The report provides the outlines of two tools, a suggested Review Process and proposed Development Framework to help boards, senior managers and information teams in organisations that would like to review their information security strategies and governance arrangements.
Since its launch in March this year, the DGSF actively engaged with civil servants, cyber specialists and technology providers to help guide the development of the Forum and to assist in quality assuring the work produced through the initiative. The report identifies four high priority areas, for government to address as it continues to make greater use of technology to meet austerity targets and improve the delivery of digital public services:
Lack of awareness of information security threats at board level, causing organisations to fail to provide reassurance that they are meeting their information security responsibilities and cost effectively managing information and cyber threats.
Concerns over data security blocking efforts to boost collaboration, data sharing, BYOD and more efficient working at a time when government and public services are under pressure to deliver more at lower cost.
Interfaces between different organisations are key danger points as the government’s prime objective is to join up services and promote greater partnership working and collaboration across sectors.
Legacy systems which were not designed for the digital age which have encouraged legacy thinking in terms of information security, often resulting in fragmented and siloed security arrangements.
John Thornton, secretary to the Digital Government Security Forum says: “Overall, the UK has made huge progress in information handling and data security following the series of high profile breaches in recent years. There is however no room for complacency. Organisations need to think in terms of security-by-default to deliver digital-by-default and share information in order to counter cyber threats. Cybercrime is global in nature and a strong public-private partnership is crucial to create an environment where public sector organisations can work together for mutual benefit.”
The DGSF’s recommendations to boards and senior managers are:
- Be aware of your risks and put foundations into place: Identify key risks, vulnerabilities and critical information assets; implement basic controls and proactively manage information risks
- Embrace technology: Ensure that the security technology infrastructure includes comprehensive threat intelligence, risk and behavioural analytics, and robust, resilient and automatic threat protection
- Use improved information security as an enabler: Support and make possible the savings, service developments and efficiency improvements the digital world offers once security barriers have been removed
- Develop a culture that embraces change: Share experience and expertise across the public sector to boost confidence from citizens, businesses and government itself into these digital systems.