Cybersecurity Policy

For operational and security reasons, public bodies are advised by the National Cyber Security Centre not to disclose details of systems and processes which could in any way compromise cyber security measures in place in those bodies. In particular, it is not considered appropriate to disclose information which might assist criminals to identify potential vulnerabilities in departmental cybersecurity arrangements. This limits the level of information which can be provided in the public domain in relation to cyber security training and/or qualifications.

All staff working in my Department are provided with periodic cyber security awareness communications. This is supported by information and awareness sessions in relation to cyber security which are provided regularly by staff of the ICT Unit or with support from external cybersecurity experts.

The ICT Unit in my Department is currently in the process of reviewing its internal cyber security training offering to Departmental staff and this will continue to be updated in line with best practice guidance.

In relation to specialist cyber security training, Departmental staff within the ICT Unit who hold responsibilities in relation to cyber security and related technical areas areas undertake a range of professional and related training courses in relation to cyber security.

In this regard, Departmental staff are provided with financial and other support (for example paid study leave) to support them to undertake ongoing professional development. While it is not appropriate for security and confidentiality reasons to disclose details in relation to individual staff members, examples of specific training areas undertaken by staff in recent years have included structured taught courses in Cyber-Security and Ethical Hacking.