§ Mr. Colvin
To ask the Secretary of State for Northern Ireland what steps his Department has taken, and is taking to improve the security of its computer systems.
§ Mr. Cope
For unclassified but sensitive systems, the Northern Ireland Departments and the Northern Ireland Office follow the Central Computer and Telecommunications Agency (CCTA) guidance covering all aspects of IT security. CCTA advice is based on analysis of security risks, requirements and the identification of countermeasures using the CCTA risk analysis and management methodology (CRAMM). The application of CRAMM computer security is kept under continuous review by CCTA and the Northern Ireland Departments.
Following a recent review of all unclassified but sensitive systems a number of additional security countermeasures have been introduced and action plans have been drawn up to apply further improvements where appropriate.
In addition the central information systems division, department of finance and personnel provides central support, advice and training on CRAMM to information technology staff in the Northern Ireland Departments. More stringent conditions apply to classified systems.