There is no connection between the visitor and test wireless networks and the test wireless network does not carry any work or protectively marked traffic. No wireless network is connected to the main office network.
All wireless connections are protected by hardware firewalls and are covered as part of the regular annual audit process. Security vulnerabilities are addressed immediately they are notified.
Our Security Operating Protocol is reviewed by external auditors on an annual basis.
Internal auditing of compliance takes place at least annually. Independent external auditing is carried out on an annual basis. A number of criteria are used including the GSi Code of Connection, the Security Policy Framework, industry best practice and relevant Info Sec Memoranda.
We do not report on the scope of security testing nor the full list of test criteria for security reasons.
My Department does carry out social engineering vulnerability testing.
My Department's password policies conform to central standards.
A full range of guidance on security policies and best practice is available to staff via my Department's intranet.
We are currently deploying additional training and compliance testing for all staff.