Page 293 - Atouts Economiques Cameroun-2019-GB
P. 293

                two (72) Web malware infection cases have been detected on the public administrations’ websites.
Moreover, in order to prevent cyber-attacks, the CIRT regularly issues alerts and security bulletins that document the latest vulnerabilities inherent in certain software, as well as recommendations to correct them. These newsletters are intended especially for the administrations IT managers. To date, NAICT has issued more than 60 safety bul- letins to public administrations.
To return on the assistance granted the users and companies, the regulation provides that in the event of cyber incidents, users must notify the NAICT, which will then be in charge of assisting them in the treatment of the said incidents.NAICT has already processed more than 500 requests for assistance from users, public and private structures.
THE PRACTICE OF SECURITY AUDITS
Security audit is a methodical and careful scrutiny of organized resources for the processing, dissemina- tion and storage of information, in order to assess the reliability of the controls deployed to secure the information assets of the Structure being audited.
The activity aims at contributing to the prevention of cybercriminal acts, to the improvement in the governance of the audited Structures’ Information System and, finally, to the Cameroonian cybers- pace security.
To date, about 127 audit missions have been carried out to eighty-three (83) Structures, of which thirty-five (35) Ministerial Departments, nineteen (19) Credit Institutions, nineteen (19) Administrative Public Establishments, ten (10) Internet Service Providers.
As part of the post-audit follow-up, an assessment of the implementation of the recommendations made by NAICT was carried out to thirty-four (34) ministerial departments between 2014 and 2017. The assessment is done systematically when NAICT undertakes work in any Structure that has been audited at least once.
This activity is increasingly striking a responsive chord in the audited Structures, for they realize that the implementation of recommendations by NAICT allows them to better protect their information system.
THE USE OF A TRUSTED THIRD
PARTY IN ELECTRONIC TRANSACTIONS
As part of its electronic certification mission, NAICT was equipped with a Public Key Infrastructure (PKI) as the Root Certification Authority and Government Certification Authority.
An accredited Certification Authority is a trusted third party that issues digital certificates and allows the use of means to verify the validity of the certifi- cates it has provided by its users. For this purpose, it uses a Public Key Infrastructure. A Public Key Infrastructure is a set of physical components, human procedures, and software to manage the lifespan of digital certificates, that is their issuance, suspension, reactivation, revocation, or renewal.
A Public Key Infrastructure provides security ser- vices such as strong authentication, confidentiality, integrity and non-repudiation. These services are offered in particular through a digital certificate. At the present time, several applications have already been secured by the PKI Centre, including the “Payonline GUCE” of the One-Stop Shop for Foreign Trade Operations (GUCE), “Cameroon Online e-Procurement System (COLEPS)”, of the Ministry of Public Procurement (MINMAP) n
 NAITC’s technicians preparing for an audit mission
LES ATOUTS ECONOMIQUES DU CAMEROUN
293
 

















































































   291   292   293   294   295