Financial Crime World

Here is the converted article in Markdown format:

Audit Reveals Bhutan’s Cybersecurity Efforts in Need of Improvement

============================================================

Kuensabling, Bhutan - A recent performance audit by the Royal Audit Authority (RAA) has highlighted concerns over the Kingdom of Bhutan’s preparedness for cybersecurity. The audit, conducted from April 2016 to December 2022, examined the country’s efforts to ensure a safe, secure, and resilient cyberspace.

Audit Objectives and Scope

The audit objectives were:

  • To determine the appropriateness of the cybersecurity program/system in the country
  • To identify critical information infrastructure systems
  • To examine whether security measures are implemented

The audit scope covered six thrust areas:

Thrust Areas

2. Institutional Framework

3. Cybersecurity Governance

4. Capacity Building and Awareness

5. Risk Assessment of Identified Critical Sectors

6. Incident Handling Mechanism

Audit Findings

The RAA applied a system-oriented approach to review current legislation, regulatory frameworks, cybersecurity governance, identification of critical infrastructure, compliance with relevant laws, and the capacity to ensure cybersecurity. The audit found that while some progress has been made, there are still significant gaps in the country’s cybersecurity preparedness.

Concerns Identified

  • Lack of comprehensive legal framework for cybersecurity
  • Inadequate institutional arrangements
  • Insufficient capacity building and awareness among stakeholders
  • Critical infrastructure systems have not been adequately identified and security measures are not being implemented effectively

Recommendations

The RAA recommends that the government takes immediate action to address these issues, including:

Immediate Actions Required

  • Developing a comprehensive legal framework for cybersecurity
  • Strengthening institutional arrangements
  • Increasing capacity building and awareness among stakeholders
  • Establishing an effective incident handling mechanism to respond to cyber threats

Conclusion

The audit findings highlight the urgent need for Bhutan to strengthen its cybersecurity preparedness to protect against growing cyber threats. The government must take immediate action to address these issues to ensure a safe, secure, and resilient cyberspace in the Kingdom.