Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Request Approval to Publish Security Breach Policy #200

Open
warmanaMOJ opened this issue Aug 13, 2021 · 5 comments
Open

Request Approval to Publish Security Breach Policy #200

warmanaMOJ opened this issue Aug 13, 2021 · 5 comments
Assignees
@cybersquirrel

Comments

@warmanaMOJ
Copy link
Contributor

Hello @cybersquirrel

(cc @L-Crosby FYI )

Please may I request approval to publish new Security Breach Policy documentation? The material has been supplied by Group Security; the current draft (preview here) has been checked by them.

A full set of the changes proposed in this publication can be seen here.

Many thanks.
@cybersquirrel
Copy link
Contributor

Hello,

Thanks for sharing this. A few comments:

  • I think this doc should be approved not just by me, but should go to the ISR board, as it is setting out (at a high level admittedly) sanctions for breaching policy, plus the mechanism that this will flow through (i.e. that each business area sets its own threshold and mechanism within the outline framework).
  • Style: why is it a 'corporate security breach policy' and not 'security breach policy'?
  • Minor: I think we should link to the things we are saying need to be complied with - e.g. the Civil Service Code of Conduct.
  • Minor: I don't understand the "particularly Palace of Westminster passes" as those aren't ours; should this be phrased as "including passes provided by other organisations, such as Palace of Westminster passes"?
  • Sharing IT passwords is a tricky one, given we currently force job share users to do this. How about 'unauthorised password sharing' to cover this scenario, and things where we have single accounts for things like social media?

Could we discuss the approval piece please?

Many thanks,

Jon.

@warmanaMOJ
Copy link
Contributor Author

Hello @cybersquirrel

Thank you for your feedback.

A fresh version of the draft content has been uploaded, addressing your much appreciated points. For example, the explanation regarding Palace of Westminster passes is included. The changes have been checked with Group Security.

Thanks again.

@cybersquirrel
Copy link
Contributor

Was this change deployed? I am happy with it.

@warmanaMOJ
Copy link
Contributor Author

Hello @cybersquirrel

(FYI @L-Crosby )

Following the recent feedback reviews, we've updated the draft content. Please may I request approval to publish this content?

A full set of the changes introduced in this publication may be seen here.

Many thanks.

@L-Crosby
Copy link
Contributor

Approved.

warmanaMOJ added a commit that referenced this issue Jan 12, 2022
@warmanaMOJ
Publication approved: #200
f3222c1
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@cybersquirrel cybersquirrel

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@warmanaMOJ @cybersquirrel @L-Crosby