The Ministry of Information and Communications' guidelines were followed by the Department of Informatics and Financial Statistics in sending an Official Dispatch to Ministry units on July 15, 2024, asking them to distribute and implement information system security solutions.
In order to assist units in responding to various network information security issues, including malicious code attacks, information system security solutions are being deployed. ransomware encryption. Encourage the monitoring of network information security to immediately identify anomalies in the system and promptly resume system functions following issues. Solutions include:
A data backup strategy based on the 3-2-1 concept should be used for periodic "offline" data backups. Keeping a minimum of three data copies, storing them on two distinct storage media, and keeping one "offline" backup copy are all necessary. To stop progressive attacks on the storage system, backup data needs to be totally segregated and unconnected to the network.
Secondly, implement strategies to ensure prompt restoration of information system operations in the event of issues. These may include creating a network information security incident response strategy, planning rescue and debugging exercises, data recovery, and communication crisis response; Return information system operations to normal in a day or as needed by the business.
The third step is to implement solutions, particularly centralized information security monitoring systems, to quickly identify anomalous system indicators and stop and identify assaults.
To reduce the risk of escalating cyberattacks and protecting critical network areas, the fourth step is to segregate and regulate access between network areas, have solutions to stop intrusion, and prevent escalating attacks from both internal and external users. Convert and upgrade outdated applications, protocols, and connections that are no longer receiving technical support.
Using two-layer authentication to prevent and lessen damage in the event that an attacker gains access to an administrator account is the fifth step in strengthening the monitoring and administration of critical accounts and system administrator accounts.
The sixth step is to examine, correct, and avoid fundamental mistakes that result in information system vulnerability. These mistakes include those related to administration, operation, and guaranteeing the information system's network safety and security. and mistakes pertaining to accounts and passwords for information system access.
A review of the application of six strategies to improve information system security was arranged by the Department of Financial Informatics and Statistics in accordance with guidelines.
Thúy Nga