Hello,
I read the paper about "Cyber security: Threats, Vulnerabilities and
Countermeasures - A Perspective on the State of Affairs in Mauritius"
which was presented at the Proceedings of the Second International
Conference on Data Mining, Internet Computing, and Big Data, 2015
(ISBN: 978-1-941968-13-0). I have some comments about the paper.
The title of the paper mentions the "state of affairs in
Mauritius". The only reference to security-related information about
Mauritius is "K. Usmani, '"An Enhanced Framework For Incident
Handling," CERT-MU, Port Louis, 2014'. I am curious about whether
the authors have reviewed that document. There is a review at
http://www.elandsys.com/~sm/cert-mu-improved-framework-incident-review.html
Section 6 states that "The security system in Mauritius is quite
robust and redundant but there still some issues to be taken under
considerations". The paper states that "The ISMS under the Ministry
of Technology, Communication and Innovation (MTCI) is a set of
policies concerned with information security management or IT related
risks". Do the authors of the paper consider that those policies are
reliable given that the Government of Mauritius lost its domain name
(
http://www.elandsys.com/~sm/gov-mu-domain-name-for-sale.html )?
Section 6.2.2 states that "There are around 10 sites of the
Government that are presently implementing their ISMSs". Is there a
reference for that?
Section 6.4.4 states that "66 e-Services are online for the Citizen
of Mauritius to interact with the Government anytime, anywhere and in
real time". Is an online PDF form considered as an "e-service"? Are
there any statistics to show that citizens of Mauritius are able to
interact with the government "anytime, anywhere, and in real time"?
The Conclusion Section states that "To meet the security challenges
of tomorrow, we must enhance our capacity to identify, research, and
react to cyber-attacks today". My reading of the paper is that it
neither demonstrates that there is a security or threat to Mauritius
nor does it show that there are security challenges in Mauritius. It
is puzzling that the authors have reached such a conclusion. The
paper states that "the establishment of a National Cyber Security
Committee is considered crucial". If everything is rosy as the paper
suggests, why do the authors consider establishing such a committee as crucial?
Regards,
S. Moonesamy
Received on Sun Jul 12 2015 - 03:24:12 PST