FOI requests reveal security training gaps
Despite high-profile breaches and a series of recommendations, government departments are still failing to meet minimum IT security training requirements.
Many government departments are still failing to meet minimum IT security training requirements, according to responses released today to a Freedom of Information Act (FOI) Act request.
Following numerous high-profile data breaches, a review of data handing procedures by Cabinet Secretary Gus O'Donnell published in February last year, committed all departments to the introduction of mandatory learning risk awareness training.
Each department was should have put the additional training in place by October 2008. But the FOI enquiries made the following month by learning provider Firebrand Training found that several departments had yet to implement the rules.
The Department for Children, Schools and Families confirmed it had no mandatory IT security training in place at all. PC users are only required to acknowledge their compliance with the department's security and acceptable use policies when they login.
And the Department for Communities and Local Government reported that employees are issued with an induction pack upon employment, but do not receive any formal training, either via learning tools or traditional classroom-based learning methods.
The report also stated staff that handle personal data must undergo annual refresher training. But according to the FOI responses, only two out of 14 departments said they had delivered on this mandate.
The Foreign & Commonwealth Office, for example, does operate a five-year refresher training policy. All departments confirmed plans to offer such classes during 2009. But still eleven departments revealed they had no form of refresher training currently in place.
Get the ITPro. daily newsletter
Receive our latest news, industry updates, featured resources and more. Sign up today to receive our FREE report on AI cyber crime & security - newly updated for 2024.
Robert Chapman, Firebrand Training chief executive, said it was a disappointing - but unsurprising - indication that the government was still failing in its commitments to data protection.
"The education of employees is essential to any organisation's security," he said, adding: "We rely far too heavily on IT departments. It is clear that inadequate training and inconsistency between departments has produced a naivet among government employees."
A 25-year veteran enterprise technology expert, Miya Knights applies her deep understanding of technology gained through her journalism career to both her role as a consultant and as director at Retail Technology Magazine, which she helped shape over the past 17 years. Miya was educated at Oxford University, earning a master’s degree in English.
Her role as a journalist has seen her write for many of the leading technology publishers in the UK such as ITPro, TechWeekEurope, CIO UK, Computer Weekly, and also a number of national newspapers including The Times, Independent, and Financial Times.