JAMMU, MARCH 01: The J&K e-Governance Agency (JaKeGA) Friday organized a two day training cum hand holding session on Security Audit of departmental websites for nodal officers of government departments.
The session aimed at providing assistance for onboarding of security audit agencies so that necessary security compliance of their applications and websites is ensured by the concerned departments. The session was attended by 43 officers and officials from 36 departments.
A team of officials including Saima Mir, Project Manager JaKeGA and Arun Panotra, Analyst IT, JaKeGA conducted the training and handholding session.As per Information Technology Act, it is mandatory to get the security audit of all the web applications and web services being carried out in order to be eligible for hosting in Data Centre.
The security audit reduces vulnerabilities and minimizes damage from cyber incidents and most importantly it aims at protecting government data hosted in SDC. Therefore, it is imperative that websites and applications are audited and updated with latest security certificates on periodic basis as per the guidelines issued by the Cert-In.
During the training session, the experts from JaKeGA explained to the departmental nodal officers the process for carrying out the security audit of the unaudited websites. The necessary GEM procurement process was also explained to the Nodal officers besides addressing the technical queries.
The officers from participating departments were told that the websites need to be audited by the CERT-IN empanelled agencies only. The clearance from security audit is necessary for a website for its hosting on J&K Data Centre servers.
The departmental nodal officers were also told that the Security Audit is also required to be done as and when any changes are made in the source code. It should also be ensured that all websites/applications, their respective CMS (Content Management System), 3rd party plug-ins, codes etc., are updated to the latest versions.
It was emphasized during the session that all websites and applications are to be monitored on daily basis by the owner departments for ruling out any security compromise.
