§ Mr. ColvinTo ask the Secretary of State for Defence what steps his Department has taken and is taking to improve the security of its computer systems.
§ Mr. Archie HamiltonFor unclassified but sensitive systems Departments are expected to follow Central Computer and Telecommunications Agency (CCTA) guidance covering all aspects of IT security, and the application of this has been tightened recently. CCTA advice is kept under continuous review and is based upon the analysis of security risks and requirements using structured methods such as the CCTA risk analysis and management methodology (CRAMM), which has also been made commercially available.
For classified systems more stringent conditions apply. MOD computer security staff continuously review the Department's computer security policy and its application to ensure that constant and adequate levels of protection are provided for those systems processing or holding classified material. In the interests of national security the nature and extent of the security countermeasures utilised to protect classified MOD computer systems cannot be revealed.