Perform regular vulnerability assessment and penetration testing

• Preventive maintenance: government institutions should plan and perform IT infrastructure vulnerability assessment and penetration testing at least once a year.
• Incidence response: government institutions should be prepared to mitigate or to respond as quickly as possible to a cyber-incident, which can hit the organization. A proper disaster recovery plan should also be put in place to insure business continuity while recovering from such an incident.