Stress laid on restricted access, regular audits
Irfan Tramboo
Srinagar, Mar 29: Ahead of the Lok Sabha elections, the authorities have issued Standard Operating Procedures (SOPs) for the safety and protection of the database containing the details and information of employees designated for election duty.
The directions issued to the concerned Computerization, Cyber Security-IT wing focus on making the database secure, ensuring restricted access, putting in place robust encryption methods, and carrying out regular audits of the database. One such communication has been sent from the District Election Officer, Ganderbal.
With regard to the SOPs issued, it has been directed that the employees’ database and application-the election duty information system-should be hosted on centralized secured servers, and no direct access to the database should be allowed for unauthorized personnel.
As per the directives, the concerned have been asked to ensure that access to the server is granted through VPN to authorized personnel only, and daily backups of all databases should be taken by the System Admin.
“The backups taken should be kept at a secured location. In case the database is hosted on a Local Server at the District Level, access should be provided only to the system Admin.”
For local servers, it has been directed that backups should be taken on a daily basis and stored in a secured location other than the same server.
“Servers should have the latest OS patches installed and should be protected with licensed Antivirus Software. Access for Data entry operators should be restricted,” the SOPs stated.
Further, it has been directed that data entry operators should be provided with minimal privileges-addition and correction. “Master Data Entry should be conducted through the Admin account only.”
It has also been stated that the reports generated should not be shared with any unauthorized personnel. “Employee reports should not be shared via WhatsApp or social media.”
It added: “If there is a need to share reports for informational purposes regarding Employee Training, personal details such as Mobile Numbers, Addresses, and Account Numbers should be hidden or deleted for security purposes.”
The officials said that the database contains sensitive information about the employees and if mishandled or leaked, “could potentially be misused by anti-national elements, posing a significant risk to our employees and the integrity of the election process.”
Detailing the protection of the database, the authorities said that the safety measures include, but are not limited to, secure data storage, restricted access, robust encryption methods, and regular audits.
Also, the concerned have been directed to conduct training sessions for all individuals who will be handling the database, and that such sessions should emphasize the importance of data security, the potential risks of data leaks, and the best practices for handling sensitive information.
Furthermore, it has been recommended to implement a system to monitor and log all access to the database to deter unauthorized access, which, it has been noted, will help in tracing any potential leaks.