For many years, Tunisia has placed the fight against computer insecurity among its main national priorities and is now one of the central pillars of the knowledge economy building.
As part of this approach, public authorities implemented a sustained national policy that allowed achieving encouraging results in this field.
Progress made that helped include Tunisia among the leading nations in this field has been achieved thanks to a political will regularly reaffirmed and developed, to the multiplication of efficient training actions training, to strengthening the legislative and regulatory framework and especially to the real impact of outreach campaigns conducted regularly by the various stakeholders in the sector of computer security, especially since the creation of National agency for computer security(NASC).
Belhassen Zouari, NASC Director General highlights the role of the agency and reviews the main risks the Tunisian market is facing. Interview:
What is the role of NASC?
NASC is the executive agency tasked with implementing the national security strategy in Tunisia. Founded in 2004, it aims to promote the protection mechanisms and develop audit programs to confer the required efficiency to training and refresher training computer security.
The aim is to address the vulnerabilities and cyber attacks inherent in the use of ICTs in economic and social activities.
When achieving these tasks, ANSI has focused efforts on ensuring the security of computer systems and networks by strengthening the level of security of Tunisian computer systems and improving the quality of online services to help reduce the number of attacks and limit fallouts.
NASC also focuses on detecting cyber attacks that threaten the components of the national cyberspace by developing the SAHER (ALERT) plan and lodging a network in major domestic companies, in addition to monitoring the implementation of programs relating to computer security in the public sector and coordination between the different actors in the cyberspace.
NASC’s efforts also aim to carry out audit operations and provide technical support in order to consolidate security by means of relevant studies, plans, specifications, technical guides, etc…
What other duties and assignments performed by NASC?
Are also scheduled the use of e-mail, conducting technical audits of sensitive websites, the follow-up of mandatory and periodic operations within governmental and public institutions.
Regarding the issues of alertness, training, further training and education, ANSI has contributed to consolidating training, developing national solutions to computer security and raising awareness among the different stakeholders involved in the risk of ICT usage.
For instance, the Agency informs users of various risks and serious viral attacks, provides specialized technical guides, brochures and popularizes information about security tools. ANSI has conducted awareness campaigns nationwide to spread knowledge of its activities, the rules governing security data and legislation concerning the obligation of relevant audit missions.
Among other tasks achieved by the Agency in association with stakeholders (scientific research institutions, private sector) are the development and promotion of national solutions in the field of computer security, according to national priorities and programs set by the Agency in this field. The aim consists in creating synergy between researchers and operators in the private sector to establish a frame of reference in the field of Information Systems Security (ISS).
What type of communication strategy NASC is developing now?
NASC has not really a well-structured communication strategy. It is rather a variety of actions aiming at raising awareness over perils related to using computer targeting the general public up to 75% and professionals (engineers, bankers, accountants, lawyers, journalists,) by 25%.
In fact, the NASC program is to inform young people, who are the main target of the general public and represent roughly 45% of the total.
Ilham & Nadia