funsec mailing list archives
RE: Oops
From: "David Harley" <david.a.harley () gmail com>
Date: Mon, 17 Dec 2007 14:04:50 -0000
I hazarded a guess in November re the HMRC snafu that:
I'd guess that the "public face of government" doesn't know about the quality of the encryption. There are applicable guidelines and standards prescribed by central government, but they won't necessarily even be accessible at junior (or even senior) level in a specific department. The UK government (in the sense of the permanent establishment rather than the prevailing party-in-power) has an entrenched culture of secrecy which often works against it.
Today, I read in the Register that: "HMRC restricted details of its security procedures to senior officials, it has emerged, just weeks after the department pilloried a junior official for loading the UK's child benefit database onto CDs which were then lost. The department had a detailed manual covering procedures for handling the benefits database and other sensitive information. However, the manual itself was considered too sensitive to be widely distributed, so it was restricted to civil servants only, The Guardian reports." Sigh... More at http://www.theregister.co.uk/2007/12/17/hmrc_manual/. -- David Harley AVIEN Administrator: http://www.avien.org http://www.smallblue-greenworld.co.uk _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- RE: Oops, (continued)
- RE: Oops David Harley (Nov 23)
- RE: Oops David Harley (Nov 21)