Linked Data API

Show Search Form

Search Results

1146302
registered interest false more like this
date less than 2019-09-25more like thismore than 2019-09-25
answering body
Cabinet Office more like this
answering dept id 53 remove filter
answering dept short name Cabinet Office more like this
answering dept sort name Cabinet Office more like this
hansard heading Government Departments and Infrastructure: Cybersecurity more like this
house id 2 more like this
legislature
25277
pref label House of Lords remove filter
question text To ask Her Majesty's Government what assessment they have made of the role of privileged access management in protecting the cyber security of (1) government departments, and (2) critical national infrastructure. more like this
tabling member printed
Lord Harris of Haringey remove filter
uin HL17797 more like this
answer
answer
is ministerial correction false more like this
date of answer less than 2019-10-07more like thisremove minimum value filter
answer text <p>Government departments and Critical National Infrastructure organisations are responsible for managing their own cyber risk effectively.</p><p>The high level of importance of privileged access management in cyber security is recognised by the National Cyber Security Centre (NCSC), which is the UK’s national technical authority for cyber security.</p><p>For Government, it is documented in the minimum cyber security standard in items 5 and 7. For Critical National Infrastructure (CNI) it is documented in NCSC’s Network and Information Systems guidance in section B2, and there are specific assessment criteria laid out in section B2.c of the Cyber Assessment Framework for use by cyber security regulators.</p><p>For wider industry sectors and Small and Medium Enterprises, best practice is contained in the NCSC Board Kit and 10 Steps to Cyber Security.</p><p>The Cabinet Office does not require central Government Departments to report all cyber incidents involving the misuse of privileged access credentials and so does not hold this information centrally.</p><p>However, The minimum cyber security standard outlines the communications required by a department when there is a security incident that impacts on sensitive information or key operational services. Therefore departments will only be expected to inform the Cabinet Office of an incident involving the misuse of privileged access credentials that met these criteria.</p><p> </p>
answering member printed The Earl of Courtown more like this
grouped question UIN HL17799 more like this
question first answered
less than 2019-10-07T16:09:03.507Zmore like thismore than 2019-10-07T16:09:03.507Z
answering member
3359
label Biography information for The Earl of Courtown more like this
tabling member
2671
label Biography information for Lord Harris of Haringey more like this
1146303
registered interest false more like this
date less than 2019-09-25more like thismore than 2019-09-25
answering body
Cabinet Office more like this
answering dept id 53 remove filter
answering dept short name Cabinet Office more like this
answering dept sort name Cabinet Office more like this
hansard heading Government Departments: Supply Chains more like this
house id 2 more like this
legislature
25277
pref label House of Lords remove filter
question text To ask Her Majesty's Government what steps they are taking to ensure that best practice in evaluating the cyber security of supply chains is being shared across government departments. more like this
tabling member printed
Lord Harris of Haringey remove filter
uin HL17798 more like this
answer
answer
is ministerial correction false more like this
date of answer remove maximum value filtermore like thismore than 2019-10-08
answer text <p>The government takes supply chain security seriously. The requirement to understand and manage cyber security issues arising from a department’s supply chain is detailed in Item 1 of the Minimum Cyber Security Standard.</p><p>The use of Cyber Essentials in government procurement is set out in Policy Procurement Notice 09/14. Use of Cyber Essentials demonstrates a supplier has taken necessary steps to obtain an appropriate level of cyber security.</p><p>Best practice is promoted through the advice contained in the National Cyber Security Centre and Centre for the Protection of National Infrastructure’s Supply Chain Security guidance.</p> more like this
answering member printed The Earl of Courtown more like this
question first answered
less than 2019-10-08T16:58:02.423Zmore like thismore than 2019-10-08T16:58:02.423Z
answering member
3359
label Biography information for The Earl of Courtown more like this
tabling member
2671
label Biography information for Lord Harris of Haringey more like this
1146304
registered interest false more like this
date less than 2019-09-25more like thismore than 2019-09-25
answering body
Cabinet Office more like this
answering dept id 53 remove filter
answering dept short name Cabinet Office more like this
answering dept sort name Cabinet Office more like this
hansard heading Government Departments: Cybercrime more like this
house id 2 more like this
legislature
25277
pref label House of Lords remove filter
question text To ask Her Majesty's Government how many cyber attacks against government departments have involved the misuse of privileged access credentials. more like this
tabling member printed
Lord Harris of Haringey remove filter
uin HL17799 more like this
answer
answer
is ministerial correction false more like this
date of answer less than 2019-10-07more like thisremove minimum value filter
answer text <p>Government departments and Critical National Infrastructure organisations are responsible for managing their own cyber risk effectively.</p><p>The high level of importance of privileged access management in cyber security is recognised by the National Cyber Security Centre (NCSC), which is the UK’s national technical authority for cyber security.</p><p>For Government, it is documented in the minimum cyber security standard in items 5 and 7. For Critical National Infrastructure (CNI) it is documented in NCSC’s Network and Information Systems guidance in section B2, and there are specific assessment criteria laid out in section B2.c of the Cyber Assessment Framework for use by cyber security regulators.</p><p>For wider industry sectors and Small and Medium Enterprises, best practice is contained in the NCSC Board Kit and 10 Steps to Cyber Security.</p><p>The Cabinet Office does not require central Government Departments to report all cyber incidents involving the misuse of privileged access credentials and so does not hold this information centrally.</p><p>However, The minimum cyber security standard outlines the communications required by a department when there is a security incident that impacts on sensitive information or key operational services. Therefore departments will only be expected to inform the Cabinet Office of an incident involving the misuse of privileged access credentials that met these criteria.</p><p> </p>
answering member printed The Earl of Courtown more like this
grouped question UIN HL17797 more like this
question first answered
less than 2019-10-07T16:09:03.443Zmore like thismore than 2019-10-07T16:09:03.443Z
answering member
3359
label Biography information for The Earl of Courtown more like this
tabling member
2671
label Biography information for Lord Harris of Haringey more like this