You are here

  Security
Security

Security: for digital trust

Our work also relies on a good security policy to build digital trust among our users. Because the Administration can only use digital technology optimally if security aspects are guaranteed, we contribute to the development and implementation of security policies for State information systems. In addition, we have a team that is active in research and development (R&D).

Responsiveness, efficiency and rigor underpin our actions. Actions which are essentially based on a good quality policy to offer the best service to our users.

 

Cybersecurity

Digital has experienced a meteoric rise in recent years and is constantly evolving. It has established itself in all areas of activity with a positive impact beyond expectations. However, although technology offers several opportunities, it also presents constraints including risks related to cybersecurity.
Aware of the issues and risks linked to cybersecurity, ADIE has launched various actions, all in accordance with the national cybersecurity strategy (SNC2022) as well as the information systems security policy of the State of Senegal (PSSI- ES) defined in collaboration with the National Cryptology Commission.  
Our department in charge of information systems security coordinates a vast digital trust program, in collaboration with its national and international partners as well as other state structures.

 

The security services portfolio

- Digital identity (electronic certificate)
- Secure infrastructure
- Confidentiality of communications
- Data authentication
- Authentication of people
- SOC / CERT (Operational Response Team)
- Safety supervision and monitoring

 

Safety supervision and monitoring

ADIE supports structures in the study, diagnosis and supervision of all technical and organizational aspects contributing to the security and safety of their information system.
Emphasis is placed on the identification of threats, which is necessary data for the definition of an adequate security process. The different IT security solutions are also reviewed, in particular:

1. Telecommunications and systems security
2. Logical security
3. Application security
4. Operational safety
5. Physical security

 

Product and platform

- An ADIE/SN CSIRT to further secure the administrative intranet
In a context increasingly marked by an upsurge in cybercrime, it becomes necessary to have appropriate prevention and response strategies. This is the whole challenge of setting up the CSIRT ADIE/SN: computer security incident response team.
The ADIE CSIRT office operates on a well-defined perimeter: the administrative intranet.
The team must actively be involved in the management of cybersecurity, in appropriating the necessary knowledge in terms of proactive and reactive management of cybersecurity incidents, in the implementation of the necessary policies for its cybersecurity, or even the implementation in practice of working methods appropriate to a culture of cybersecurity within the administrative intranet.

The CSIRT ADIE/SN is of a mixed type. This is a central team made up of members of ADIE and a decentralized team from stakeholders. Periodic meetings are held for better coordination.

- Key Management Infrastructure (KMI)
In accordance with the regulatory and organizational mechanisms provided for by Law No. 2008-08 of January 25, 2008 on electronic transactions and Decree No. 2008-720 of June 30, 2008 relating to electronic certification, ADIE has a Key Management (IGC) to enable the issuance of electronic certificates to all users of the Senegalese Administration.

- The Senegal Information Systems Security Portal: A reference in cybersecurity
ADIE has set up an Information Systems Security portal (PSSIS), www.pssis.sec.gouv.sn, in order to provide users with all the information necessary to combat cybercrime.

The PSSIS provides users with recommendations and steps to follow to resolve any problems or blockages related to IT. All content published on this platform is studied and tested with the various stakeholders, namely the Administration and IT experts. This demonstrates the reliability of the solutions communicated through this portal.

The portal publishes general information on the state of computer insecurity, the latest news on viruses and digital vulnerabilities and easy-to-address current advice. It offers slightly more detailed technical explanations on how viruses work and how to get rid of them. This information is organized into three sections with three targets: the citizen, the company and the Administration.

The Information Systems Security portal is part of ADIE's awareness-raising approach which aims to equip users with the knowledge necessary to deal with cybercrime.

 

Service scope

1. Registration of users or IT equipment for obtaining certificates;
2. Generation of certificates: SSL server, personal (authentication, signature or encryption),
3. Renewal of certificates;
4. Revocation of certificates;
5. Publication of certificates;
6. Archiving, escrow and recovery of encryption keys.
7. Integration of signature into already developed applications
8. Secure server-based centralized signing services

 

Subscribe to our newsletter