There is a general view that government IT systems fail to give the right priority to security – giving either too much or too little. For government organisations, getting the balance right with an appropriate level of information security is very hard to do.
Dr Ian Levy’s recent article in Guardian Government Computing is an excellent overview of why information assurance is difficult for government, (published 25th October 2011).
Read the article here: Government Systems: how much security is enough?>>
Dr Ian Levy istechnical director of CESG, the National Technical Authority for Information Assurance. Dr Levy examines what an appropriate level of security means for government organisations and looks at the real world application of applying value to your data.
Valuing your data is the foundation of Information Risk Management. It’s like a house of cards – if you overvalue, your foundations are too big and heavy, if you undervalue the foundations are on sand.
It’s refreshing to hear an official view on this challenge, for what sounds like a simple concept in reality is complex and subjective. The solution can only be education and investment in Information Risk Management – with robust, mature processes and educated stakeholders.
“Achieving the right level of security in government IT systems really depends on the threats to the data and systems, the impact that compromise of the data could have, and the fine art of balancing cost, business benefit and security.
Getting this right needs a mature information management culture, a well understood risk management framework and a well rehearsed incident management process.Future success will also depend on government systems and services evolving to meet the changing threat as they become more exposed to the outside world.”
Dr Ian Levy, Guardian Government Computing 25/10/11
You only protect what you value.If government organisations do invest in understanding the value of their data they will make better investment decisions on what to protect and what level of protection is needed. Good decisions need good information.
Here’s Dr Ian Levy’s article again: Government Systems: how much security is enough? >>