Information Security: Summary Report

Background

Information is at the heart of the operation of any organisation. It must be held securely because it can be sensitive, commercially confidential or subject to legal constraints. At the same time there are increased and new threats as organisations and individuals seek to access data for criminal or malicious reasons.

Scope

The review focussed on identifying and evaluating the corporate approach to information security across the States and within a sample of Departments.

A detailed report has been issued to management, recommendations have been agreed and steps are being taken to implement those recommendations.

Conclusions

The States of Jersey are embarking on an ambitious reform programme, re-engineering the way services are delivered, including an ambitious e-government programme. Changes to ways of working, changes to information systems, increased outsourcing and greater use of the internet all increase the risks of information security breaches.

More needs to be done to move information security from being seen as primarily a technical issue to one of importance to everyone. The States need to be confident that:

• a new, inclusive and corporate approach to information security is adopted so that information security is embedded in ways of working throughout the States; and
• sufficient appropriate skills and resources are in place to manage the threats and vulnerabilities.