As many government organizations now depend on the reliable functioning of digital systems, malicious actors can exploit these digital systems to cause harms such as theft of sensitive information, disruption of day to day operations, damage to the reputation of organizations which in turn can place nation’s security, economy, safety and wellbeing at a risk.
To help government organizations to secure their digital systems and infrastructure, Sri Lanka CERT has prepared “Minimum Information Security Standards” (MISS) that reflect the minimum level of protection necessary for an organization’s sensitive data and digital systems.
All organizations are encouraged to begin adopting these standards, and a self-assessment questionnaire to test the current information security readiness of an organization is available at the end of the document. The organizations are requested to undertake this assessment.
Download the MISS and the questionnaire here