Information Security

Sponsored by:

Tuesday 30th June 2009, One Great George Street, London, 08:30 - 16:15

The National Information Security in the Public Sector Annual Conference

CONFIRMED: Nick Coleman, Independent Reviewer, Cabinet Office (2006-2008), Author of “The Coleman Report: Protecting Government Information”

“High profile data losses in the last few months have demonstrated the importance of data protection. As increasing numbers of organisations are collecting more and more personal information, it is essential that effective data protection policies and practices are in place. Vigilance and strong leadership are needed at the highest level in all organisations to ensure data protection is taken seriously.”

David Smith, Deputy Information Commissioner, March 2008

Overview

Recent significant losses of personal data by government departments, its agencies or contractors since April last year, have led to a loss of confidence by the public in the government’s ability to successfully manage large IT projects and to securely store personal information.

To minimise the risk of further losses of data in the future, in November, the Prime Minister asked, Sir Gus O’Donnell, the Cabinet Secretary to conduct a review of government departments regarding the implementation of rules for the handling of data. Sir Gus O’Donnell’s review, Data handling procedures in government: final report that was published in June 2008, was partly informed by Nick Coleman’s work, The Coleman Review, in to information assurance – the protection, availability, and integrity of information – that was commissioned by the Cabinet Office and published at the same time. In support of the Cabinet Secretary’s review, Sir David Omand is reviewing government department procedures to handle highly classified information.

The Government is committed to pursuing the enhancement of privacy alongside its objective of making better use of personal data to deliver improved public services. The Cabinet Secretary’s review has now put in place a new set of minimum mandatory standards that all government departments must comply with when handling personal information.

They include the following:

introducing new rules on the use of protective measures, such as encryption and penetration testing of systems;
standardising and enhancing information risk management processes,
identifying the key individuals in each department who are responsible for information assets and setting out their responsibilities;
mandatory training on appointment and yearly thereafter for all staff involved in handling personal data;
the use of Privacy Impact Assessments when introducing new policy or processes that involve the use of personal data;
scrutiny and monitoring of information risk statements by the National Audit Office and through spot checks by the Information Commissioner;
a range of other measures to improve information security across government

The purpose of these recommendations and, the earlier review conducted by Dr Mark Walport (Director of the Wellcome Trust) and Richard Thomas (Information Commissioner) into the protections that must apply when personal information is shared in both the public and private sectors, is not only to establish standards and processes but also to foster a culture, throughout all government departments and the wider public sector that, values and protects the use personal information.

The creation of such a culture will help to underpin the procedures and high level of security measures that these reviews have put in place.

Agenda

The Government needs to ensure that the systems underpinning key public services are made as secure and resilient as possible. As more and more services go online, it is vital that we ensure that the public has trust and confidence in those services. Public sector organisations must create policies and processes to minimise risks to their information and the systems in which it is handled.

08:30	Registration and Coffee
09:25	Chair’s Welcome Address Rt. Hon Hilary Armstrong MP, Former Secretary of State, Cabinet Office
09:30	Information Assurance: A New Comprehensive Approach Cultural shift: organisational and mindset change Redefining processes: independent oversight, clear lines of accountability and responsibility Robust security infrastructure: risk management and penetration testing Data handling - working with third parties: processing and sharing personal information Nick Coleman, Independent Reviewer, Cabinet Office (2006-2008), Author of “The Coleman Report: Protecting Government Information”
10:25	Data Management and the Criminal Justice System Change management: developing clear, transparent identity management systems and procedures Smart devices and data sharing: safeguarding personal information within the CJS Fostering best practice through training and independent review Mike Payne, CTO and Director of Architecture and Strategy, Ministry of Justice IT
10:50	Coffee Break and Networking
11:20	UK Border Agency: Minimising the Risk of Storing and Sharing Information Context for change: what is the UK Border Agency? Data-warehousing and data sharing: securing and safeguarding biometric-data Cyber-security: secure networks - protecting personal information Information assurance: robust authentication procedures and identity management processes Creating clear, credible lines of responsibility and accountability Cultural change: teams of people enable systems to function Ben Grinnell, IST Director, UK Border Agency
11:45	Best Practice for Ensuring Sustainable Information Security Compliance Culture, awareness and ownership – key elements in ensuring an effective management system External certification to confirm compliance and provide assurance Developing systems that accommodate change and support future requirements Mark Dougan, Account Manager, Lloyds Register Quality Assurance Ltd
12:05	Questions and Answers Session
12:40	Lunch and Networking
13:40	NHS Connecting for Health: Protecting Personal Data Minimising risk: putting in place systems and processes to protect the sharing of data Realising lasting, change: training, standards and procedures Effective g governance measures: accountability and compliance Dr Mark Ferrar, Director of Infrastructure Architecture, NHS Connecting for Health
14:05	Information Security : Balancing Risk with Business Outcomes Holistic view is necessary Information at the heart of decisions Good Practice Guides as the framework Paul Briault, Head of Public Sector, RSA
14:25	Coffee Break and Networking
14:55	ContactPoint: Robust Standards to Secure Data Background to ContactPoint Risk management : routine training to foster a culture that respects and secures personal data Information assurance: ensuring the security of the information and the integrity of the user Data handling procedures – checks and balances: regular, independent reviews, inspection processes Data sharing standards: providing limited, anonymised information sets Christine Goodfellow, Programme Director, Improving Information Sharing and Management (IISaM) Programme, Department for Children, Schools and Families
15:20	Security, Integrity, Confidentiality and Data Handling Towards effective data handling: developing clear standards and practices Identity management: with whom are you sharing data? Overcoming internal fraud through vetting and security checks Process integrity: well-trained staff, clear, procedures, standards and practices Tony Collings, Principal Director, Electronic Commerce Associates
15:40	Questions and Answers Session
16:15	Close

*programme subject to change without notice