Friday, 6 September 2019

Questions (440)

Jack Chambers


440. Deputy Jack Chambers asked the Minister for Education and Skills if there are dedicated, professionally trained and certified cybersecurity staff in relation to cybersecurity protocols under the remit of his Department; if such specialists are being recruited; if his Department maintains a risk register of security breaches; if so, if there are staff who analyse, log and maintain such a register; and if he will make a statement on the matter. [36226/19]

View answer

Written answers (Question to Education)

The Department’s cybersecurity services are primarily provided by expert external service providers. In addition to this, personnel from the Department’s ICT unit hold qualifications and attend relevant ICT training courses.  A risk register is maintained of ICT risks and security breaches are handled as part of the Incident Management process and in accordance with data breach guidance from the Data Protection Unit within the Department.  Risks are continuously logged in the risk register and the risks are analysed as part of the operation of the Information Security Governance Committee whose purpose is to oversee the implementation, ongoing operation and governance of effective measures to protect the Department’s information held on ICT systems.  The committee is chaired by a Management Board member and is comprised of Management Board members, Principal Officers and Assistant Principal Officers.