15 Jan 2009
Nearly three-quarters of the Ministry Of Defence's (MoD's )IT systems examined as part of a Whitehall data handling review do not meet the required security standards.
In June, the Cabinet Office released new guidelines for government departments after a series of embarrassing public sector data losses.
Since then government departments have been testing their systems against the standards. So far the MoD has tested 58 per cent of its IT systems against the standards.
"Of these, 27 per cent of systems are classed as fully accredited and are being operated in a manner within the MoD's senior information risk owner's risk appetite," said defence minister Bob Ainsworth in the answer to a parliamentary question.
Another 31 per cent of systems tested are currently classed as having conditional or interim accreditation, with constraints placed on the operation of the system to ensure that risks are adequately managed.
This article is particularily apt with the US preparing for the inauguration of Barack Obama as President on January 20th, where more than 3,300 staff in and around the White House will see their existing employment contracts come to an end.
With a new generation of staff joining the ranks, being rehired and redeployed, the process creates a massive IT and data security project. For the central legislature and the various government departments the task ahead is to ensure that access to IT systems and sensitive data is withdrawn from outgoing staff and enabled for incoming staff.
The staff changes in Washington DC mirror the staff upheaval that could take place here following the next British election, with MPs losing and gaining seats while civil servants, advisors and contractors face redeployment and replacement by a new government.
As illustrated by data losses at HM Revenue and Customs and the Ministry of Defence, authorised IT users cause more damage than hackers, making employees and contractors with legitimate access to applications and databases by far the most serious threat to information security.
According to a 2008 report by the US Secret Service and Carnegie Mellon University titled Insider Threat Study: Illicit Cyber Activity in the Government Sector, more than 85 percent of incidents were committed by staff with authorised access to IT systems, and 69 percent of the time access control gaps helped the insider abuse the system.
Organisations need to prioritise access assurance to protect their data from internal vulnerabilities just as much as, if not more than, they focus on hacking or other external threats. Government in particular has a responsibility to its constituents to deploy technology that tracks the changes to employee access and helps ensure the security of sensitive data.
Posted by: Stuart Hodkinson, general manager UK for Courion 19 Jan 2009
Have your say on this article
Newsletters
Latest stories from Security Technology
Latest videos
You may also like
Security Technology jobs
Technology Patent Wars
Case studies from large organisations across all sectors
... And rich media, and flexible working, and peaks in traffic ...
Upcoming Events
Join us for this Computing web seminar, in which the Head of BI at the Co-operative Group Nick Colebourn will be explaining just how he reigned in the Group’s sprawling database estate and how significant savings were realised and data quality improved as a result.
Date: 31 May 2012
Time: 11:00 AM
Live June 13th 11:00am: Register now. During this web seminar we will be looking at the sorts of incidents that can bring data centres grinding to a halt and what can be done about them.
Date: 13 Jun 2012
Time: 11:00 am
Receive the latest jobs direct to your inbox
Are you being paid what you are worth?
