Securing Information
Strengthening Business

How Much Security is Enough for Government Systems?

There is a general view that government IT systems fail to give the right priority to security – giving either too much or too little. For government organisations, getting the balance right with an appropriate level of information security is very hard to do.

Dr Ian Levy’s recent article in Guardian Government Computing is an excellent overview of why information assurance is difficult for government, (published 25th October 2011).

Read the article here: Government Systems: how much security is enough?>>

Dr Ian Levy istechnical director of CESG, the National Technical Authority for Information Assurance. Dr Levy examines what an appropriate level of security means for government organisations and looks at the real world application of applying value to your data.

Valuing your data is the foundation of Information Risk Management. It’s like a house of cards – if you overvalue, your foundations are too big and heavy, if you undervalue the foundations are on sand.

It’s refreshing to hear an official view on this challenge, for what sounds like a simple concept in reality is complex and subjective. The solution can only be education and investment in Information Risk Management – with robust, mature processes and educated stakeholders.

“Achieving the right level of security in government IT systems really depends on the threats to the data and systems, the impact that compromise of the data could have, and the fine art of balancing cost, business benefit and security.

Getting this right needs a mature information management culture, a well understood risk management framework and a well rehearsed incident management process.Future success will also depend on government systems and services evolving to meet the changing threat as they become more exposed to the outside world.”

Dr Ian Levy, Guardian Government Computing 25/10/11

You only protect what you value.If government organisations do invest in understanding the value of their data they will make better investment decisions on what to protect and what level of protection is needed. Good decisions need good information.

Here’s Dr Ian Levy’s article again: Government Systems: how much security is enough? >>

For Further Information

If you have any questions about the topics we've covered, or would like to have a chat about any aspect of your own cyber security strategy, please get in touch with the team at Ascentor.

Please use the contact details below - also found on our Contact Us page.


Fields marked with an * are required
Share this:

You may also be interested in:

What is shadow IT and how do you manage it?

There used to be a time when the IT within an organisation was exclusively provided and approved by that organisation. CIOs might look back on those

Less rules, more goals. How recent changes in regulatory approaches can enable innovation in information security

Regulated sectors such as the civil nuclear industry and financial institutions have seen a recent shift towards outcome-focused regulation which is

The Ascentor guide to a cyber safe summer holiday

“We’re all going on a summer holiday, no more logins for a week or two…”