In an attempt to ensure maximum security and efficiency, the federal government has called upon ethical hackers to identify security vulnerabilities present in its flagship program for poverty alleviation, Ehsaas Program.
As per details from the report by The News, Ehsaas will organize a hackers’ competition in which it will invite ethical hackers to participate and point out any vulnerabilities in its digital operations. This is being done as part of the implementation of the Vulnerability Disclosure Policy (VDP) that aims to provide clear guidelines to hackers for submitting potentially unknown and damaging security vulnerabilities.
The announcement was made by Special Assistant to Prime Minister on Poverty Alleviation and Social Safety Dr Sania Nishtar as she chaired the joint meeting of the Risk Assurance and Management and Audit Committees of BISP Board, where a number of agenda items were discussed.
“Since Ehsaas’ operations are largely digital, it is critical to ensure that IT safety measures are in place; more than 100 steps have been taken to secure the IT system in that regard over the last two years since she took over,” the SAPM stated.
The discussion of the Risk Committee mainly centered on internal and external audits, Ehsaas Risk Registry, Error Fraud and Corruption Framework, implementation of security safeguards within the organization and setting up of the Cyber Control Wing.
Other topics under observation were Ehsaas Governance and Integrity Policy and Observatory and how the organization was faring against 23 indicators of the policy and observatory to gauge the performance of BISP.
Dr. Sania gave directions to internal audit division to present quarterly reports to board meetings and instructed the finance division to submit quarterly reports on accrual accounting to the board meetings as well.
She also instructed the management to complete the departmental audit committees’ process in time. She also advised to make changes to the risk register and map the key actions emanating from the risk register into departmental workplans and to use the parameters for performance assessment.