The information commissioner says that government has improved both its data protection and its disclosure of such work. Christopher Graham was commenting on a Cabinet Office report which sets out work since the Data Handling Review of June 2008, which set out measures for departments to improve data security. He was positive …
Why does it always take a monumental embarassing failure to get governments to do things like this?
It's not just govt...
... that are reactive rather than proactive. Business from the very small to the very large are equally guilty - think TJX, think HSBC, and they're just the high-profile ones. Often it's not until you have a breach that you know something has a vulnerability. You can point at penetration testing, vulnerability assessments, data security and the likes, and they are all very good things to point at, but infosec isn't something you 'do', it's something you 'are'. It's a constant cat-and-mouse game between those who seek to protect information and those who seek to obtain information. Absolutely some of the more blunderous problems should never have happened, but the fact that things have improved considerably should be applauded.
Mine's the one with the CISSP 10 Domains of InfoSec Guidebook in the (extremely large) pocket
They haven't done much
They've just shifted the liability away from Westminster.
they're getting better at *not* loosing gour data
So they just *have* to collect more of it to begin with.
270 privacy impact assesments. How many *new* systems doe this government need?
- Pic Mars rover 2020: Oxygen generation and 6 more amazing experiments
- Microsoft's Euro cloud darkens: US FEDS can dig into foreign servers
- Boffins spot weirder quantum capers as neutrons take the high road, spin takes the low
- Plug and PREY: Hackers reprogram USB drives to silently infect PCs
- Review Fiat Panda Cross: 'Interesting-looking' Multipla spawn hits UK