Information Systems: Defra

House of Lords written question – answered on 13th March 2007.

Alert me about debates like this

Photo of Lord Harris of Haringey Lord Harris of Haringey Labour

asked Her Majesty's Government:

In respect of the Department for Environment, Food and Rural Affairs, (a) on how many occasions in the last year malicious programs have compromised departmental computer systems; and, for each occasion, how many machines were affected; how long it took to remove the programs from the system; and what was the impact on the department's activities; (b) what penetration tests have been carried out of information systems over the last year and what were the results, indicating in each instance, whether the tests were carried out independently of the providers of the system concerned; and (c) on how many occasions in the last year the departmental management team has considered information risk.

Photo of Lord Rooker Lord Rooker Minister of State (Sustainable Farming and Food), Department for Environment, Food and Rural Affairs, Minister of State (Department for Environment, Food and Rural Affairs) (Sustainable Farming and Food), The Minister of State, Northern Ireland Office

(a) In the past year no malicious programs have compromised departmental computer systems, as all potential infections were trapped by the AV software and there were no reported outbreaks.

(b) The only penetration test performed in the past year was on the BlackBerry pilot and was performed by QinetiQ at Defra's request. Eight issues were found, and these were either mitigated or taken into account in the subsequent solution for production. Release of the results might highlight vulnerabilities and compromise security.

(c) The departmental management board considered information assurance and risk in December 2006 but the management team has also considered information risk in other ways: as part of its consideration of overall departmental performance and delivery and through its oversight of major IT-enabled change programmes and local programmes, all of which have risk management processes that include information risk.

Does this answer the above question?

Yes0 people think so

No0 people think not

Would you like to ask a question like this yourself? Use our Freedom of Information site.