Ehsaas programme seeks help of ethical hackers
The Special Assistant to the Prime Minister on Social Protection and Poverty Alleviation Dr Sania Nishtar on Wednesday said ethical hackers would be invited to identify the digital security vulnerabilities in the programmes.
“We will organise a hackers’ competition inviting ethical hackers to outline our vulnerabilities,” said Nishtar while chairing a joint meeting of Benazir Income Support Program (BISP) board of Risk Assurance and Management and Audit Committees.
Ehsaas will be the first public sector entity to implement a Vulnerability Disclosure Policy (VDP) intended to give ethical hackers clear guidelines for submitting potentially unknown and harmful security vulnerabilities.
The premier aide noted Ehsaas' operations were digital based and it was critical to ensure that Information Technology safety measures were in place.
“More than 100 steps have been taken to secure the IT system in this regard over the last two years,” Nishtar apprised the committee members.
The discussion of the meeting centered on internal and external audits, Ehsaas risk registry, error fraud and corruption framework, implementation of security safeguards within the organisation and setting up of a cyber control wing.
Meanwhile, the under observation talks included Ehsaas Governance and Integrity Policy and Observatory and how the organisation was faring against 23 indicators of the policy and observatory to gauge the performance of BISP.
Nishtar directed the internal audit division and finance division to present and submit quarterly reports on accrual accounting to board meetings while instructing the management to complete the departmental audit committees' process on time.
During the course of meeting, the SAPM advised making changes in the risk register, map the key actions emanating from the register into departmental workplans and use the parameters for performance assessment.
The Director General IT presented the ongoing progress to set up Cyber Control Wing, briefing that extensive consultations had completed which led to the scope of work of the wing and the terms of reference of individuals who were to be hired. An expression of interest in this regard was floated to solicit applications, he added.
The next meeting of the Risk Committee will be held in the fourth week of January 2021.