This review, announced by the ministry’s Chief Executive, Brendan Boyle, follows on from a number of high-profile security breaches.
These breaches occurred when a blogger was able to access thousands of personal files, including background about children at risk, adoption arrangements, foster parents, and citizens that owed money to the ministry.
This data was accessed from kiosks managed by Work and Income New Zealand (WINZ) under the auspices of the Ministry of Social Development. This access exposed major gaps in how citizen data is managed, as well as vulnerabilities across the system.
The Ministry of Social Development’s information security review is being led by an independent accounting firm. This firm will examine computer network security in two phases, according to Brendan Boyle.
“The review will happen in two phases,” he said. “The first will deal with the immediate issue regarding the security of our public kiosks.”
As a start, the agency will look more closely at how and why the latest security breaches occurred, and remedial steps that need to be taken.
The second phase involves taking a broader look at security across all the ministry’s information technology systems. This review will examine current policies, as well as governance and cultural issues.
“This second phase will take longer and more work needs to be done on the scope of this part of the review. Our immediate aim is to resolve any security problems and restore public confidence in our systems,” Mr Boyle said.
Ministry officials noted that, following on from breaches at compromised kiosks, staff took “immediate steps” to secure systems. They closed down 700 kiosks and also locked vulnerable servers. Overall administration is supported by 1500 servers.
Staff also established that information in one server, the National Accounting Centre server, was more readily accessed. This server contained information about invoices. Some of these invoices held private client information as part of explanatory notes.
In other developments, New Zealand’s Minister for Social Development, Paula Bennett, noted that it was “disturbing” that an IT company had identified a major security hole in WINZ’s systems more than a year ago.
However, these concerns were not addressed at the time. The most recent breaches reflect on earlier red flags, Minister Bennett observed. “What we now need to work out is was [the report] acted on, how was it acted on and obviously it wasn’t well enough or we wouldn’t be in this situation today.”
---
Autor(en)/Author(s): Shahida Sweeney
Quelle/Source: futureGov, 16.10.2012
Bitte besuchen Sie/Please visit:
