§ Dr. GibsonTo ask the Secretary of State for Defence what steps he takes to ensure the security of information held on, or transmitted via, his Department's computer system. [132145]
§ Dr. Moonie[holding answer 24 July 2000]: The Defence Manual of Security mandates the baseline security requirements, which must be met before Communications and Information Systems are allowed to handle official information. Before any IT system is allowed to operate it must obtain a security approval known as accreditation from the security authorities. Electronic protective measures that are employed include the use of firewalls to protect systems, the identification and authentication of users and audit of user activities. All Ministry of Defence staff are required to read and agree to comply with the Security Operating System for the system that they will use.
The Ministry of Defence is continuously reviewing and seeking ways to improve, both the procedural and electronic security of its systems.