Independent Review of Government Information Assurance
From SR
Background
Government is transforming the way it uses information, sharing vast amounts of data and joining up services and systems on an unprecedented scale. Use of the Internet is expanding; information can increasingly be accessed anywhere at any time. In this rapidly changing environment, is the public sector’s information adequately protected against deliberate attack, disruption to services or loss of critical data?
Purpose
The Cabinet Office commissioned this independent review, well before recent losses, as part of the work to ensure government keeps pace with these changes, to assess how well government is protected now and in the future. The review was asked to report back on:
- whether Information Assurance across government is adequate enough to provide stakeholder
confidence in the government’s information infrastructure
- whether information and services are protected in a timely and cost-effective way
- the extent to which current investment in Information Assurance will support the requirements of
shared services and the Transformational Government agenda.
Conclusions
Key recommendations from this work were published in a synopsis of this work in June 2007 in order to be able to inform the direction of the National Information Assurance Strategy delivery plan.
The review identified that, although measures are difficult to come by, most departments are now investing significant amounts of money and effort in information security. There are areas of good practice, but there are also many areas where government must improve.
- Government must do more to deliver confidence in its information infrastructure; enabling Information Assurance and enhancing Governance; Information Risk Management; Policy and Operations; and Monitoring and Control.
- Capabilities have developed in silos (within individual departments) which has resulted in complexity in joining up, and limited re-use across Government with many different areas of government addressing the same challenges differently.
- The challenge now is to enable joined up government, which means connecting to more environments and sharing more data in an environment that is increasingly more hostile.
