By Gordon Smith
The Department of Defence has become the first government department in
the State to be certified for best practice to international standards
in information security.
Independent audits now show that the Department of Defence conforms to
the BS 7799 and IS 17799 standards which specify the requirements for
establishing, operating, maintaining and improving an information
security management system.
The certificate was formally presented to Michael Howard, secretary
general of the Department of Defence, and Greg McNamee, the director of
IT, at a ceremony held at the departments headquarters in the Phoenix
By having the award, the Department of Defence can show that adequate
security controls are in place to guarantee that its information
especially anything of a sensitive nature is protected and in line with
The process began last year and was conducted by Certification Europe,
which awards the information security standard for effective e-security
and physical security measures. The department also engaged the
Dublin-based security consultancy Sysnet to assist with the
Michael Brophy, CEO of Certification Europe, said that protecting an
organisations information assets is no longer just about securing
hardware and software. Its clear that the services, processes and assets
provided also need to be secure and certified as such. By achieving
certification to IS17799/BS7799 the Department of Defence demonstrates
its belief that information security is about having the best staff
awareness and processes as well as solid technical management, he said.
Brophy added that all organisations should put in place a comprehensive
security management policy. The department achieved this when it was
awarded the BS7799 standard; however, the external and internal threats
to security systems are constantly changing so it is important that such
processes and procedures are evolving too, he pointed out.
The departments certification will last for three years. This includes
being monitored every six months to ensure that its security system
still operates according to the standards. At the end of this period,
the department must undergo recertification to remain compliant.
Subscribe to InfoSec News