Ensuring information system security at defined levels is a key measure to protect the systems, especially those in state agencies.
In order to promote compliance with the laws, the Ministry of Information and Communications (MIC) advised the Prime Minister to promulgate Directive 09 dated February 23, 2024.
In the directive, the Prime Minister requested ministries, branches and localities, as well as state owned enterprises and commercial banks, to ensure that 100 percent of information systems under design, construction, upgrading or expansion must have their security levels approved before operating, and that all information security measures must follow the security levels approved.
Agencies, organizations and enterprises are required to update the list of information systems under their management to be sure that 100 percent of information systems from level 1 to level 5 in operation have met information system security levels no later than September 2024, and have information security assurance plans according to approved levels no later than December 2024.
The Authority of Information Security (AIS) reported that as of June 2024, there were 7,200 information systems at state agencies and organizations, including 1,500 systems at ministries and branches, and 5,700 local systems.
The update of the list of information systems nationwide found that of the 7,200 systems, 3,309 systems are at Security Level 1 (46 percent), 2,914 systems at Level 2 (40 percent), 955 Level 3 (13 percent) 23 Level 4 (0.3 percent) and 5 Level 5 (0.1 percent).
Meanwhile, over 5,500 information systems had their proposed security levels approved (76.5 percent), up 11.5 percent over 2023. Of these, 4,068 systems applied sufficient security level assurance measures, which accounted for 56.5 percent, up 26.5 percent.
Nearly 1,700 information systems nationwide still have not received approval for proposed security levels, or 23.4 percent, and 3.138 systems had not applied all security measures at the approved security levels.
MIC pointed out that agencies and organizations will have to speed up security measures to satisfy the requirements before the deadline set by the Prime Minister.
AIS has released a manual guiding information system security at different levels to better support agencies and organizations.
In July, AIS released a document that guides information system security at systems under the management of ministries and provinces.
Van Anh