1. The Department of Justice and Constitutional Development (DoJ&CD) has implemented a wide range of security measures within its information processing environment, intended to prevent any unauthorized access to and/or use of sensitive information and ensure that the confidentiality, integrity and availability of personal information remain protected. These security measures are categorized into two (2) groups as follows:
a) Managerial controls, including a set of approved, published and implemented information security policies, standards, procedures and guidelines. Awareness of the existing information security policies and cybersecurity risks within our information processing environment is proactively and regularly being promoted amongst DoJ&CD’s users to ensure positive security behaviors and adherence to prescribed rules.
b) Technical Controls – In addition to the native security features provided by our systems and platforms, we have deployed a set of automated security tools and processes to improve our defensive capabilities and safeguard our ICT infrastructure and systems. These technical tools enable us to effectively restrict and control access to our ICT systems, applications and services, manage vulnerabilities, proactively monitor, protect and respond to security threats and incidents. We have also deployed disaster recovery capabilities to ensure continued availability of business-critical information in case of any adverse event impacting DoJ&CD’s services. Technologies that are currently implemented include:
a) In addition to the already implemented security tools, the Department has, post the ransomware, enabled the following additional security measures:
(i) Zero Trust Network Tool – The Zero Trust Network Access Tool will help the Department to provide secure remote user access to applications and services based on defined access control policies, the tool defaults to deny, providing only the access to services the users has been explicitly granted. With this Zero Trust Network Tool, access is established after the user has been authenticated to the tool first. The tool then provisions access to the application on the user’s behalf through a secure, encrypted tunnel. This provides an added layer of protection for the Department’s applications and services by shielding otherwise publicly visible Internet Protocol (IP) addresses. With this solution, users will only see applications that they have access to. This tool is to replace the current VPN tools which grant complete access to all applications.
(ii) The Department also implemented a tiered administrative model on the active directory and that will help the Department to better secure its ICT environments. The model defines three (3) tiers that create buffer zones to separate administration of high-risk PCs and valuable assets like domain controllers.
(iii) We have also reviewed and/or enhanced our security policies on all our security appliances to safeguard against future security attacks.
b) Going forward, the following technologies are to be implemented to further enhance the security of the ICT environment:
(i) Cyber Security Operations Centre (CSOC) will be implemented in the 2022/23 financial year.
CSOC is a centralize function within an organization employing people, processes and technology to continuously monitor and improve an organization’s security posture while preventing, detecting, analyzing and responding to cybersecurity incidents. CSOC will act like the hub or central command post, taking in telemetry from across the Department’s IT infrastructure, including its networks, devices, appliances, and information stores wherever those assets reside. The proliferation of an advanced threat places a premium on collecting content from diverse sources. Essentially, the CSOC will be the correlation point for event logged within the Department. This will be implemented by way of a hybrid model using existing tools aggregated on the one platform.
(ii) External Penetration Testing.
Discussions and planning had already commenced with some of the industry partners in terms of providing a comprehensive external penetration testing, with the aim of identifying any gaps in our security environment. This process is expected to be finalized by the middle of the year, and be completed annually going forward.
2. Where the Master of the High Court and the High Court share the same building, each operates independently as the Master’s Office falls within the ambit of the DoJ&CD and runs on the DoJ&CD Virtual Private Network (VPN), whereas the High Court falls under the ambit of the Office of the Chief Justice (OCJ) and runs on the OCJ VPN.