert-In.
During the training session, the experts from JaKeGA explained to the departmental nodal officers the process for carrying out the security audit of the unaudited websites. The necessary GEM procurement process was also explained to the Nodal officers besides addressing the technical queries.
The officers from participating departments were told that the websites need to be audited by the CERT-IN empanelled agencies only. The clearance from security audit is necessary for a website for its hosting on J&K Data Centre servers. There required changes suggested in the audit report, if any, also need to be carried out by the developing agency of the owner department to remove all the identified vulnerabilities.
The departmental nodal officers were also told that the Security Audit is also required to be done as and when any changes are made in the source code. It should also be ensured that all websites/applications, their respective CMS (Content Management System), 3rd party plug-ins, codes etc., are updated to the latest versions.
It was emphasized during the session that all websites and applications are to be monitored on daily basis by the owner departments for ruling out any security compromise.
