Friday, 6 September 2019

Ceisteanna (1747, 1748)

Jack Chambers

Ceist:

1747. Deputy Jack Chambers asked the Minister for Rural and Community Development if there are dedicated, professionally trained and certified cybersecurity staff in relation to cybersecurity protocols under the remit of his Department; if such specialists are being recruited; if his Department maintains a risk register of security breaches; if so, if there are staff that analyse, log and maintain such a register; and if he will make a statement on the matter. [36234/19]

Amharc ar fhreagra

Jack Chambers

Ceist:

1748. Deputy Jack Chambers asked the Minister for Rural and Community Development if his Department has a disaster recovery plan, business continuity plan and or disaster recovery sites; and if he will make a statement on the matter. [36250/19]

Amharc ar fhreagra

Freagraí scríofa (Ceist ar Rural)

I propose to take Questions Nos. 1747 and 1748 together.

My Department's ICT managed service is provided by the Minister for Public Expenditure and Reform through the Office of the Government Chief Information Officer (OGCIO).

The OGCIO implements a multi-layered approach to cyber security and to protecting ICT systems, infrastructures and services. The OGCIO builds resilience into its ICT solutions as a matter of course, and has disaster recovery plans and sites in a Government Data Centre. Disaster recovery forms part of the overarching Business Continuity framework for their clients including my Department.

The OGCIO also has specialist staff, with the appropriate skills and expertise, tasked with managing cyber security. The OGCIO implements a defence-in-depth security strategy which is achieved through the effective combination of People, Processes, and Technology to support the implementation of appropriate security measures and provisions, including monitoring and analysing logs.

Our external line-of-business systems are secured behind firewalls and utilise industry-standard security protocols with disaster recovery functionality backed up by a dedicated external ICT infrastructure team. Business continuity and disaster recovery are supported through backups of data performed on a daily, weekly and monthly basis, with live replication of systems to ensure backup systems can be utilised should a problem occur. Backups are also stored off-site on a regular basis.

Finally, my Department has a comprehensive risk management structure in place and works closely with our partners in the OGCIO and external providers to manage risks relating to the availability of IT systems and data.