SOCITM (Society of Information Technology Management)
Printable version E-mail this to a friend

Information security breaches usually management not technology failures

Information security breaches in the public sector are almost always down to failures of information governance and management, and not technology, says Socitm's latest briefing.

According to Information governance: not up to scratch? local public service organisations are doing well at closing the technical vulnerabilities but rather less well at changing behaviours and preventing physical lapses. Security breaches reported on the ICO website include cases of incorrect disclosure, physical loss or theft of storage devices, misuse of old documents as templates, errors in handling fax and e-mail, sending documents to the wrong address, and even papers being stolen from a pub. There is not a single example of a technical failure among them.

The briefing reports that many local public service organisations are now addressing information security risks by putting the basics of information governance in place, and in the last three years, there has been an significant increase numbers appointing a senior information risk officer (SIRO). However, based on responses to Socitm's latest IT Trends survey, only just over a half have an information governance function in place.

The briefing includes a detailed case study from Chelmsford BC, one local authority that has taken a strongly pro-active approach to information governance and security, and has some useful lessons to report for the benefit of others.

Information governance: not up to scratch? is available free of charge to Socitm Insight subscribers.

Exclusive Car Discounts for Public Sector Workers!