Shortcomings in Ehsaas Programme’s digital system: BISP board to invite ‘ethical hackers’

31 Dec, 2020

ISLAMABAD: Benazir Income Support Programme (BISP) Board on Wednesday decided to hold a ‘hackers’ competition’ and invite ‘ethical hackers’ to identify shortcomings in Ehsaas Programme’s digital security system.

The decision was taken at a joint meeting of Risk Assurance and Management, and Audit Committees of BISP Board chaired by Special Assistant to the Prime Minister on Social Protection and Poverty Alleviation Dr Sania Nishtar, the Board’s Chairperson.

“We will be organising a hackers’ competition inviting ethical hackers to outline our vulnerabilities,” she said at the meeting.

Since Ehsaas operations are largely digitalised, it is critical to ensure that IT (information technology) safety measures are in place, she added.

Nishtar told the meeting that more than 100 steps were taken to secure Ehsaas IT system over the last two years.

Ehsaas will be the first public sector entity to implement a Vulnerability Disclosure Policy (VDP) that is intended to give ethical hackers clear guidelines for submitting potentially unknown and harmful security vulnerabilities, she said.

The director general IT gave presentation on the progress underway to set up Cyber Control Wing at Ehsaas Programme. He said extensive consultations had taken place which led to the definition of the scope of work of the cyber control wing and terms of reference of individuals who are to be hired.

An expression of interest in this regard has already been floated to solicit applications, he said. Risk Committee reviewed internal and external audits, Ehsaas Risk Registry, Error Fraud and Corruption Framework, implementation of security safeguards within the organization and setting up of the Cyber Control Wing.

Progress on Ehsaas Governance and Integrity Policy and Observatory, and its 23 indicators also came under review at the meeting.

The next meeting of the Risk Committee will be held in the fourth week of January 2021.

BISP Board directed the Internal Audit Division and Finance Division to present quarterly reports at the Board meetings.

Copyright Business Recorder, 2020

Read Comments