VSS Leads Information Security
The Vietnam Social Security (VSS), the Ministry of Finance (MoF), the State Bank of Vietnam (SBV) and the Office of Government secured the highest network information security rankings in the country. The information security rankings of State agencies in 2018 were launched by the Authority of Information Security (AIS) under the Ministry of Information and Communications at the Vietnam Security Summit 2019.
Minister Nguyen Manh Hung said that the Ministry of Information and Communications released the information security rankings of State agencies in 2018 for the first time. Cybersecurity and information security is essential because it serves as a benchmark for the world to make decisions, including investment decisions in Vietnam, he added. We also need to have our own separate assessment to embrace deeper knowledge of cybersecurity in Vietnam.
AIS rated cyber information security in 90 State agencies. However, none secured Grade A - the highest level of network security; only 15 agencies were assigned Grade B; 63 were given Grade C; and 12 were rated Grade D. None was assigned Grade E - the lowest level in the rankings.
Grade B central agencies reportedly have considerable resources for information technology and cybersecurity, including the Vietnam Social Security (VSS), the Ministry of Finance (MoF), the State Bank of Vietnam (SBV) and the Office of Government. 19 ministerial agencies were ranked Grade C. Grade D was assigned to four central bodies, including the Ministry of Industry and Trade, the Ministry of Science and Technology, the Ministry of Home Affairs, and the Committee for Ethnic Minority Affairs. Locally, 11 provinces and cities were ranked Grade B (without Hanoi and Ho Chi Minh City), 44 were given Grade C and eight were assigned Grade D.
From information security rankings, AIS said that all high-ranked agencies have specialized information security units. Only a half of agencies (49.4%) have information security units. Only 9.2% of agencies have information security monitoring systems and 25.3% were reportedly suffered from cyberattacks. This led to the situation that they remained unaware of attacks. More than 50% do not have professional information security monitoring and protecting bodies. Besides, only 35.7% had standard incident response procedures, resulting in confusion in handling emerging network security incidents. Even, up to 48.91% admitted lacking funds for information security; 29.93% lacked care from their leaders; and 51.92% did not have proper care about information security.
On information security budget, up to 56.2% of agencies did not spend money on information security. Only 6.1% spent 15% or more of total information technology spending for information security. 67.15% admitted that expenditure for information security met less than 20% of practical needs.
Regarding agency leadership, up to 30% of rated agencies said that their leaders did not pay attention to information security.
On information security recommendations, an AIS representative said the advice on this field is quite like fire prevention. To have information security, we must have ready guidance, ready response force, ready equipment and ready logistics.
Accordingly, agency leaders must be responsible for information security; assign/consolidate information security units; arrange at least 10% of information technology for information security; and use information security products/services from trusted providers. Each agency has at least one cybersecurity company at the service.
H.T
Vietnamese
