| answer text |
<p>Like all major government departments, the Home Office assesses threat from a range
of different threat actors. The department uses this information to inform its risk
assessments and action plans, both operational and tactical. Risk assessments are
updated periodically and whenever a change in the perceived threat is noted.</p><p>The
Home Office utilises a tiered system of risk assessment covering tactical (system
level), operational (business level) and strategic (departmental level) cyber security
risks. The Executive Committee has direct visibility of the Department’s strategic
cyber security risk and mitigation plans.</p><p>The Home Office deploys a range of
controls designed to provide defence in depth for our systems, which are modelled
against the advice provided by the National Cyber Security Centre and the Government’s
Minimum Cyber Security Standard. The status of these controls is under continual review
by the Office of the Chief Information Security Officer, which routinely works with
delivery teams to ensure that controls are practical, applicable and effective.</p><p>Robust
cyber security capability requires continued funding and the availability of suitably
qualified and experienced personnel. The Office of the Chief Information Security
Officer is resourced for the requirements identified for FY 2021-22, balancing the
need for investment against cost effectiveness for the tax payer.</p>
|
|
