The information commissioner says that government has improved both its data protection and its disclosure of such work. Christopher Graham was commenting on a Cabinet Office report which sets out work since the Data Handling Review of June 2008, which set out measures for departments to improve data security. He was positive …
Why does it always take a monumental embarassing failure to get governments to do things like this?
It's not just govt...
... that are reactive rather than proactive. Business from the very small to the very large are equally guilty - think TJX, think HSBC, and they're just the high-profile ones. Often it's not until you have a breach that you know something has a vulnerability. You can point at penetration testing, vulnerability assessments, data security and the likes, and they are all very good things to point at, but infosec isn't something you 'do', it's something you 'are'. It's a constant cat-and-mouse game between those who seek to protect information and those who seek to obtain information. Absolutely some of the more blunderous problems should never have happened, but the fact that things have improved considerably should be applauded.
Mine's the one with the CISSP 10 Domains of InfoSec Guidebook in the (extremely large) pocket
They haven't done much
They've just shifted the liability away from Westminster.
they're getting better at *not* loosing gour data
So they just *have* to collect more of it to begin with.
270 privacy impact assesments. How many *new* systems doe this government need?
- Product round-up Coming clean: Ten cordless vacuum cleaners
- Product round-up Too 4K-ing expensive? Five full HD laptops for work and play
- 'Regin': The 'New Stuxnet' spook-grade SOFTWARE WEAPON described
- Review We have a winner! Fresh Linux Mint 17.1 – hands down the best
- Worstall @ the Weekend BIG FAT Lies: Porky Pies about obesity