Government ministries, departments, and other public sector organizations will be required to comply with mandatory timelines for reporting cybersecurity incidents under the proposed Pakistan Information Security Framework (PISF).

The framework introduces mandatory reporting requirements for verified cyber incidents, establishes standardized incident management procedures, and defines responsibilities for organizations responsible for protecting government information systems.

According to the proposed framework, organizations designated as Critical Information Infrastructure (CII) must immediately report verified cybersecurity incidents to their respective sectoral regulators, Computer Emergency Response Teams (CERTs), and the national CERT after an incident has been verified.

A detailed incident report must then be submitted within 72 hours.

Organizations that are not classified as Critical Information Infrastructure must report all verified cybersecurity incidents to the relevant sectoral regulator or CERT within 120 hours.

The framework also requires every organization to develop a comprehensive cybersecurity incident management policy covering preparedness, detection, response, mitigation, reporting, recovery, remediation, and lessons learned.

Organizations must classify cybersecurity incidents based on their severity and impact, establish clearly defined response roles and responsibilities, and manage incidents through an approved response framework that assigns ownership and accountability throughout the incident lifecycle.

To improve preparedness, organizations will be required to maintain incident readiness through adequate resources, trained personnel and regular mock exercises.

According to the framework, these drills should identify weaknesses in response procedures, improve operational readiness, strengthen management oversight, and enhance organizations’ ability to respond effectively to cybersecurity incidents.

The framework also recommends assessing the need for Security Operations Centres (SOC), Security Information and Event Management (SIEM) platforms, and other security monitoring solutions.

In addition, organizations will be required to document lessons learned after every cybersecurity incident and implement corrective measures within defined timelines to prevent similar incidents from recurring.

The proposed framework also links incident response with business continuity and disaster recovery planning by requiring organizations to establish recovery objectives, conduct annual continuity exercises, and maintain documented procedures for communication, recovery, and restoration during cyber emergencies.

Get the latest tech news, telecom insights, and product launches wherever you prefer.

Add ProPakistani to Preferred Sources and see more of our stories in Google Search and Top Stories.

Shares