Tens of thousands of Nepalese use the electronic system to acquire information related to them and an equal number of others rely on electronic transactions to get several things done. But only a few people are sensitive about how secure their passwords and user names are. This seemingly simple reason opens up enormous risks where one can misuse the password of another.
The process of identifying an individual in the virtual networks is usually based on the user’s name and password. In the electronic security system, authentication is distinct from authorization, which is the process of giving individuals access to system objects based on their identity. Authentication merely ensures that the individual is who he or she claims to be but says nothing about the access rights of the individual.
Realizing the importance of security in day to day use of computer networks in the government and banking sectors, the Office of the Controller of Certification at the Ministry of Science and Technology
coordinated with the Computer Association Nepal to organize a program, the Best Practice Workshop for Information Security, recently to celebrate the national ICT Day.
Participated in by senior officials from various government ministries, officials from private banks and members of the Computer Association Nepal, the program aimed to generate awareness about information security.
During the workshop, Sudeep Kumar Das, technician consultant, RSA, presented Information Security Threats and Challenges in the current Scenario and Rajan Pant, the controller of certification presented a
paper on Password Best Practice and Information Security Authentication.
In his paper, Pant offered various examples on how to follow secure password practices. “A secure password practice is a set of rules designed to enhance computer security by encouraging users to employ strong passwords and use them properly. A secure password practice is often part of organization’s official regulations and may be taught as part of security awareness training,” said Rajan Pant.
Pant highlighted the importance of passwords in computer and information security, expressing the view that passwords are the main protection for user accounts. Pant argued that all employees, who have access to organizational information systems, must adhere to the password practices to protect the security of the network, data integrity and computer systems.
At the workshop chaired by chief secretary Madhav Prasad Ghimire, expert Sudeep Kumar Das said that there are challenges as well as opportunities in the information technology sector. “Electronic transaction helps to enhance efficiency but there is also a lot of threat,” said Das. “Whatever the threat involved in it, one cannot ignore the need of ICT use and development.”
In Nepal, the banking sector is widely using electronic transactions and even the government offices have started going digital. Private hospitals are also using the information technology. The Inland Revenue Department of Nepal Government has already introduced ICT in doing its businesses.
“While making transactions, information security is a must,” said Das. Participating officials raised questions about the utility and other aspects of the information security systems in Nepal.
At a time when the awareness about information technology is lacking,the Ministry of Science and Technology has been making efforts to increase the level of awareness by organizing various programs. “In the context of globalization, one cannot remain isolated from the development of IT sector but there is the need to take a cautious approach. The Ministry has been working to promote IT sector in line with government’s IT policy to extend the information technology for the benefits of the poor and rural population,” said Dr. Ram Hari Aryal, secretary of the Ministry of Science and Technology.
“As Nepal is still at the initial stage of ICT development, we still need a lot of time to make the use of IT more secure as well as efficient to carry out development projects. Nepal government is ready to support promotion of the information technology,” said chief secretary Madhav Prasad Ghimire.
In the context of growing use of IT and concern over its security, the Electronic Transactions Act, 2063 (2008) is a major step. The act says that it is expedient to make legal provisions for authentication and regularization of the recognition, validity, integrity and reliability of generation, production, processing, storage, communication and transmission system of electronic records by making the transactions to be carried out by means of electronic data exchange or by any other means of electronic communications, reliable and secure; and, whereas, for controlling the acts of unauthorized use of electronic records or of making alteration in such records through illegal manner.
As a line ministry, the Ministry of Science and Technology has a greater role to play to provide necessary environment to use information technology for broader use of Nepalese living in various parts of the country, including rural and remote parts of Nepal.