Jump to content
Manx Forums, Live Chat, Blogs & Classifieds for the Isle of Man
spanna

Gov Data security

Recommended Posts

What is missing in this thread is a little context. Precisely what data do Argon and IT Works come into contact with in the performance of their contract?

 

Share this post


Link to post
Share on other sites
32 minutes ago, BigDave said:

What is missing in this thread is a little context. Precisely what data do Argon and IT Works come into contact with in the performance of their contract?

 

Indeed. Great question.

Argon - supply multi-function (printer / scanner / copier) devices  (MFDs) with internal data storage to queue print documents, store scanned documents for emailing or printing etc., some of which will contain sensitive / personal data etc.. Most larger MFDs include a decent size hard disk / SSD from which data can be recovered. 

IT Works seem to be more about desktop support - which likely includes repairing / replacing desktop PCs and laptops containing hard disks / SSDs similarly potentially holding sensitive / personal data either saved locally intentionally by the user or cached locally by the applications used to access that data from back-end systems.

Both MFDs and PCs can also be subverted to covertly echo the data they process to another system.

Not denigrating Argon or IT Works in any way, but the reality is that IT service providers and their technicians are a great back door into corporate IT systems and the data they hold / process. The OP has a valid point in principle - but without seeing the ITT or the tenders we can't know what other data security assurances were asked of bidders aside from 27001 - like most ISO standards it is of limited value.

 

  • Like 1

Share this post


Link to post
Share on other sites
3 hours ago, craggy_steve said:

....- like most ISO standards it is of limited value.

 

 

Ain't that the truth.

  • Like 1

Share this post


Link to post
Share on other sites

Anyone know if the Gov currently utilises any sort of Security Assessment service?

Share this post


Link to post
Share on other sites
Quote

The OP has a valid point in principle - but without seeing the ITT or the tenders we can't know what other data security assurances were asked of bidders aside from 27001 - like most ISO standards it is of limited value.

I don't agree that they're of limited value. The relevance and applicability are really dependant upon their implementation, scope, endorsement and the level of ongoing oversight.

The truth is that any ISO standard can be implemented relatively easily and there are a variety of pre-packaged sources available, whether for ISO 9001, 27001 etc. The existance of ISO 27001 (or any standard) assures nothing - it is the scrutiny/audit of a such a system that provides the assurance. You would hope that any body asking for ISO 27001 would  consider following up to ensure its adoption/implementation/scope.

Having spent a week with an ISO 27001 auditor to ensure compliance with a UK regulator, I can assure you that (done right) they leave no stone unturned and make sure any organsiation fully considers the cybersecurity/information security risks.

That auditor's job would prove very difficult if he didn't have a consistent standard to measure against.

The absence of ISO 27001 does not mean security is lax, equally - ISO 27001 doesn't prove security is first class. What ISO does provide is a consistent framework on which security can be measured.

CIS Top 20 is a more relevant, tactiful measure of security.

 

 

Edited by joeyconcrete

Share this post


Link to post
Share on other sites

@joeyconcrete I think you've just explained why the ISO standards are of limited value ;)   And I do mean limited - I don't write them off, merely recognise that other methods and measures may deliver greater assurance - whether one is looking at 9001, 14001, 27001 or whatever.  The ISOs are mostly useful baseline assurances, not awards of superiority. 

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...