In 2006 my Department published a comprehensive set of IT and Information Systems security polices and standards, covering a wide range of issues including the security of portable electronic devices. These policies are published on my Department's Intranet and are presented to all new entrants to my Department as part of an induction training programme.
One of these policies concerns the implementation of laptop encryption and consequently a project is already well underway within my Department to apply whole disk encryption to all laptops. The majority of existing laptops have already been encrypted and the target is to have all remaining laptops encrypted by year-end. All new laptops are being encrypted before they are issued to officers. In addition encrypted USB flash drives are provided to officers who have a requirement to carry data on such devices and my Department is hoping to introduce centralised USB port control on PCs and laptops in 2009.
Many officers within my Department use Blackberry devices for access to email while out of the office. It is my Department's policy to invoke the facility to remotely erase all data from a BlackBerry device as soon as it is reported missing, and immediately cancel the subscription with the service provider. Last year my Department, conducted a comprehensive review of ICT security across the Department and its Offices. The findings of the report now form a significant part of my Department's new ICT Strategy (2008-2010) which focuses on ensuring continuity of ICT availability including increased security awareness of users, additional process and technological controls and ongoing inclusion of security considerations as part of a project's planning process. This strategy is available on my Department's website.
My Department recognises that ensuring the security of sensitive and personal information is an ongoing process. Accordingly my Department will review and update its policies, procedures and technologies as deemed necessary to ensure continuous improvements in securing such data. A key component of information security is user awareness and so a security awareness programme is currently underway in my Department, involving newsletters, workshops and presentations to staff along with reminders of ICT usage policies and regulations.