Tamil Nadu plans security audit of government websites, apps
Aim is to identify outdated software and fight cyber threats to around 350 State-owned platforms
Representative image
CHENNAI: In a bid to safeguard the critical Information of the State departments against cyber-attacks, the Tamil Nadu government has proposed to conduct a security audit for 350 state-owned web applications this year.
A website security audit is a computer process of examining files, websites, cookies, plugins, third-party components, and servers to locate loopholes and cyber threats. Security audits include dynamic code analysis and system configuration analysis.
Recently, the Information Technology and Digital Services Department (IT-DS) has made the security audit mandatory for all departments and government agencies before hosting any website or web applications in the Tamil Nadu State Data Centre (TNSDC).
Accordingly, Tamil Nadu e-Governance Agency (TNeGA) under the IT-DS department has taken up the security auditing of Government websites, web applications, and mobile applications for safeguarding the confidential and vital information of the departments against cyber threats.
Stating that the Tamil Nadu government has sanctioned Rs 2.36 crore to carry out security audit for a total of 611 websites, web applications, and mobile apps of government departments, a senior official from the IT-DS department told DT Next that in April 2024, a Standard Operation Procedure (SOP) was developed and communicated to all Head of the Departments (HODs) concerning security audit.
“For the year 2024-25, the security audit for 350 web applications has been proposed for Rs 1.19 crore,” he said adding all the department’s portals and mobile applications will have security audit certificates in a phased manner.
The official said the security audit will also identify outdated software or poorly configured websites that are vulnerable even to virus threats.
“As the technology update is on the rise, the websites and apps are hacked within days or weeks soon after it was released”, he said adding the online audit will also evaluate whether computer programme code can be manipulated to do something irrelevant, which would crash the web applications.”
Pointing out that there would be an expiry date for each audit certificate, which will be issued to the departments, the official said accordingly the departments’ HODs should inform the official concerned in the IT-DS or TNeGA three months before the date of expiry of their security audit certificate, requesting them to initiate the re-security audit of their application.
