Delhi govt to conduct cyber security audit of IT system

The Delhi government will conduct a cyber security audit of its Information Technology (IT) system for the detection of vulnerabilities to prevent any breach of security and data theft, officials said on Thursday.

The government has geared up for hiring a CERT-in (Indian Computer Emergency Response Team) empanelled agency for the three-year project, they said.

The officials said the hypertext transfer protocols (https) have become the easiest path for cyber attackers to intrude on a network, with growth in vulnerabilities in applications.

The in-house and outsourced applications often put speedy development and convenience over security, which results in vulnerabilities such as authentication bypass, SQL (programming language) injection and cross-site scripting among others, they said.

The IT Department of the Delhi government has invited bids from eligible vendors for a project to detail an audit report which will be prepared to outline all the discovered vulnerabilities categories as critical, high, medium and low severity.

The entire security audit report for any website or application will be 10 working days from the date the request is formally communicated by the department. The selected agency will also submit a comprehensive report after the vulnerabilities are addressed, said the document.

It will also issue a ‘safe to host’ certificate after all identified vulnerabilities are resolved and validated according to the security audit requirements.

The security audit report will also provide detailed effectiveness of the security controls that exist in departments, local bodies and corporations under the Delhi government.

Also Read: Maharashtra’s bond with Nutan Marathi School: A legacy of cultural pride

The report will also offer remedial advice for the identified vulnerabilities along with a detailed explanation followed by resolution of the issues.

It will be also expected of the vendor that a follow-up test is carried out to ensure that all the vulnerabilities originally found are fixed, added the document.

(With inputs from PTI)