|
 Draft operational guidelines of digital india land records modernization programme (dilrmp) introduction
|
| səhifə | 13/92 | | tarix | 19.06.2023 | | ölçüsü | 3,17 Mb. | | #117879 |
| Final Draft Revised Guideline of DILRMP with manual13. CHOICE OF SOFTWARE AND STANDARDS
13.1 Based on the process and functionality requirements, user-friendly application software for capturing, editing and updating land records textual data, integration of textual data and maps, registration system workflow, integration of registration with mutation, and proper authentication mechanism using digital signature/public key infrastructure (PKI), etc. may be required by the States/UTs.
13.2 In order to have uniformity, standardization and integration, the software development and software maintenance support may be provided by the NIC, which may set up core development teams consisting of IT and GIS experts at the Central level, supported by State/UT-level teams for software customization, technical coordination and State/UT-wide support. While it will be open for the users to select the operating system for their client machines—Windows-based or Linux-based, but in so far as the server machines are concerned, open-source platforms that implement mandatory access control policies are preferred. A write-up on the choice of software and standards, prepared by the NIC, is given in Chapter-4 of the Technical Manual.
14. DATA SECURITY
14.1 Assuring security and effective performance
The Integrated Land Information Management System (ILIMS) gives rise to new concerns and new functions that need to be properly understood and addressed. These concerns relate to security of information system assets and data integrity. One important information system function, therefore, is asset safeguarding and data integrity. At the international level, two sets of standards have been codified by the International Organization for Standardization (ISO): one is the ISO/IEC 27001, also called the information security management system (ISMS) standard of 2005; the other is ISO/IEC 27002:2005, a codification of practices for information security management. The ISO/IEC 27001 (earlier called ISO/IEC BS-17799) lists the standards required from any management in implementing information system security function. This lays down standards for the management to perform four core functions: planning--determining the goals of information systems function and the means of achieving this goal; organizing--gathering, allocating and coordinating the resources needed to accomplish the goals; leading--motivating, guiding and communicating with personnel; and controlling--comparing actual performance with planned performance as a basis for taking any corrective action that may be needed. This also deals with management processes: plan-do-check-act (PDCA) model. The ISO 27002 lists the security controls (such as password controls). The two standards, together, imply that unless the management itself is serious about security and goes about doing it in a systematized way (ISO/IEC 27001), no amount of technical controls (ISO/IEC 27002) would suffice. Extracts from the report of the Committee of Revenue Secretaries on CLR, covering the Information Security Requirements and Authentication Mechanism are at Technical Manual Chapter-5 (Section-A).
Dostları ilə paylaş: |
|
|
