Skip to main content

Departmental Data Protection

Volume 489: debated on Friday 13 March 2009

To ask the Minister of State, Department for Business, Enterprise and Regulatory Reform what IT security strategy his Department has in place; what steps are being taken to ensure the policy is being followed; what policy is in place on the use of encryption when electronic data are sent externally; and what sanctions are in place for use should the policy not be followed. (258916)

Information is a key asset to Government and its correct handling is vital to the delivery of public services and to the integrity of HMG. The Security Policy Framework, the Data Handling Report and the National Information Assurance Strategy produced by the Cabinet Office provide a strategic framework for protecting information that Government handle and put in place a set of mandatory measures which Departments must adhere to.

BERR is compliant with the security policies contained in the Government Security Policy Framework including those for information security and assurance.

To ask the Minister of State, Department for Business, Enterprise and Regulatory Reform if he will place in the Library a copy of his Department's IT security hierarchy. (259701)

Information is a key asset to Government and its correct handling is vital to the delivery of public services and to the integrity of HMG. The Security Policy Framework, the Data Handling Report and the National Information Assurance Strategy produced by the Cabinet Office provide a strategic framework for protecting information that Government handle and put in place a set of mandatory measures which Departments must adhere to.

It is not in the interests of the security of the Department, or that of the public, to disclose detailed information pertaining to the hierarchy of IT security within the Department. Disclosing such information would enable criminals and those who would attempt to cause disruptive threats to the Department to deduce how to conduct attacks and therefore potentially enhance their capability to carry out such attacks.

To ask the Minister of State, Department for Business, Enterprise and Regulatory Reform what scanning for vulnerabilities his Department conducts of each of its IT devices; what method is used for IT device scans; and how many vulnerabilities have been detected as a result of such scans in the last 12 months. (259702)

Information is a key asset to Government and its correct handling is vital to the delivery of public services and to the integrity of HMG. The Security Policy Framework, the Data Handling Report and the National Information Assurance Strategy produced by the Cabinet Office provide a strategic framework for protecting information that Government handle and put in place a set of mandatory measures which Departments must adhere to.

It is not in the interest of the security of the Department, or that of the public, to disclose detailed information pertaining to electronic breaches of security of department's IT systems. Disclosing such information would enable criminals and those who would attempt to cause disruptive threats to the Department to deduce how to conduct attacks and therefore potentially enhance their capability to carry out such attacks.

To ask the Minister of State, Department for Business, Enterprise and Regulatory Reform whether his Department uses WPA2 encryption protocol on all its wireless networks. (259703)

Information is a key asset to Government and its correct handling is vital to the delivery of public services and to the integrity of HMG. The Security Policy Framework, the Data Handling Report and the National Information Assurance Strategy produced by the Cabinet Office provide a strategic framework for protecting information that Government handle and put in place a set of mandatory measures which Departments must adhere to.

BERR is compliant with HMG IA Standard No 4 —Communication, Security and Cryptography for the encryption of data. BERR follows CESG guidance on the use of the Wi-Fi Protected Access 2 (WPA2) communications security protocols in order to protect wireless networks carrying protectively marked (up to RESTRICTED/IL3) traffic. The configuration and operation standards for WPA2 are set out in CESG's Infosec Manual Y, Use of WPA2 Wireless Security in Government Systems.

To ask the Minister of State, Department for Business, Enterprise and Regulatory Reform what auditing his Department undertakes to ensure that IT security policies are being followed; and on how many occasions (a) IT security policies have been breached by employees and (b) a member of staff has been sanctioned for a breach of such policies in the last 12 months. (259704)

Information is a key asset to Government and its correct handling is vital to the delivery of public services and to the integrity of HMG. The Security Policy Framework, the Data Handling Report and the National Information Assurance Strategy produced by the Cabinet Office provide a strategic framework for protecting information that government handles and put in place a set of mandatory measures which Departments must adhere to.

Compliance arrangements comprise a system of self assessment, accreditation, assurance reporting, audit and review.

In the last 12 months fewer than five staff have broken BERR IT security policies and have been sanctioned for the breach.