Mumbai Customs Department is carrying out an audit of its website to assess the security risks facing an organization and the controls of counter-measures adopted by the organisation to mitigate those risks. Last year, one of the websites of Customs was hacked by an Indonesia based hacking group.
Online tender invited
According to the sources, the Commissioner of Customs, Export, Mumbai Customs Zone-l, New Customs House (NCH) has invited online tender in two bid system (technical and financial) through e-submission of competitive bids from the reputed and experienced company/firms/contractors/enterprises for carrying out Security Audit of official website of Mumbai Custom Zone - I (https://mumbaicustomszone1.gov.in).
The security audit
"A security Audit is a specified process designed to assess the security risks facing an organization and the controls of countermeasures adopted by the organization to mitigate those risks. As a part of any audit, the auditors will interview key personnel, conduct vulnerability assessments and penetration testing, catalog existing security policies and controls and examine IT assets," said a source.
He added, "IT security auditing would include a combination of vulnerability assessment, application security assessment, password cracking, log review, incident response and forensic auditing, integrity checks and virus detection. The auditor's responsibilities need to articulate, not just the audit tasks, but also the documentation of their activities, reporting their actions etc. and providing necessary guidance to the developer as and when requested during the audit phase."
"Security Audit Report from the security auditor should clearly state that these web-pages, including the backend database and scripts, if any, are free from any vulnerability and malicious code, which could be exploited to compromise and gain. Once the tender is provided to the auditing company, the Security audit work must be completed within 15 days from date of award of contract which includes issuance of Security Audit Certificate," said another official.
