DICT requires government agencies with citizen-facing applications to attend cybersecurity training
As announced by the Department of Information and Communications Technology (DICT), cybersecurity training is required for government organisations with citizen-facing applications to maximise the protection on government applications and databases.
12 sessions of cybersecurity training started on 19 May 2018 to maximise the protection on government applications and databases. The DICT will run the security training sessions until 18 August 2018. These sessions will be held at the audio-Visual Room of the DICT Building in Diliman, Quezon City from 9 am to 1 pm.
Participation is required in the training programme for government organisations with citizen-facing applications to protect and secure their systems before they are allowed to integrate with GOV.PH or the National Government Portal (NGP).
GOV.PH is the planned single portal for the whole of government. It is envisioned as a one-stop gateway uniting all web-based government content to maximise efficiency and provide rapid, high quality service to citizens. This effectively allows for reduction of costs as opposed to maintaining multiple systems.
This means access to a reliable government online services and information. This also lessens the need for the citizens to physically go to government offices or visit different government agency websites to perform typical transactions.
Each of the training sessions is expected to be least three hours in duration. There will be a lecture period, a workshop session, and a question-and-answer portion. Network engineers, programmers and database administrators of government agencies are the required participants.
Some of the lecture topics lined up for the training are Security Overview and Critical Security Controls, Web Application Security, Common Application Vulnerabilities, Secure Coding Best Practices, Network Mapping, and Wireless Security.
Cybersecurity consultants Raymond Nunez and Ian Christopher Tisang will be the speakers in the duration of the training.
The activity is an initiative of the NGP project, under the supervision of DICT Undersecretary for Developmental and Innovations Engr. Denis F. Villorente, which aims to improve cybersecurity within the country.
A recent cybersecurity forum classified the Philippines as “D” in a scale of A to E, with “A” as the highest in terms of cybersecurity maturity.
Several definitions of the five levels of Cybersecurity Maturity can be found. For a better understanding of each, a brief explanation is given.
(1) Level 1: Initial – Information Security processes are ad hoc and disorganised. Processes may also be considered unstructured. Success is likely to depend on individual efforts and is not considered to be repeatable or scalable. This is because processes would not be sufficiently defined and documented to allow them to be replicated.
(2) Level 2: Repeatable – Information Security efforts follow a regular pattern. Processes are at a repeatable level where basic project management techniques are established and successes can be repeated. This is due to processes being established, defined, and documented.
(3) Level 3: Defined – Information security efforts have greater attention to documentation, standardisation, and maintenance support. Processes are documented and communicated.
(4) Level 4: Managed – Processes are monitored and measured. At this level, an organisation monitors and controls its own Information Security processes through data collection and analysis.
Level 5: Optimised - This is an optimising level where Information Security processes are constantly being improved through monitoring feedback from existing processes and introducing new processes to better serve the organisation’s particular needs. At this level, best practises are followed and automated.