Recently, a number of information systems of agencies, organizations and enterprises in Vietnam have been attacked, causing disruptions in operations and material damage to the image of agencies, organizations and enterprises, as well as activities to ensure national cyberspace security.
In order to enhance network information security for information systems, the Department of Information Security, Ministry of Information and Communications has issued an official dispatch requesting specialized information security units of agencies, organizations and enterprises to review and deploy network information security for information systems under their management, prioritizing monitoring and early warning solutions. Before April 15, 2024, units must complete the inspection and assessment of information security for information systems under their management. In case of detecting risks, vulnerabilities and weaknesses, units must immediately deploy remedial measures, especially for information systems that store and process personal information and personal data.
Implementing related tasks according to Directive No. 09/CT-TTg dated February 23, 2024 of the Prime Minister on compliance with legal regulations to strengthen information system security assurance by level, units shall review and organize the implementation of information security assurance by level to ensure that 100% of information systems in operation must be approved for information system security level by September 2024 at the latest. Fully deploy information security assurance plan according to the approved level proposal file by December 2024 at the latest.
Units organize effective, substantial, regular and continuous implementation of information security assurance work according to the 4-layer model to enhance the capacity of the professional monitoring and protection layer; maintain continuous and stable connections and share information with the National Cyber Security Monitoring Center under the Department of Information Security, Ministry of Information and Communications; prioritize the use of network information security products, solutions and services produced or mastered by Vietnamese enterprises.
To enhance network information security for information systems, units need to develop incident response plans for information systems under their management, implement periodic backup plans for systems and important data to promptly restore when data encryption attacks occur and report incidents to the Information Security Department as prescribed; participate in the national network information security incident response network as prescribed in Article 7 of Decision No. 05/2017/QD-TTg dated March 16, 2017 of the Prime Minister.
At the same time, units review and deploy related tasks according to Directive No. 18/CT-TTg dated October 13, 2022 of the Prime Minister on promoting the implementation of activities to respond to network information security incidents in Vietnam; periodically conduct threat hunting to promptly detect signs of system intrusion. For systems that have detected serious security vulnerabilities, after fixing the vulnerability, it is necessary to immediately conduct threat hunting to determine the possibility of previous intrusion.
According to the warning of the Department of Information Security and related agencies and organizations, units should check and update information security patches for important systems; regularly and continuously use the Information Security Platforms developed and provided by the Department of Information Security to support agencies, organizations and businesses such as: the National Cyber Security Incident Coordination Platform (IRLab) to receive guidance, early warnings and support for early handling of risks and incidents; the Digital Investigation Support Platform (DFLab) in appropriate cases to organize incident response and receive support from state agencies and leading experts in information security.
According to VNA
Source
Comment (0)