ROLE OF ICT AUTHORITY WITH RESPECT TO INFOMATION SECURITY

With the enactment of the ICT Act 2001, the Electronic Transactions Act, the Computer Misuse and Cybercrime Act and Data Protection Act, the legal framework for the deployment of the IT- related regulatory functions has been adequately set.

It is within this framework, that ICT Authority’s position with respect to Information Security is defined. ICT Authority’s role within this context is to enforce Information Security through its related functions defined in the ICT Act 2001 under section 18 (1) which are as follows:

• Regulate protection and security of data;

• Take steps to regulate or curtail the harmful and illegal content on the Internet and other information and communication services;

• Ensure the safety and quality of every information and communication services including telecommunication service and, for that purpose, determine technical standards for telecommunication network, the connection of customer equipment to telecommunication networks;

• Authorise or regulate the registration, administration and management of domain names for Mauritius;

• Act as Controller of Certification Authorities

As an ICT regulatory body and not only a telecommunications regulatory body, we need to take into account issues of consolidation of regulation across sectors that are converging, such as telecommunications and IT. There is, therefore, a very real need to bring regulation up-to-date in light of the convergence of information and communications technologies. Convergence raises new issues that require regulation, such as legislation governing computer security and encryption for e-commerce, data protection, copyright laws and intellectual property rights issues.

This, in turn, implies the implementation of appropriate projects by the ICT Authority, which are compliant with the ICT Act 2001. These projects are geared mainly towards the setting up and running of an enabling infrastructure for ICT service providers to operate in a secure and reliable environment.

OVERVIEW OF THE ELECTRONIC TRANSACTION ACT 2000 OF MAURITIUS

• Objective of the Act is to establish the legal infrastructure necessary to implement secure e-commerce and e-governance services and to promote public confidence in the integrity and reliability of electronic records and electronic commerce.
  
  
• The Act defines terms “asymmetric crypto system”, “certificate”, “certification Authority”, “digital signature”, “electronic record” “information” “key pair”, “repository”, etc.
  
  
• The Act gives legal recognition to digital signatures. Like written signatures, digital signatures can be used to establish the identity of the person who "signed" the document. A digital signature is also used to guarantee that the "signed" electronic document has not been altered or tampered with.
  
  
• The Act also describes cyber offences and the corresponding punishment.

INFORMATION SECURITY BASICS

• Information security means safeguarding the confidentiality, integrity and accessibility of information by implementation of suitable administrative and technical measures to achieve the set targets.
  
  
• Confidentiality means that information is accessible only to persons, processes or devices.
  
  
• Integrity means that the information is free from error, alteration or corruption.
  
  
• Availability means that the information and its processing mechanisms are always available to those who have the right of access.