Can you help with the following article? This article will be appearing in SC Magazine. SC features on specific technologies and trends are designed to inform IT security professionals about the state of the art in that area.
The government should set a good example when it comes to information and data security but the HMRC debacle of 2007 showed that processes across the board were going badly wrong. How has government and public sector been raising its game since? How much has really changed? What processes and procedures have government departments put in place to prevent a re-occurrence? Has anything really changed? After all civil servants are still losing laptops and mobiles on a regular basis. Can the private sector now learn from it?
PLEASE NOTE: THIS FEATURE IS SPECIFICALLY FOCUSED ON GOVERNMENT DEPARTMENTS RATHER THAN THE PUBLIC SECTOR AS A WHOLE
Some of the key questions I'll be looking at:
How does Whitehall maintain data security in its departments?
Are some departments doing better than others?
Are there any outstanding "stars" in infosec circles in government?
What does it do differently from the private sector?
What can the private sector learn from Whitehall, if anything?
Does Whitehall have much to spend on IT and infosec anymore - has it been hit by cuts?
Have any departments innovated any unique policies or processes?
Does it maintain relationships with vendors?
What is the relationship with the big consulting firms (Deloitte, PwC etc)?
So I'd especially like to speak to people closely involved with working Whitehall on security, people in Whitehall, consultants (especially those in the big consulting firms) or people who have had recent (post 2007) experience in this area.
I'll also be looking in detail at the following areas:
1) What is a SIRO?
As part of the inquiry after the HMRC event it was decided that every Whitehall department would appoint a Senior Information Risk Officer. But what is a SIRO and how does it differ from a CISO. What are their responsibilities? Has it been successful?
Ideally, I'd like to speak to a SIRO if possible
2) HMRC Since 2007
How has HMRC improved its processes and procedures since 2007. And whatever did happen about those missing disks?
3) The coalition
What is the new government's position on data security in its own departments? Does it have any particular policies? Does it care?
Ideally, I'll like to interview the relevant minister or someone from that minister's office.
INTERVIEWS
I'd like to arrange interviews for any of the following dates in September: 2, 3, 9, 10, 15, 16 or 17th. My absolute deadline for this piece is the 18th September.
HOW TO REPLY
Send an email to pr@robbuckley.co.uk or leave a comment below
Leave a comment