asked Her Majesty's Government:
In respect of the Cabinet Office, (a) on how many occasions in the last year malicious programs have compromised departmental computer systems; and, for each occasion, how many machines were affected; how long it took to remove the programs from the system; and what was the impact on the department's activities; (b) what penetration tests have been carried out of information systems over the last year and what were the results, indicating in each instance, whether the tests were carried out independently of the providers of the system concerned; and (c) on how many occasions in the last year the departmental management team has considered information risk. [HL2403]
In the Cabinet Office over the past year:
(a) There have been no recorded instances of malicious programs having compromised departmental computer systems.
(b) In accordance with accreditation requirements, penetration tests have been carried out on departmental information systems. These were undertaken by approved IT health-check service (CHECK) organisations working independently of the system providers. It is not government policy to make public the nature and results of these tests.
(c) Four meetings of the departmental audit and risk committee have been held. An important part of the committee’s remit is to discuss, review and manage risks to departmental information.