IT systems and website: SECP hires third-party security audit firm

ISLAMABAD: The Securities and Exchange Commission of Pakistan (SECP) has hired a reputable third-party security audit firm to conduct an independent Vulnerability and Penetration Testing (VAPT) of its website.

It is reliably leant that the SECP has taken a number of measures to improve security system of its IT systems and website.

According to the details, the SECP’s quality assurance team has executed the initial vulnerability scan immediately after the said incident.

During the scan period, the access to company name search at SECP’s website restricted through secure tunnel for white-listed entities only.

The SECP has immediately revised the API secret keys used for data exchange with other government entities.

The SECP has also appointed a full time dedicated Chief Information Security Officer (CISO) on August 24, 2022. The recruitment process for hiring of CISO was already at final stage. The position was vacant following the resignation of earlier CISO.

The Chief Information Security Officer is in the process of carrying out an internal assessment.

The SECP has immediately approached the Pakistan Telecommunication Authority (PTA) for blocking the website companieshouse.pk, which has displayed the data/ information of companies, supposedly copied from the SECP’s website. The access to the said website has been blocked already.

Moreover, the Enterprise Information Security Policy and supporting policies and procedures are in place.

At the same time, the ISMS certification and surveillance audits are conducted at regular intervals. The IT audit is conducted at regular intervals.

Copyright Business Recorder, 2022