Madhya Pradesh Agency for Promotion Of Information Technology

Security Audit Services

A CERT-In Empanelled organisation of Government of Madhya Pradesh under Department of Science & Technology

Security Audit Services

MAP_IT is empanelled as an IT Security Audit Organization with CERT-In (Indian Computer Emergency Response Team). It is the first organization in Madhya Pradesh and 3rd Government body in the country to have the CERT-In Empanelment.

Indian Computer Emergency Response Team (CERT-In) is the Government organization under Ministry of Electronics and Information Technology and is the national nodal agency for responding to computer security incidents as and when they occur.


Why Security Testing

Web applications and Web sites have been favorite targets of hackers because they have access to valuable information and they are relatively easy to exploit. A successful attack can result in a variety of devastating consequences including financial loss, damage to brand reputation, and loss of customer trust. Because web applications must be available 24/7 and offer data access to customers, employees, suppliers and others, they are frequently the weak link in organization security. When hackers gain access to web applications, they often have direct access to confidential back-end data on customers and the company. For this reason, testing web application security is a high priority for the organization today.

Thus the prime objective of security testing is to find out how vulnerable a system may be and to determine whether its data and resources are protected from potential intruders. With advancement of digitization in State and all most all important services being offered via online means it becomes necessary to protect applications from threats ,Security testing is performed with the intention of revealing flaws in security mechanisms and finding the vulnerabilities or weaknesses of software applications.

Objectives

  • To keep a watch on the security preparedness of Govt IT systems.
  • To act as a nodal agency for security audit & cyber security related issues for Govt. of MP departments.
  • To conduct security audit of IT systems and to establish and manage relationship with CERT-IN for co-ordination and response during cyber threats.
  • Being a govt. back body MP-CERT will act to mitigate the time lag on conducting the security audit of systems of govt. of MP depts. and other organizations.

Security Audit Process

  • Security Audit Request is Submitted Online/Offline by Auditee organisation or Department.
  • Application Assessment by COE security audit team/Management and the Organizations is informed about the Security Audit Request Status.
  • The Auditee Dept. or organisation reverts back with Security Audit Details & signed NDA.
  • MAP_IT shares the Audit Plan with relevant stakeholders in audit and auditee organizations.
  • Security Assessment is conducted by COE, MAPIT for Level 1 Testing Report.
  • Concern Department is communicated for Level 1 bug fixation and identification.
  • Steps 7 & 8 are repeated for Level 2 & Level 3 Testing until 100% vulnerabilities are fixed.
  • On Completion of Security Audit Process ,Security Certificate and Final Report is issued.
  • Security Certificate is valid for One Year OR any Change in the Source Code whichever is earlier from the date of issues. In case of expiry of the certificate whole process shall be initiated again.