HMG departments and agencies now put out to tender proposals to reform working practices as a matter of course. Key terms of reference within the proposals will focus upon the use of mobile computing and private sector partners will seek to advise upon and offer solutions that facilitate mobile working. Within the UK care and justice environment, for example, such initiatives seek to allow designated staff to work in the community directly with offenders and ex-offenders, focusing on key government objectives in order to cut reoffending and reduce the number of people in custodial and non-custodial sentence plans. However, the innovative, pragmatic approaches to security and obvious efficiency gains of such mobile working projects are being vetoed by HMG security and accreditation regimes which have a much lower risk appetite.
HMG security and accreditation policies and guidance such as the Security Policy Framework, including: Information Assurance Standards, Good Practice Guides and Architectural Patterns; and, the Public Services Network (PSN) and End User Devices Security and Configuration Guidance all provide the information and mandates needed to assess and implement a risk balanced approach deploying mobile devices within a wider technical solution.
“HMG security and accreditation schemes, when misinterpreted, used out of context or not used to correctly analyse the business requirements under the relevant threat model, can be seen as the nay-sayers of the risk management lifecycle and fail to move with the times. The irony is that in taking such a risk averse stance government security standards authorities are failing to fulfil their remit. They are failing to empower public servants, failing to encourage public/private partnerships, failing to embrace more efficient and cost effective ways of working and are ultimately failing the taxpayer by shackling staff to their desks,” states Nigel Wilkinson, Lead Consultant, Auriga.
Nigel further states: “With the introduction of the new Government Classification Scheme on 2 April 2014, this risk averse approach is only likely to increase, as data and risk owners are already struggling to understand the boundaries of technical control to be implemented on traditional systems let alone the concerns they may have with BYOD and Mobile Devices. A recently released FAQ describing management activities concerning information risk at the new ‘OFFICIAL’
Auriga Consulting Ltd (Auriga) is an expert consultancy specialising in Data Management, Information Assurance, Corporate Governance, Business Process Modelling, Analysis, ICT and Security. We advocate data as the most valuable part of your business and combine superior security and assurance knowledge with a wealth of business management consultancy and efficiency skills. Using a unique set of methodologies we embed security by overlaying it onto business process and analysing data.
Auriga reported a turnover of more than £1million in its first full year of trading, cementing its reputation as one of the most dynamic and versatile solutions providers in the marketplace today. We have worked on some of the most demanding projects in the UK for customers from the public and private sectors, advising upon the architectures and business processes adopted for the G-Cloud project, NHS and social services databases, and leading the BSi’s largest audited UK organisation successfully through ISO 27001. To find out more, please go to www.aurigaconsulting.com or follow us on Twitter @AurigaConsult.