asked Her Majesty's Government:
In respect of the Department for Constitutional Affairs, (a) on how many occasions in the last year malicious programs have compromised departmental computer systems; and, for each occasion, how many machines were affected; how long it took to remove the programs from the system; and what was the impact on the department's activities; (b) what penetration tests have been carried out of information systems over the last year and what were the results, indicating in each instance, whether the tests were carried out independently of the providers of the system concerned; and (c) on how many occasions in the last year the departmental management team has considered information risk.
(a) In the past year computer equipment at the Department for Constitutional Affairs was compromised on seven occasions by malicious programs, such as worms, viruses etc. In six of these incidents only a single machine was affected; in the other incident 16 machines were affected. The programs were removed as soon as discovered and had minimal impact on the department's activities.
(b) We do not provide detail on such security matters where it could compromise the security of our information systems.
(c) We follow standard advice on risk management.