J&K e-Gov agency holds training on security audit of deptt websites, apps

Jammu, Mar 1: The J&K e-Governance Agency (JaKeGA) organised a two-day training-cum-handholding session on security audits of departmental websites for nodal officers of government departments.

An official spokesman in a statement issued here said that the session aimed at assisting with onboarding of security audit agencies so that necessary security compliance of their applications and websites is ensured by the concerned departments.

The session was attended by 43 officers and officials from 36 departments.

The session was organised under the supervision of Chief Executive Officer, JaKeGA, Anuradha Gupta while a team of officials including Saima Mir, Project Manager JaKeGA and Arun Panotra, Analyst IT, JaKeGA conducted the training and handholding session.

It was highlighted during the session that as per the Information Technology Act, it was mandatory to get the security audit of all the web applications and web services being carried out to be eligible for hosting in the data centre.

The security audit reduces vulnerabilities and minimizes damage from cyber incidents and most importantly it aims at protecting government data hosted in SDC.

Therefore, websites and applications must be audited and updated with the latest security certificates periodically as per the guidelines issued by the Cert-In.

During the training session, the experts from JaKeGA explained to the departmental nodal officers the process for carrying out the security audit of the unaudited websites.

The necessary GEM procurement process was also explained to the Nodal officers besides addressing the technical queries.

The officers from participating departments were told that the websites need to be audited by the CERT-IN empanelled agencies only. The clearance from security audit is necessary for a website for its hosting on J&K Data Centre servers. There required changes suggested in the audit report, if any, also need to be carried out by the developing agency of the owner department to remove all the identified vulnerabilities.

The departmental nodal officers were also told that the Security Audit is also required to be done as and when any changes are made in the source code.

It should also be ensured that all websites and applications, their respective CMS (Content Management System), third-party plug-ins, and codes are updated to the latest versions.

It was emphasised during the session that all websites and applications are to be monitored daily by the owner departments to rule out any security compromise.