MPSC data could have been saved
MPSC data could have been saved
By Vikas Vaidya
The server of Maharashtra Public Service Commission (MPSC) has been crashed because of virus and the data got deleted and the lacuna came to the fore. Even if the data got deleted, as per Information Technology (IT) policy, organisation should maintain a backup of the data. It should be in real time format, not in a offline mode. It is very important for MPSC to find out how the virus got injected in the system. Whether they did not have a firewall installed or good anti-virus or Intrusion Detection system with them? Was the firewall and antivirus configured or was it in default mode? These are the questions remained unanswered.
Dr Harold D’Costa, State Cyber Crime Expert said, “If anybody injects a virus in the system then according to IT act 2008, the compensation upto one crore rupees has to be given to the victim. So MPSC should find it out through the log sheet whether the virus was injected through internet or was it injected locally. MPSC should also find it out that before uploading the webpages the system should be free of all viruses.”
Any organisation whether it is government or private, should have the proper IT policty in place according to the guidelines given by (Computer Emergency Response Team) CERT. This is a government institution coming under Ministry of IT, New Delhi.
If such type of a problem would have happened with the private bank then according to IT Act 2008, the bank could have been liable to compensate the victim upto 5 crore rupees.
Why this law is for corporates and not for the government organisations, is the million dollar question. The data which was deleted from the MPSC server was very sensitive and confidential information and therefore the data should have been preserved to a backup media, pointed Dr D’Costa.
Dr D’Costa said, “Recently, the IT Secretary of Maharashtra Rajesh Agrawal who is the Adjudicating Officer for cyber crime gave a judgement in which he told Punjab National Bank to compensate 45 lakhs to the victim who was a account holder in the bank for not having proper security practices followed by the bank. In such similar instances ICICI bank was also fined 2 lakh rupees for not having proper security policy and security practices in place. Even Idea Cellular was fined 25000 rupees for not following the proper IT policty guidelines. There should be provision in the IT act where Government organisations also should be brought under the IT Act scanner and penalty should be levied to them.”
Probable ways through which MPSC can overcome this problem. Dr D’Costa has suggested some tips.
1. MPSC should host the webpages and the data on a dedicated server and not on shared server.
2/ MPSC should ensure the password they have given, should be digitally encrypted and stored in the server.
3. There should be a digital security certificate for the login pages whenever the data is entered.
4. They should upload the data on the server only from a dedicated machine which has latest and updated firewalls from antivirus.
5. They should maintain a logsheet of all the activities carried out from the system.
6. MPSC should immediately have a Business Continuity planning where the data should be backed on-line.
7. MPSC should ensure to have a proper incident-repsonse team to ensure that any calamities do happen then they should get the system back immediately without any wastage of time.
8. Being a Government organisation, MPSC should have a proper ID and cyber security policy in place to avoid such types of disasters.
9. MPSC should have a trained dedicated manpower to maintain the website.
10 The webpages developed by MPSC should not be through open framework available freely on the internet.
Comments
Post a Comment