How Much Security is Enough for Government Systems?

There is a general view that government IT systems fail to give the right priority to security – giving either too much or too little. For government organisations, getting the balance right with an appropriate level of information security is very hard to do.

Dr Ian Levy’s recent article in Guardian Government Computing is an excellent overview of why information assurance is difficult for government, (published 25th October 2011).

Read the article here: Government Systems: how much security is enough?>>

Dr Ian Levy istechnical director of CESG, the National Technical Authority for Information Assurance. Dr Levy examines what an appropriate level of security means for government organisations and looks at the real world application of applying value to your data.

Valuing your data is the foundation of Information Risk Management. It’s like a house of cards – if you overvalue, your foundations are too big and heavy, if you undervalue the foundations are on sand.

It’s refreshing to hear an official view on this challenge, for what sounds like a simple concept in reality is complex and subjective. The solution can only be education and investment in Information Risk Management – with robust, mature processes and educated stakeholders.

“Achieving the right level of security in government IT systems really depends on the threats to the data and systems, the impact that compromise of the data could have, and the fine art of balancing cost, business benefit and security.

Getting this right needs a mature information management culture, a well understood risk management framework and a well rehearsed incident management process.Future success will also depend on government systems and services evolving to meet the changing threat as they become more exposed to the outside world.”

Dr Ian Levy, Guardian Government Computing 25/10/11

You only protect what you value.If government organisations do invest in understanding the value of their data they will make better investment decisions on what to protect and what level of protection is needed. Good decisions need good information.

Here’s Dr Ian Levy’s article again: Government Systems: how much security is enough? >>

You may also be interested in:

Cyber security myths of SMEs

Cyber security myths putting SMEs at risk

SMEs have long been a favourite hunting ground for cyber criminals and, in the worst case scenario, may not survive. We look at some of the myths that put SMEs at risk of cyber crime.

Work from home cyber security myths

Cyber security myths home workers fall for

Home workers are a growing gateway to your data and systems. If they believe any of these popular cyber security myths, your security is at serious risk.

Cyber security working from home

Managing good cyber security when working from home - what employers need to know

Home working carries increased security risks, but it doesn’t have to be open season for cyber criminals. These tips will help you put together a robust level of cyber security for your home based employees.