It’s official: Department of Defence gets secure

8 Jan 2007

The Department of Defence has become the first government department in the State to be certified for best practice to international standards in information security.

Independent audits now show that the Department of Defence conforms to the BS 7799 and IS 17799 standards which specify the requirements for establishing, operating, maintaining and improving an information security management system.

The certificate was formally presented to Michael Howard, secretary general of the Department of Defence, and Greg McNamee, the director of IT, at a ceremony held at the department’s headquarters in the Phoenix Park.

By having the award, the Department of Defence can show that adequate security controls are in place to guarantee that its information – especially anything of a sensitive nature – is protected and in line with best practice.

The process began last year and was conducted by Certification Europe, which awards the information security standard for effective e-security and physical security measures. The department also engaged the Dublin-based security consultancy Sysnet to assist with the implementation.

Michael Brophy, CEO of Certification Europe, said that protecting an organisation’s information assets is no longer just about securing hardware and software. “It’s clear that the services, processes and assets provided also need to be secure and certified as such. By achieving certification to IS17799/BS7799 the Department of Defence demonstrates its belief that information security is about having the best staff awareness and processes as well as solid technical management,” he said.

Brophy added that all organisations should put in place a comprehensive security management policy. “The department achieved this when it was awarded the BS7799 standard; however, the external and internal threats to security systems are constantly changing so it is important that such processes and procedures are evolving too,” he pointed out.

The department’s certification will last for three years. This includes being monitored every six months to ensure that its security system still operates according to the standards. At the end of this period, the department must undergo recertification to remain compliant.

By Gordon Smith