Information Security Audit

Subject: Science and tech

Context :

Department of Telecommunications (DoT) is all set to direct telecom companies to undertake an “information security audit” of their networks and submit the report by October end

Concept :

• An information security audit is a step-by-step assessment of the complete network infrastructure which checks for the equipment installed and the latest upgrades done in order to prevent any data leakages.
• The auditors also check the data storage and security policies of the company and check whether all sections of the company adhere to the norms set by the company itself.
• Apart from that, some auditing agencies also launch a controlled bug into the network of the company to check for ‘Backdoor and Trapdoor’ vulnerabilities, and see what all systems are being impacted.
• DoT is likely to suggest to the companies that the external audit should be done only by an agency empanelled with Cert-IN

Backdoor and Trapdoor

• A ‘backdoor’ or a ‘trap door’ is a bug installed in the telecom hardware which allows companies to listen in or collect data being shared on the network.

Computer Emergency Response Team – India (CERT-IN)

• It is an organisation of the Ministry of Electronics and Information Technology with the objective of securing Indian cyberspace.
• It is the nodal agency which deals with cyber security threats like hacking and phishing.
• It collects analyses and disseminates information on cyber incidents, and also issues alert on cybersecurity incidents.
• CERT-IN provides Incident Prevention and Response Services as well as Security Quality Management Services.