Security firms will undertake an IT security examination on behalf of the Federal Tax Ombudsman (FTO) Dr Asif Mahmood Jah, as it was in the recommendations from the FTO catering to the Federal Board of Revenue’s Information Technology Wing (IT-Wing).
Following the FTO’s discovery of systemic vulnerabilities in the security of taxpayers’ private and classified data, they have asked the FBR to adopt security policies and infrastructure and implement international standards to secure the FBR website from further cyber assaults.
In a groundbreaking investigation, the FTO discovered that the FBR Web site was hacked and that the PRAL had not properly fulfilled its responsibilities.
The FTO Dr Asif Jah found that FBR/ PRAL does not use any software to manage its Network Security policies, and that FBR has filed a false/wrong statement regarding the system disrupted period, which is also contrary to the Finance Minister’s stance and using expired certificates, according to details in a public interest complaint filed by tax lawyer Waheed Shehzad Butt.
This analysis, according to an FTO directive, illustrates how FBR and PRAL officials failed to carry out their tasks because of a combination of negligence, inattention, tardiness, incompetence, and outright idiocy. There is a significant gap in the PRAL data centre’s security since it lacks an Instruction Prevention/Intrusion Detection system. Besides failing to meet a legitimate international standard, the PRAL data centre’s certification was set to expire in December of that year and thus no longer valid.
According to Waheed Shehzad Butt, a cyber assault on FBR/critical PRAL’s databases, websites, and data centres might impair the state’s ability to protect itself.
According to the FBR, the “PRAL has enhanced ‘ISMS’ rules and processes in place of the ISO 27001 framework. Because of the procurement process that has already begun, they are still awaiting security infrastructure.”
SIEM is part of the security infrastructure procurement process that has already begun. PRAL plans to install SIEM in its data centres after the procurement process is complete, resulting in improved security measures. For the next three years, the FBR (IT Wing) has hired a respected security firm to undertake a security assessment of its data centres. The FBR Data Centres will be ISO-27001 accredited when the audit is complete.
Works at The Truth International Magazine. My area of interest includes international relations, peace & conflict studies, qualitative & quantitative research in social sciences, and world politics. Reach@ [email protected]