NDMC to audit applications, data centre network to assess security vulnerabilities
New Delhi: The NDMC has decided to audit all its applications and the network of its data centre to assess security vulnerabilities amid rising cyberattack incidents, officials said on Saturday.
The New Delhi Municipal Council (NDMC) will hire a cybersecurity consulting agency on a three-year term and has already floated a tender for it, an official said.
“We know hackers are becoming smarter day by day. In recent months, we have seen (such) incidents. Though we regularly ensure that our system remains robust, we are now expanding and the risk is always there. So we have decided to understand how strong our system is,” the official said.
The NDMC felt the need to hire a consulting firm as it aims to obtain ISO 27001:2013 certification from an accredited agency within
12 months.
“For the certification, we need to show that our system is robust,” the official said.
The consulting firm will file an initial report within six months of the work order on the audit it conducts, the official added.
“Then we will decide what corrective measures should be taken. The objectives of engaging the cybersecurity consulting agency are to deploy experienced consultants to carry out various preparatory activities related to the certification, perform technical risk assessment, including vulnerability assessment and penetration testing, to help the NDMC obtain the ISO 27001:2013 certification,” the official informed.
The consulting agency will also develop procedures for security incident logging and monitoring and develop procedures for security incident management, the official said.
It will also perform periodic risk assessments and update the policies and procedures.
The step comes amid rising cyberattack cases in the country. In November, hackers allegedly infiltrated All India Institute of Medical Sciences servers.
Union Minister of State for Electronics and IT Rajeev Chandrasekhar informed the Parliament in December that over 12.67 lakh cybersecurity incidents were reported to and tracked by the Indian Computer Emergency Response Team till November.
