The Dartford Bridge was closed, again, because of high winds, so I had another long journey to the office, but still arrived in good time for my 30 seconds of fame - being interviewed about the Socitm role for Thursday's Newham Today intranet newscast.
The Chief Executive chaired the RMEPG (Risk Management & Emergency Planning Group) meeting. Unfortunately, our corporate risk manager was a little late because of the gridlock caused by the Dartford Bridge closure. Chris suggested we start future meetings at 11, so she has time to get in! We agreed to revisit our readiness for the long overdue flu pandemic.
The group also agreed our ICT Security principles, all of which are supported by detailed policy based-on the ISO 27001 standards:
1. One hundred percent security is impossible, 99% security may be possible, but is too expensive in terms of effort, money, time and productivity. However good our systems, we are always reliant upon human nature that may result in security being compromised, whether through negligence or criminal intent. It is therefore essential that stakeholders understand the need for vigilance, and that breaches can be rapidly identified and repaired.
2. The goal is reasonable and adequate security with reasonable and sustainable effort. How we define "reasonable" depends on the value of the information we are aiming to protect. We have to understand what we are protecting and the realistic threats. This can only be achieved by carrying out comprehensive risk assessments in the areas of confidentiality, availability and integrity breaches.
3. Information should only be shared through systems specifically designed for the purpose.
It is recognised that in the short term, there may be urgent requirements to share information, although an appropriate information-sharing system is not available. For the time being, the information security officer will grant temporary (time-limited) permission to share information, using other secure mechanisms such as secure FTP (assuming compliance with legislative and ethical requirements) in such cases.
4. The best security is provided by a defence in depth strategy (several layers of security to counter the threats and vulnerabilities).
This afternoon I attended a joint Socitm/Intellect Local Government Suppliers Group meeting at Russell Square. Before Christmas, I agreed to give a 45-minute presentation at this meeting on local government views on service iriented architecture (SOA)... then forgot all about it.
I did some frantic preparation, yesterday, based on material that Microsoft provided me, linking SOA to innovation and ICT/business partnerships. The presentation was much less than 45 minutes, but there were plenty of questions, which enabled me to expound my views about using ICT effectively.
In the evening I attended a CW500 meeting. John Suffolk - the Government CIO - was the speaker. John was actually quite inspiring. He spoke about "digital natives" - anyone born since 1984 - who, now they are moving into business, will totally change the ways we work. Proclaiming ignorance of ICT, he said, is akin to admitting that you can't read or write.
He made a very good point about why technology doesn't mean that all systems have to be constantly re-engineered or upgraded, referring to ATMs, which are little changed since their inception in the 1970s.