NADRA already enforces information security standards and policies and employs information security-certified specialists, it said, but the new information security department will centralize all efforts. NADRA chairman Tariq Malik will head the effort up.
The primary approach to infosecurity will involve proactive means of protecting citizen data stored in the National Data Warehouse “to ensure that confidentiality, integrity and availability of data lie at the heart of the systems, policies and procedures that govern the transmission of data,” NADRA said. To that end, NADRA is monitoring for trends and behavior that may be suspicious, and has deployed new technology tools to safeguard citizens against identity theft and to protect documents against alteration and forgery.
The information security department also will perform periodic penetration testing, data center security audits, network security audits and physical security assessments. Each and every transaction in ID card processing is recorded, logged and can be traced.
When it comes to internal security, NADRA announced that it has achieved CMMI Maturity Level III from the US-based Carnegie Mellon Software Engineering Institute (SEI) , after appraisals as to project management, technology, development and quality management.
An ISO 27001-certified directorate, the NADRA network department has adopted a wide range of security procedures, including physical security, firewall, intrusion detection and prevention systems, Syslog Servers, anti-virus and anti-spam tools, and network protocol analyzer.
NADRA also recently announced that it had registered 92 million citizens with their biometrics.