BREAKING NEWS

"The attack on Berisha was premeditated", the journalist reveals the details and shows the hard evidence

"The attack on Berisha was premeditated", the journalist reveals the
x
BREAKING NEWS

Will he take the post of deputy mayor of the Municipality of Tirana? This is how Alimehmeti answers

Will he take the post of deputy mayor of the Municipality of Tirana? This is how
x
BREAKING NEWS

"Attack on Berisha was organized", Kelliçi divulges strong details: the perpetrator was an infiltrator, this is what the purpose was

"Attack on Berisha was organized", Kelliçi divulges strong
x
BREAKING NEWS

They announced the departure of Yuri Kim, Jozefina Topalli breaks down the statement of the Ministry of Foreign Affairs and discloses the behind-the-scenes: This is why the American ambassador is leaving

They announced the departure of Yuri Kim, Jozefina Topalli breaks down the
x
BREAKING NEWS

Unsaid details, Klodiana Lala reveals what was found on Gerti Shehu's phone: The event is not accidental

Unsaid details, Klodiana Lala reveals what was found on Gerti Shehu's
x
BREAKING NEWS

"Planned", Artan Hoxha sheds light on the behind-the-scenes of Berisha's attack: It is strange that Gerti Shehu...

"Planned", Artan Hoxha sheds light on the behind-the-scenes of
x
BREAKING NEWS

"Shameful!"/ The departure of American ambassador Yuri Kim, Salianji reveals what Edi Rama is trying to do

"Shameful!"/ The departure of American ambassador Yuri Kim, Salianji
x
BREAKING NEWS

"From tomorrow in these cities will..."/ OSHEE comes out with the important announcement for the citizens

"From tomorrow in these cities will..."/ OSHEE comes out with the
x

Ekonomia

KLSH raises the alarm, criticizes the National Agency of the Information Society and makes it responsible for cyber attacks

KLSH raises the alarm, criticizes the National Agency of the Information Society

Recently, Albania is facing continuous cyber attacks where sensitive data of Albanian citizens and officials have been leaked. The biggest attack was the one in July of this year, which called into question not only the way the National Agency of the Information Society managed the process of digitization of public services, but also the effectiveness of the costly investments that were made for this purpose. The report of the Federal Bureau of Investigation (FBI) on the investigation of the cyber attack against the Albanian state, came to the conclusion that the attack started 14 months ago. According to the report, the attackers have exploited the weaknesses of the system connected to the ANA and infiltrated the technological infrastructure of the Albanian state. And this raises the question of whether the leadership of AKSHI by Mirlinda Karcanaj has been efficient and whether the process of digitization of public services has been given due importance for the very nature it represents. The High State Control has analyzed the way the process of centralization of public services from government institutions to ANA has been done, highlighting a number of flaws in the role of ANA in this regard. The performance audit of ANA started in 2017, when it was decided that some public services, together with the IT staff and assets of some institutions, were transferred to ANA. Practically, the entire Information Technology network that was decentralized was decided to be centralized by passing into a single hand, to ANA. Legally, AKSHI is responsible for the administration of IT software systems and hardware infrastructure for institutions that are under the responsibility of the Council of Ministers, including for their cyber security. But if you read the report, you come to the conclusion that this process of such great importance has been treated without giving it due importance.

Conclusions of the performance audit by KLSH

The findings are disturbing and raise many questions about the security in which the process was carried out in the period 2017-2020. What has resulted from the audit is that the process of centralizing the structure of ANA has been effective in terms of increasing the number of services, but partially effective in terms of the concentration of human resources and assets. "The process of centralizing the technology infrastructure of Information of AKSHI has resulted in economy, but the results could and should have been higher. Despite all the efforts made, AKSHI has not taken sufficient regulatory and organizational measures for change management. In our judgment, the lack of identification and administration of critical elements in accordance with the provisions of VM no. 673 has made the process of centralization of the structures and infrastructures of the institutions and bodies of the state administration under the responsibility of the Council of Ministers not to be well planned. This process has also influenced the non-maximization of the interaction and cooperation of information systems in relation to the automation and interaction of data" is written in the HSC report.

Problematikat shqetësuese

Një problematikë tjetër shqetësuese për rolin e AKSHI-t është ajo që lidhet me mënyrën sesi ky institucion u jepte zgjidhje incidenteve kibernetike. “Ofruesi i shërbimit (AKSHI) duhet të zotërojë një bazë të dhënash të gabimeve të njohura dhe historikun e incidenteve të mëparshme. Me anë të procedurës së administrimit të problemeve ofruesi i shërbimit (AKSHI) duhet të kryejë analizën e prirjes së informacionit për të identifikuar rrënjët e incidenteve dhe mundësitë për të parandaluar ndodhjen e tyre. Ofruesi i shërbimit (AKSHI) duhet të jetë i disponueshëm për të ofruar shërbim në institucionin përfitues të këtij shërbimi që janë institucionet përfituese. Për plotësimin e këtyre kërkesave thelbësore grupi i auditimit nuk administrojë asnjë dokument që të vërtetonte që këto pika ishin trajtuar. Drejtoritë apo sektorët e TIK të AKSHI-t të atashuar pranë institucioneve i menaxhojnë risqet mbi bazë ngjarjesh. Suporti, mbështetje teknike dhe logjike për operacionet IT kryhen nëpërmjet shkëmbimeve verbale dhe nuk dokumentohen“, shkruhet në raportin e audituesve të KLSH-së. Më tej, në raport, grupi i auditimit e ka konsideruar procesin e qendërzimit të strukturave dhe infrastrukturave TIK në AKSH si një proces dinamik i cili krahas avantazheve paraqet risk të mbartur për sigurinë e informacionit.“AKSHI duke konsideruar procesin e qendërzimit të strukturave dhe Minfrastrukturave TIK në përputhje me VRM 673 datë 22.11.2017 si një proces dinamik të vlerësojë riskun e mbartur që sjell përqëndrimi i këtyre aseteve e burime njerëzore në sigurinë e informacionit dhe marrë masa për minimizimin e tij” përfundonte raporti i KLSH-së. Raporti vlerëson pozitivisht parimin e procesit të qëndërzimit të shërbimeve por vë seriozisht në pikëpyetje seriozitetin me të cilin AKSHI e ka trajtuar këtë proces.

Most read