Peruvian Congress

After the adoption of the electronic vote by the Peruvian Congress, this issue is giving much to talk about, but I see opinions from various sectors which in my personal opinion do not see the topic complete but only partial and sometimes uninformed. To start I think that it should clarify that it is not only a technical issue, electronic voting is not only connectivity and computer equipment, but it is actually a process is the heart that has not been touched that it is speaking of the electoral process itself. As all process must be analyzed and treated as such, including its sub processes and infrastructure and support the same tools. THE issue of security is key, however it is a process should be treated as such and for this an excellent tool is ISO/IEC 27001: 2005. On the subject of security has been said of hackers, modification of information, manipulation of results, audit software, etc. It should however be seen from the point of view of integrity, availability and confidentiality of information relating to the electoral process. Beginning by defining management system and everything which involves (qualified analysis of risks, liabilities, assets, personal identification, incident management, auditing, etc) and to provide the necessary confidence, based on policy and management system to implement annex to the standard controls, so for example: the theme of associated personnel (Board members, auditors, evaluators, ombudsmen, etc.) should be based Annex A.8 controls security of human resources where the topic is touched and its controls. The issue of where will be located modules and minimum in the processing center as well as the voting locations safety main are touched by the physical and environmental security A.9 the subject of access by A.11 Access Control the issue of software by the A12 acquisition, development and maintenance of information but must also take into account the A.13 on incident managementA14 on business continuity, etc on end must be in base to the scope of management system of information security which is pointed, associated annex to the standard controls should be evaluated and that would be enough to guarantee and to reassure Peruvians that the election process this properly care.

Tags:

Comments are closed.