Dáil Éireann Debate, Tuesday - 18 October 2022
499. Deputy John Lahart asked the Minister for Social Protection the total spend by her Department and the agencies under her remit on cybersecurity measures since 2019 to date in 2022; and if she will make a statement on the matter. [51180/22]
View answerMy Department has a dedicated cyber security function to manage the security of the Department’s network and information assets. My Department takes a risk-based approach to cyber security and has achieved the ISO 27001:2013 for Information Security. This standards-based approach enables teams to proactively identify areas where security can be improved, and these security improvements are funded from my Department’s overall ICT budget.
The Department implements a security-by-design and defence-in-depth approach to cyber security. Each stage of the project lifecycle from business case, funding approval, project initiation and service introduction through to the development and implementation of ICT systems and networks must pass through numerous steps to satisfy cyber security and information security policies. Accordingly, it is not possible to separately identify the cyber security and information security components of much of the IT spend for the Department or the agencies under its aegis, because security is designed into how systems and networks are developed, built and managed.
I am satisfied that my Department’s technical staff operate and monitor all of the Department’s systems to the highest levels and closely engage with experts in the Office of the Government Chief Information Officer (OGCIO) and the National Cyber Security Centre (NCSC) to ensure that best practices are followed as it relates to all aspects of cyber security. Similarly, agencies under the Department's aegis avail of central shared services which include cyber security services.
