RE: Oops

["David Harley" <david.a.harley () gmail com>]

I hazarded a guess in November re the HMRC snafu that:

> I'd guess that the "public face of government" doesn't know 
> about the quality of the encryption. There are applicable 
> guidelines and standards prescribed by central government, 
> but they won't necessarily even be accessible at junior (or 
> even senior) level in a specific department. The UK 
> government (in the sense of the permanent establishment 
> rather than the prevailing party-in-power) has an entrenched 
> culture of secrecy which often works against it. 

Today, I read in the Register that:

"HMRC restricted details of its security procedures to senior officials, it
has emerged, just weeks after the department pilloried a junior official for
loading the UK's child benefit database onto CDs which were then lost.

The department had a detailed manual covering procedures for handling the
benefits database and other sensitive information. However, the manual
itself was considered too sensitive to be widely distributed, so it was
restricted to civil servants only, The Guardian reports."

Sigh...

More at http://www.theregister.co.uk/2007/12/17/hmrc_manual/.


--
David Harley
AVIEN Administrator: http://www.avien.org 
http://www.smallblue-greenworld.co.uk  


_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.