Dáil Éireann Debate, Tuesday - 21 November 2023
537. Deputy Louise O'Reilly asked the Minister for Health how many staff members in his Department have received training in cyber security in the past three years; what types of cyber security training programmes have been conducted; if he will provide details of these programmes; and of the staff trained in cyber security, how many have obtained accredited cyber security qualifications. [50800/23]
View answer538. Deputy Louise O'Reilly asked the Minister for Health the expenditure on cyber security consultants and companies within his Department in the past three years; if his Department engaged in cyber security audits with outside firms in the past three years; if so, the expenditure on same; the amount his Department spent on cyber security consultants and companies in the past three years; and for a breakdown of these expenditures by year and type of service provided [50818/23]
View answer539. Deputy Louise O'Reilly asked the Minister for Health if there are any ongoing contracts or commitments with cyber security firms; and if details can be provided [50836/23]
View answer540. Deputy Louise O'Reilly asked the Minister for Health if his Department has a policy and plan in place to address a ransomware attack and restore his Department's IT systems. [50854/23]
View answerI propose to take Questions Nos. 537, 538, 539 and 540 together.
My Department implements a multi-layered approach to cyber security and to protecting our ICT systems, data and infrastructure.
Comprehensive arrangements are in place to support ICT security through specialised software to mitigate against malicious threats, and to provide early warning notifications of same. Incident response plans are in place and systems are fully monitored, providing for a rapid response to any notified incidents. We also receive regular advice on these matters from the relevant authorities including the National Cyber Security Centre and the Office of the Government Chief Information Officer.
Contracts are in place with external parties to provide preventative controls and expertise. The expertise and qualifications of the staff in our ICT Unit covers a broad range of capabilities including Computer Science, Application Development and Cyber Security. The Deputy will understand that it is not the practice, for sound operational and security reasons, to disclose the detail of these arrangements.
All staff working in my Department are provided with a structured Cyber Security Awareness Training programme. Regular cyber security awareness communications are also issued to all staff.
