Overview
Due to the growing technology and access to internet and social media, NCA offers national trusted points of contact for information security matters for both the government and citizens. The Authority also issues advisories on cybersecurity matters and coordinates cyber incident response in collaboration with relevant actors locally, regionally, and internationally.
It further provides capacity building in Information Security, creating and maintaining awareness on cybersecurity-related activities to the citizens of South Sudan, the government, and other stakeholders.
Through its CERT (Computer Emergency Response Team) — a stakeholder team composed of professionals from the law enforcement agencies, private sector, judiciary and the public — the Authority works to protect all internet users in the Republic of South Sudan. Additionally, the Authority tracks and addresses all internet crime accordingly in order to regulate internet violation.
With the help of Digital Forensics, the NCA provides digital evidence for cybercrime and this is done with complete adherence to human rights policies both locally and internationally. The code 202 is the Public Call Center for receiving cybercrime inquiries.
Information Security
The Information security sub-unit under the Technical Department is led by information security auditors, whose task is placed at the forefront to ensure all ICT provisions stipulated in the National Communication Act 2012, are timely and fulfilled.
Duties of the Information Security Auditors
- Audit the internal system to ascertain the security posture of the Authority, and share findings of audits with management for informed decision making.
- Contain and mitigate incidents that involve security breaches, for instance: data theft, unauthorised access to institution resources, and malware involvement.
- Perform professional analyses and scrutinise security policies to determine possible threats to the National Communication Authority.
- Register new organisation assets by assigning tag numbers, and confiscation and disposal of outdated assets—possible weak links to the security system.
- Plan, implement, monitor, and upgrade security measures for the protection of the Authority’s data, system, and networks.
- Perform regular audits, test applications, and evaluations from which informed recommendations, reviews can be made.