Are MoD as bad as the rest of government?
Ian Batten
ukcrypto at chiark.greenend.org.uk
Mon, 21 Jan 2008 20:10:47 +0000
h=
ttp://www.mod.uk/DefenceInternet/DefenceNews/DefencePolicyAndBusiness/Brow=
neAnnouncesReviewOnModInformationSecurity.htm
I've always assumed that even if government are busy cocking things up =20=
in the civilian areas, the MoD would at least Have Some Clue. It =20
would appear that they can't organise keeping data safe either.
> The Defence Secretary then set out the further actions he had set in =20=
> train:
>
> =95 He had asked Sir Edmund Burton to conduct an independent =
review =20
> of the circumstances which led to the systemic failures.
> =95 He had appointed, with immediate effect, a senior dedicated =
Data =20
> Protection Officer, to ensuring MOD practices and procedures are at =20=
> the highest possible standard.
So, as of now, the MoD doesn't have a data protection or information =20
security head. Who approves security systems?
> =95 He had made the MOD's head of security the sole authority =
for =20
> granting security accreditation for IT systems, so that in future =20
> any issues or doubts about the efficacy of security measures are =20
> raised to the highest level in MOD Head Office
So how was it done prior to today? Ad hoc?
> =95 He had directed the MOD to continue to engage in the Cabinet =
=20
> Office-led review of data security, following the earlier loss of =20
> personal data by HM Revenue and Customs.
Why weren't they involved before?
> =95 He had initiated an internal review by MOD IT security =
experts of =20
> all IT systems in use throughout MOD and the Forces to make sure =20
> that there no other systems are at risk.
Don't they do regular management reviews of their ISMS?
ian