150 likes | 359 Views
National Information Assurance Strategy: New challenges, new responses. Owen Pengelly Microsoft Public Sector Conference 30 September 2009. Agenda. Reminder: National Information Assurance Strategy 2007 Changing times “Events, dear boy”: data losses (and data handling) What & why
E N D
National Information Assurance Strategy:New challenges, new responses Owen Pengelly Microsoft Public Sector Conference 30 September 2009
Agenda • Reminder: National Information Assurance Strategy 2007 • Changing times • “Events, dear boy”: data losses (and data handling) • What & why • How we are doing • Public service reform… and economics • New approaches: Digital Britain and Cyber Security • Response: HMG ICT Strategy • Whither the NIAS?
Reminder: National IA Strategy 2003 & 2007 • Vision: A UK environment where citizens, businesses and government use and enjoy the full benefits of information systems with confidence This requires: • Clear and effective information risk management by organisations • IA standards that are complied with and meet the challenges posed by rapid change in ICT (e.g. shared services) • The capabilities to support delivery of IA (e.g. both products and people) • Applies to Central Government, wider Public Sector, supply chain, et al
1 Events: Data Handling Review • DHR commissioned by the Prime Minister in response to high profile data losses in 2007 • Focuses on personal data • Final Report June 2008 • 22 Mandatory Minimum Measures • Key issue for Cabinet Secretary • Suppliers – Intellect Government/Industry Board (ISAB) • Top 200 Organisations need to achieve a culture that underpins the safe use of information, both when planning business and operating it - DHR
How are we doing? INDICATIVE ANALYSIS
DHR: what does success look like? • Leadership and Governance • ownership of Information risk at Board Level • Training Education and Awareness • all staff receive ongoing, targeted training – information treated as valuable business asset • Information Risk Management • not just a challenge for the IT department • Through Life IA Measures • IA built in at outset • Assured Information Sharing • risk ownership established and addressed • Compliance • meet IA/SPF requirements as appropriate & gain delivery chain assurance throughout the public sector and beyond
2 Public service reform… and economics • Renewed imperative to transform Government and public services • Working Together: Public Services on Your Side • KIM Strategy • Power of Information Agenda • More with (lots) less: OEP
3 New approaches (and new allies): Digital Britain and Cyber Security
Responses to these challenges • HMG ICT Strategy & IA component • Refreshed National IA Strategy
UK Government ICT Strategy... A pictorial view DRAFT - NOT HMG POLICY Better value and performance from all parties - supplier management, 2-way assessment & collaborative procurement Technical Standards and Architecture International Alignment/compliance Information Security and Assurance Green IT Strategy Open Source, Standards, Reuse Data Centre Strategy Shared Services building once, using many – sharing front middle and back office systems and services and moving applications to the Government Cloud (“G-Cloud”) Common standards, greater reuse, less procurements, lower cost, greater innovation Rationalise, utility service, reduce cost, increase resilience, and capability Government Secure “Cloud” G-Cloud Shared Services/Systems, “Tell us Once” Simplified, standardised Available to all Rationalise, standardise, a “network of networks”, greater capability, secure, lower price. Fixed and mobile Simplify, standardise, common models, commoditise, greater capability, lower price. Common Desktop Strategy Public Sector Network
1 The Desktop Strategy Simplify, standardise, common models, commoditise, greater capability, lower price 2 The Public Service Network (PSN) Strategy Rationalise, standardise, a “network of networks”, greater capability, secure, lower price. Fixed and mobile 3 The Data Centre Strategy Rationalising data centres, creating the “fifth utility”, reduce cost, increase resilience, and capability 4 Open Source, Open Standards and Re-use Level the playing field. Greater reuse, less procurements, lower cost, greater innovation 5 Government Cloud (G-Cloud) The “fifth utility”. Rationalisation of ICT estate, greater speed to outcome, reduced cost, increased capability and security 6 Government Application Store Faster procurement, greater innovation, faster speed to deliver outcomes, reduced cost 7 Green IT Strategy Sustainable, more efficient ICT at a lower price 8 Information Security and Assurance Strategy Protecting data (citizen and business) from self harm and the unscrupulous. 9 Technical Standards and Enterprise Architecture Creating the environment that enables many suppliers to work together, cooperate, interoperate in a secure seamless cost efficient way 10 International Alignment and Compliance Ensuring we help shape treaties and directives to ensure they fulfil the UK national requirement and then working across ICT to ensure UK delivery 11 Delivering better projects with greater certainty of outcome Using portfolio management and active benefits management to ensure we undertake the right projects in the correct way and realise the full value 12 Better value and performance from all parties Working together to ensure our we all play to their strengths, improve their weaknesses and deliver our commitments. 13 Shared services building once, using many, moving to the store Continually moving to shared services for common activities. Moving, and growing, shared services into the Government Cloud 14 Capable departments, capable people To deliver what is being asked of us, improve capability, knowledge, skills and experience of those involved in ICT enabled business change UK Government ICT Strategy... 14 strands of activity DRAFT - NOT HMG POLICY
Whither the National IA Strategy? • Vision still seems right: A UK environment where citizens, businesses and government use and enjoy the full benefits of information systems with confidence • People • ? • Process • ? • Technology • ?
Conclusion: A refreshed NIAS … vision is clearly still fit for purpose but we now need to refresh NIAS to make relevant to new delivery environment • By end 2009 • People focus • Education • Professionalism • Cabinet Office report to parliament in November a platform • Key challenge – IA as enabler in climate where money is exceedingly tight
Conclusion “I am determined that Britain’s digital infrastructure will be world class.It is all part of building Britain’s future beyond the difficult, short-term economic conditions.” Prime Minister Gordon Brown 16 June 2009