Page 29 - SDR_V15_No1 2022_V5
P. 29

Cyber Security



               the Directive. It is also the HoD’s responsibility to en-
               sure that information is classified using the Uniform
               Sensitivity  Classification  Scheme.  Ms  Makhasi  said
               the departmental Information Communication and
               Technology (ICT) steering committee should also
               function as an information security forum.

               Protection against malicious and mobile code
               The Directive further orders the HoD to ensure that;

                      •   All information devices connected to the
                          government network have up-to-date
                          antivirus and integrity-checking soft-
                          ware installed;
                      •   Employees do not knowingly distribute
                          viruses or bypass any detection sys-
                          tems in place;
                      •   Employees exercise caution when open-
                          ing any email if the source of the email is
                          unknown to the user.
                      •   Employees receiving or download-
                          ing data media from any public source
                          are  responsible  for  ensuring that  it  is
                          checked for viruses before use. Simi-
                          larly, individuals intending to pass on
                          data media within government or to ex-
                          ternal parties must ensure that it is first
                          scanned for viruses.
                      •   Employees are prevented from disabling
                          or changing the configuration of the an-
                          tivirus software installed on their person-
                          al computers.
                      •   Suspected malicious code attacks are
                          reported immediately on identification
                          by following the internal security inci-
                          dent management procedure.

               Back-UPS
               Ms Makhasi said HoDs must ensure that backups are
               performed frequently based on the data’s sensitivity;
               regardless of classification, the availability of all data
               is maintained through periodic backups and recovery
               mechanisms. She further said that the HoD must en-
               sure that departmental backups are covered in any
               service provider’s existing contract/arrangement and
               that  the  backups  containing  sensitive  data  are  en-
               crypted.

               Media handling
               “The HoD must ensure that government information
               is  always  stored/saved  on  departmental  network
               servers, that removable computer media is protect-
               ed against unauthorized access and that any loss or
               theft of removable computer media must be treated
               as a security breach and must be reported immedi-
               ately,” the DG said.

               By Nthambeleni Gabara




               SERVICE DELIVERY REVIEW | Volume 15 • No. 1 of 2022                                     29
   24   25   26   27   28   29   30   31   32   33   34