
The state of information technology systems has taken on special importance in institutions, especially after the cyber attack last year.
The alarm for increasing security but also guaranteeing the storage of data after an event has been raised continuously, asking for improvements where it is deemed necessary.
This time an audit of the High State Control focused on information technology at the Institute of Social Security finds that there is a need for intervention in several aspects to increase security.
Thus, referring to the audit, KLSH estimates that for the period January 2021-December 2022, some deficiencies are noted.
First, according to KLSH, it is established that investments in information systems have not solved the problems of information security, as well as ensuring business continuity.
" The development of services and infrastructure has not been based on best practices. The hardware, the software programs that interact to make the systems operate, are out of date (end of life) and not supported by the manufacturer. From the audit of the main systems, based on the performance of actions with indicators such as: response time, processing time, use of system resources, user comments, it results that the systems respond late to user requests. In our judgment, the identification and administration of critical elements in the provision of services and the guarantee of data security, as well as the continuity in the provision of the service through Information Technology, is insufficient", says the KLSH report .
Another element that is brought to attention is the fact that ISSH has not yet passed the responsible ICT structures to ANA, as well as handing over the existing ICT Systems and Infrastructure under the administration and inventory of ANA, together with the legal rights and obligations. civil according to the stipulations and deadlines established in VKM No. 673, dated 22.11.2017, "On the reorganization of the National Agency of the Information Society", as amended.
In relation to these findings, KLSH has recommended that measures be taken to improve what may be weak points in the current state of the system. Likewise, in cooperation with ANKSI, based on the importance of providing service after a disaster, take the necessary steps to build a Business Continuity center.
The Directorate of Information Resources took measures for performing and periodically testing the system data backup by documenting the process.
"The Institute of Social Insurance, in cooperation with the ANA, take measures to update and standardize the IT infrastructure, as well as monitor systems that are no longer updated for any possible indicators of security breaches or system failures", it is stated in report. /Monitor
Lini një Përgjigje