Cabinet Office Slammed For Lack of InfoSec Leadership
A fresh report from the National Audit Office says the Cabinet Office has failed to get to grips with information security across government departments.
The NAO has issued a report this morning criticising UK government and the Cabinet Office in particular for failing to coordinate and lead departmental cyber-security efforts.
The National Audit Office report, running to 41 pages, stated that despite an ambition to set the agenda for cyber-security across government, the Cabinet Office had failed to establish a clear role for itself amidst the often confusing government information landscape.
It is time to explode the myth that information security risk and controls experts exist at all levels of government (or even in the private sector). The truth is that these individuals are few and far between and that assessing common risks and aligning effective controls to them should be a central function. This doesn't mean being prescriptive in all areas, but rather offering clear and effective solutions to common issues rather than seeking reinvention of these solutions at a departmental level. All the current structure does is ensure variability of effectiveness in response to information security threats.
Jacob Ginsberg, senior director at Echoworx said, “The NOA report further highlights the hypocrisy surrounding data security in the UK. The government claims that individuals' privacy is of paramount importance – despite its efforts to weaken encryption – yet clearly there are serious failures with its current security setup."