Security Certification a must for all Government Websites:
Sh. Sachin Pilot, the Minister of State for Communications and Information Technology held a meeting with officers of the Department of Information Technology, the Ministry of Home Affairs, Indian Computer Emergency Response Team (CERT-In), National Informatics Centre, CBI, and others in the wake of attack on the CBI website. The meeting was held to review the measures needed to enhance the security of the websites in particular and cyber space in general. The Minister observed that there has been a quantum jump in the number of Indian Websites from 1.7 lakh websites in 2005 to about 1 crore websites now. This has necessitated that the Ministries, Departments and the Public Sector Enterprises at both Central and State Government levels pay close attention to cyber security guidelines.
The Crisis Management Plan Prescribed by Indian Computer Emergency Response (CERT-In) is a comprehensive set of instructions to prevent and deal with attacks on websites. Towards this end, it has been decided that all websites of the Ministries and the Departments should be audited with respect to quality and security prior to the hosting.
With respect to design and security of the websites, Shri pilot said that the Guidelines issued by National Informatics Centre (NIC) and Web Security Guidelines should be complied with by all Ministries and Departments. CERT-In has empanelled more than 50 IT Security Auditors for auditing IT infrastructure of the organizations. The Ministries and Departments have also been instructed to audit their websites on regular basis, and whenever there are any major changes in the website applications. NIC has been instructed to host websites only after the user Department produces security certification of their websites and compliance to the guidelines periodically.
There is also a needed for upgrading and periodic updating of Government website to keep it in par with new technology.
SSL (secure sockets layer) is a communications protocol which is now the global standard for security
SSL creates an encrypted link between a web server and a web browser to ensure that all data transmitted remains private and secure. The Secure Sockets Layer protects data transferred over http using encryption enabled by a server’s SSL Certificate
It is also suggested to make secure server access with class 3C server Digital certificate for secured access to crucial data which will be make date base foolproof and free from hacking.
