The Auditor General of Pakistan (AGP) raised on Sunday concerns over data security at the Directorate General of Petroleum Concessions (DGPC), the authority responsible for issuing oil and gas exploration licences in Pakistan.
DGPC lacks proper data security policies: Report
According to the audit report, the organisation lacks proper data security policies to protect sensitive information. The report stated that there are no clear policies for data access, encryption or change management. The AGP said that the absence of adequate measures to protect sensitive information, raising concerns over increasing cyber security risks. An additional authentication system has also not been introduced.
Lack of automated monitoring limits DGPC to detect cyber attacks timely
The report said the lack of automated monitoring limits the organisation's ability to detect cyber attacks in time. It adds that the failure to encrypt technical data increases the risk of sensitive information reaching unauthorised persons.
Data encryption's absence can lead to data leaks
According to the audit report, the absence of data encryption could lead to data leaks and compromise the information system. Weak cyber security controls have also exposed the system to security risks. The report further notes that financial information in the management system has not been updated on time.
The audit identified serious shortcomings in the monitoring of companies' financial information and the maintenance of accurate records. It said that the organisation's software is unable to provide complete oversight of companies' projects. The report added that the lack of an effective transcription quality assurance system could affect technical records.
Moreover, the report stated that there is no effective monitoring of the submission of technical data, including 2D and 3D seismic survey information.
Audit report recommends introduction of multi-factor authentication
The AGP recommended the introduction of multi-factor authentication to reduce information security risks. The report also calls for immediate improvements to data protection, access controls and log monitoring systems, and says the DGPC needs stronger cyber security and governance measures.

.jpg&w=1920&q=75)






