Disaster recovery Toolkit

Story: Government at a loss over data security

Posted by: 1000008588 (Tuesday 22 January 2008, 1:37 PM)

CD's with data

there is no need for data between government departments to be transferred by CD. There is a network called the GSX which is a secure intergovernmental network for the secure transfer of information. Why is this not getting used?
The main problem is there does not seem to be any standards enforced in government. Rather than getting iso9000/9001 government goes for a meaningless charter mark certification. Also most don't have bs7666 if they had both of these in place and set up properly then these issues would not arise.
The main problem is lack of understanding of IT Systems and how they work. To Analyse Data from a database you do not need to take it off of the database and store it locally.
The solution to this problem is to bring all IT systems and staff back into government and train staff properly. With fully documented procedures on how task should be under taken and if the task is not document then the information security officer should be consulted so that a proper procedure can be established.
All staff should be aware of these procedure and any failure to follow procedure should be dealt with by two strikes and then your out. i.e get caught doing something not in the procedures you get a warning and sent on training, IF you do it again second warning and sent on more training. Do it a third time you get the sack.
Its not rocket science it just good practice.

View complete profile

Private message disabled

View all posts