Sunday, July 20, 2014

"Significant gaps" in Department of Justice IT security

You might think that the Department of Justice and Equality - which is responsible for data protection law in Ireland - would have adequate security in place for its own systems. Apparently not. Here's an excerpt from briefing materials for the new Minister, Frances Fitzgerald:
Significant gaps have been found in levels of IT security in use to protect our systems and data. The systems have become out of date as investment (as with infrastructure) has not been applied to maintaining levels at what would be deemed adequate. A security consultant has been retained and a dedicated security manager has been taken on to review and remediate this deficiency. This will require significant investment and resource to bring us to a suitable level of protection and awareness. (p.82)
Proving the point, the briefing material was released as a PDF with crude redaction, easily defeated by the time honoured method of copying and pasting the blacked out material. While the department hurriedly pulled the material from its own site the entire brief remains available in Google cache.

1 comment:

  1. Apart altogether from the content of the extract, the quality of the English is very poor! Despite the supposed ban on recruitment personnel have been appointed.