Improving data handling: Applying encryption and penetration testing across government

Penetration Testing

In June 2008, the UK Cabinet Office Minister, Ed Miliband, announced the publication of the department’s Data Handling Procedures in Government. The report outlined how the UK Government plans to improve data handling and information security by implementing:

 

  • Core measures to protect personal data and other information across government
  • A culture that properly values, protects and uses information
  • Stronger accountability mechanisms within departments
  • Stronger scrutiny of performance

 

Heading the list of measures being implemented, was the introduction of ‘new rules on the use of protective measures, such as encryption and penetration testing of systems’.

 

A properly executed penetration test (sometimes referred to as pen test, security health check, vulnerability assessment or security audit) provides customers with evidence of any vulnerabilities, and the extent to which it may be possible to gain access to or disclose information assets from the boundary of the system. Penetration tests also provide a baseline for remedial action in order to enhance the information protection strategy.

 

The importance for Government organisations to ensure the integrity of their information systems was reiterated with the 2009 publication of the first UK Cyber Security Strategy. It highlights how the critical national infrastructure we all take for granted is now largely dependent on network automated information systems, any of which have the potential to be the subject of a cyber attack.

 

VEGA’s information security team provides a comprehensive and varied range of services to clients across the public and private sectors. The team comprises UK Government CHECK-accredited penetration testers who hold SC and DV clearances, supporting work at all levels of protective marking. The format of these penetration testing services can be tailored to meet an organisation's specific requirements.

 

This section constitutes some of VEGA’s latest work and thinking around improving data handling, information security and penetration testing, and the benefits they can provide our clients.

 

 

Data Handling Thought Leadership

» Making Penetration Testing Work

» The Cost of Data Breaches

» Putting a price on privacy

 

Data Handling case studies

» Disposal Services Authority

» Market Harborough Building Society

 

Data Handling news

» VEGA-supported edisposals.com project wins e-Government National Award

» edisposals.com nominated for e-Government National Awards 2008

» NPIA & IaPS Framework Success

 

Data Handling related internal links

» Penetration Testing

» Information Governance Review

» UK Cyber Security Strategy

» Information Exploitation

» Buying Solutions (formerly Catalist)

» MOD ICS Catalogue

» FATS

 

Data Handling related external links

» UK Cabinet Office

» Business Solutions (formerly Catalist)

» CHECK

» Data Handling Processes in Government

 

Contact VEGA for further information about improving data handling

Data Handling Thought Leadership

CHECK logo

CESG CHECK

VEGA is a CHECK "Green Light Status" service provider.

Buying Solutions supplier logo

Buying Solutions

VEGA is an accredited Buying Solutions supplier (formerly Catalist), under the ICT Consultancy Services framework. Click here to find out more