In association with heise online

27 June 2008, 10:56

Cabinet Office publishes review of data security

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

In the aftermath of several high profile information leaks, the UK Cabinet Office has published its own review of government data handling procedures. Unlike the independent reports just released, it does not discuss existing failings, but is entirely forward-looking. It makes specific recommendations including changes to the way personal data is security classified, using such data at source instead of making transfers or copies, using secure electronic transfer where necessary and ensuring portable media are encrypted if used. New controls are also proposed for secure disposal of both paper and electronic data, and increased use of independent penetration testing and systems accreditation are recommended. At least in some departments, annual security training is mandated.

Most of these are rather obvious basic security measures that should have been in place long ago. But how effective this review will prove in putting them into operation remains to be seen. Investigation of recent breaches suggests that policies existed in many cases, but were not rigorously followed. The report does discuss the need for stronger accountability, but that is unlikely to be accomplished within the four month time scale proposed by the Cabinet Office.

A major weakness of the report is its exclusive emphasis on personal data, although not explicitly within the terms of the Data Protection Act. But the real problem is much wider – it was after all the Cabinet Office that recently allowed top secret intelligence documents to be left on a train.

See also

(mba)

Print Version | Send by email | Permalink: http://h-online.com/-736315
 


  • July's Community Calendar





The H Open

The H Security

The H Developer

The H Internet Toolkit