[ISN] It's official: Department of Defence gets secure

From: InfoSec News (alerts@private)
Date: Tue Jan 09 2007 - 03:04:09 PST


By Gordon Smith

The Department of Defence has become the first government department in 
the State to be certified for best practice to international standards 
in information security.

Independent audits now show that the Department of Defence conforms to 
the BS 7799 and IS 17799 standards which specify the requirements for 
establishing, operating, maintaining and improving an information 
security management system.

The certificate was formally presented to Michael Howard, secretary 
general of the Department of Defence, and Greg McNamee, the director of 
IT, at a ceremony held at the departments headquarters in the Phoenix 

By having the award, the Department of Defence can show that adequate 
security controls are in place to guarantee that its information 
especially anything of a sensitive nature is protected and in line with 
best practice.

The process began last year and was conducted by Certification Europe, 
which awards the information security standard for effective e-security 
and physical security measures. The department also engaged the 
Dublin-based security consultancy Sysnet to assist with the 

Michael Brophy, CEO of Certification Europe, said that protecting an 
organisations information assets is no longer just about securing 
hardware and software. Its clear that the services, processes and assets 
provided also need to be secure and certified as such. By achieving 
certification to IS17799/BS7799 the Department of Defence demonstrates 
its belief that information security is about having the best staff 
awareness and processes as well as solid technical management, he said.

Brophy added that all organisations should put in place a comprehensive 
security management policy. The department achieved this when it was 
awarded the BS7799 standard; however, the external and internal threats 
to security systems are constantly changing so it is important that such 
processes and procedures are evolving too, he pointed out.

The departments certification will last for three years. This includes 
being monitored every six months to ensure that its security system 
still operates according to the standards. At the end of this period, 
the department must undergo recertification to remain compliant.

Subscribe to InfoSec News

This archive was generated by hypermail 2.1.3 : Tue Jan 09 2007 - 03:08:35 PST