Yeah right
So that's no CD/DVD glued up USB and FireWire slots, no floppies no card reader/writer, no insecure OS' and competent civil servants.
Yeah I can just see that happening :(
A security review by Deloitte of one of the UK government's child databases - ContactPoint, which will contain an entry for every English child under 18 - has found it is generally secure. With some provisos. Deloitte makes a timely reminder to a government convinced that securing databases is simply a technical problem: "Risk …
"More positively, the review found information security had "been ingrained" within people, processes, policy development, requirements definition and architecture."
So this *particular* Government department has security "ingrained" while the rest (and HMRC in particular) appear to be clueless.
Unlikely!
...is that the government is refusing to publish the detailed findings of the Deloitte report on the grounds that if they did so people might use that information to target the database.
Clearly someone in Whitehall thinks that security through obscurity is still a reasonable argument.
It doesn't matter how secure the database is, the data centre it's lccated in is or the network it's connected to is, if they give every numpty Tom, Dick or Harriet the keys to the door and the last I heard, they pretty much are.
Paris 'cos even she's likely to get access to the data.
This post has been deleted by its author
What Deloitte's should be comparing the system to is the current paper and unconnected databases that cover children's details. What are the controls on access to paper files in SW offices like? Does every access get logged and monitored and could it be controlled? Who has access to the relevant SW, police, education databases and can do searches across them for proper data matches to identify risks to children from the sort of patterns that professionals recognise? Do the benefits of that in catching abuse and risks to young people outweigh the downsides which presumably Deloitte's did identify (unauthorised use or access, elevated access, fishing exercises) that can't happen at the moment, or was this just a White Hat penetration test