Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Failure to escalate MSD fault reports 'slack and sloppy' -- CEO

Stephen Bell | Nov. 5, 2012
Security risks in the Ministry of Social Development's kiosks, unambiguously identified by a team from Dimension Data subsidiary security-assessment.com, in April last year were not referred up to a manager in the ministry of an appropriate level to make a decision on repairing the vulnerability, the report by Deloitte into the breach indicates.

Computerworld asked whether further attempts at accessing information on the network without authority would be subject to criminal sanction, bearing in mind that Section 252 of the Crimes Act, prohibiting unauthorised access to a computer system, has a subsection stipulating that the clause "does not apply if a person who is authorised to access a computer system accesses that computer system for a purpose other than the one for which that person was given access." This, arguably would apply to any beneficiaries who were allowed to access MSD terminals to pursue their job search or eligibility for benefits.

MSD chief legal advisor Rupert Ablett-Hampson said he is sure a way could be found of prosecuting people for such access if it were deemed necessary.

Institute of IT Professional commends report

"The first report into the MSD kiosk debacle doesn't contain any significant surprises, however does confirm the underlying issues around the culture towards security in the Ministry and the failure of IT governance," says IITP CEO Paul Matthews.

"As was predicted when the breach was notified, and the report makes clear that it should never have happened and if good project management and IT governance layers were in place, the lack of action when issues were highlighted wouldn't have occurred.

"This incident highlights the need for a greater focus on IT governance and professional accountability in our profession - we look forward to continuing dialog with Government around more widespread implementation of independent professional certification of senior IT Professionals throughout Government.

"The handling of this situation should be commended, however. The Ministry acted fast to identify and isolate the issue, commissioned independent reports into what happened (and didn't try to hide the findings - even where damning) and most importantly, have set the scope of the second report to look at the contribution of the surrounding cultural issues towards security and related matters, which we believe will need to change. So a good response thus far, but the true test will be in what the Ministry does about it."

 

Previous Page  1  2 

Sign up for CIO Asia eNewsletters.