The Knesset State Control Committee was set to deliberate on State Comptroller Yosef Shapira's report on the management of information security and the sustainability of Internet and computing infrastructure in government offices, according to a Knesset statement issued Sunday.
The report found that the management of "E-Government," which handles the Internet infrastructure in all government offices, did not adequately define the level of information security risks for several projects. In December 2010, about five years after their information security policies were published, an information security steering committee for E-Government was appointed, but it did not comply with outlined procedures.
Findings show that the steering committee has not met since its establishment in 2010. Some members have left, and were not replaced. Since the committee has not convened at all, it has not fulfilled its role as required by the procedures, including the consolidation and updating of information security policies, the formulation of operating strategies, the monitoring of annual work plans and the evaluation of damages caused by malfunctions or the formulation of recommendations to address these issues.
Shapira went on to criticize E-Government's information security director for failing to fulfill his duties, among which are determining the required security levels, defining processes for secure entries, outlining security levels for various components of computer and communication systems, granting user access under the policy procedures and reviews of conduct in the use of information.
Shapira added that, despite commitments to create a disaster recovery plan, and the fact that since 2008 there has been an alternate website with a frequently practiced disaster recovery plan, the requirements were not fulfilled as they should have been. In May 2012, the information security department published a draft of operating procedures titled "Checklist of Operations in the Event of Denial of Service Attack." Shapira found that the draft had not been approved by the information security director or by the E-Government steering committee.
The E-Government information security director also did not formulate a training program to increase employee awareness about information security. He was not kept informed of new employees, who were consequently not properly trained before receiving access privileges.
---
Quelle/Source: Israel Hayom, 21.10.2013
Bitte besuchen Sie/Please visit:
