The information commissioner says that government has improved both its data protection and its disclosure of such work. Christopher Graham was commenting on a Cabinet Office report which sets out work since the Data Handling Review of June 2008, which set out measures for departments to improve data security. He was positive …
Why does it always take a monumental embarassing failure to get governments to do things like this?
It's not just govt...
... that are reactive rather than proactive. Business from the very small to the very large are equally guilty - think TJX, think HSBC, and they're just the high-profile ones. Often it's not until you have a breach that you know something has a vulnerability. You can point at penetration testing, vulnerability assessments, data security and the likes, and they are all very good things to point at, but infosec isn't something you 'do', it's something you 'are'. It's a constant cat-and-mouse game between those who seek to protect information and those who seek to obtain information. Absolutely some of the more blunderous problems should never have happened, but the fact that things have improved considerably should be applauded.
Mine's the one with the CISSP 10 Domains of InfoSec Guidebook in the (extremely large) pocket
They haven't done much
They've just shifted the liability away from Westminster.
they're getting better at *not* loosing gour data
So they just *have* to collect more of it to begin with.
270 privacy impact assesments. How many *new* systems doe this government need?
- Review Samsung Galaxy Note 8: Proof the pen is mightier?
- Nuke plants to rely on PDP-11 code UNTIL 2050!
- Spin doctors brazenly fiddle with tiny bits in front of the neighbours
- Game Theory Out with a bang: The Last of Us lets PS3 exit with head held high
- That Microsoft-Nokia merger you've been predicting? It's no go