140 likes | 479 Views
Welcome to Fife Council David James IT Lead Officer (Security/Risk/Continuity) Fife Council Third largest Local Authority in Scotland 507 square miles 360,000 population 23,000 employees (270 IT Staff) Nearly 500 networked offices Unitary Authority Co-terminus with NHS, Police and Fire
E N D
Welcome to Fife Council David James IT Lead Officer (Security/Risk/Continuity)
Fife Council Third largest Local Authority in Scotland 507 square miles 360,000 population 23,000 employees (270 IT Staff) Nearly 500 networked offices Unitary Authority Co-terminus with NHS, Police and Fire
Business Change • Transformational Government – Enabled by Technology (Nov 2005) • 120 Mission Critical or High Risk IT enabled project • National IT Systems • Shared Services
Fife Council Big 8 Objectives Energetic agenda to improve Fife Council (3 examples) • Improve Educational Attainment • Making Fife the Leading Green Council • Making Fife a top performing Council
Data Security Right Data – Right Place – Right Time Hardware – Software – Wetware
Mobile Devices Not - Any Data – Any Place – Any Time • Value of the laptop and pen drive
Value – Business Issue • Value of the data • £1m fine for loss of 11m customer records • Information Commissioners Office
www.ico.gov.uk September 08 Sep 09 - NHS Education for Scotland to improve security after details on medical training applicants are stolenNHS Education for Scotland (NES) has agreed to improve data security after it informed the Information Commissioner’s Office (ICO) of a data breach involving the theft of an unencrypted laptop containing the personal information of 6377 applicants for medical training positions. 04 Sep 09 - Sandwell MBC agrees to improve security after losing information on children in its careSandwell Metropolitan Borough Council has agreed to take action to comply with data protection principles and has signed an Undertaking to assure the Information Commissioner’s Office (ICO) that personal data will be kept securely in future. 03 Sep 09 - Wigan Council improves security after details on most school children are stolenWigan Council has agreed to take action to comply with the Data Protection Act after the theft of a laptop computer containing personal information relating to approximately 43,000 children and young people. The laptop included personal details on most children and young people in Wigan’s schools. The information had been downloaded on to the laptop in breach of council policy. Although the laptop was stored in a locked office, the data on the device was not protected as the laptop was not encrypted.
Web sites www.ico.gov.uk www.itspublicknowledge.info
Physical/Electronic Physical and electronic • Building Security • Printing – more buttons • Protective marking
New Challenges New issues • Web interfaces/Web based applications • Virtualisation • Mobile Devices – phones/blackberry’s Building the right IT Infrastructure
COBIT www.isaca.org
Information Security Standard ISO 27001 – Information Security • Risk Assessment • ISO 27001 Gap analysis Security Testing • Penetration testing • PCI-DSS National Technical Authority for IA www.cesg.gov.uk