Report: MSD security flaws not widespread
Thu, 06 Dec 2012 12:36p.m.
An investigation has cleared the Ministry of Social Development (MSD) of
widespread security flaws in its computer systems, but other issues have been
identified in its approach to security.
MSD ordered an investigation in October after blogger Keith Ng revealed that
public computer kiosks in Work and Income offices could be used to access
sensitive information, including details of children in care, foster parents,
lists of debtors and the name of a person who committed suicide.
The first phase of a report by Deloitte, released last month, found security
was not adequately designed into the kiosk project, and problems identified by
penetration testing were not adequately escalated or followed up.
The second phase of the report, released by MSD on Thursday, says the same
issues around security and follow-up were not evident across the ministry,
although its escalation processes need to be improved.
At the time the kiosks were tested, MSD's policies and processes didn't
require all security risk exposures to be escalated to management level - and
that remains an issue across the ministry.
The report says there are also other weaknesses in MSD's approach to security
that pose a risk, although "these weaknesses are not unusual for New Zealand
It recommended assigning leadership and accountability for information
security at a senior level - prompting MSD chief executive Brendan Boyle to
announce a new senior management position of chief information security officer
The new role will support the implementation of all of the recommendations
from the two Deloitte reports, with recruiting to begin within the next few
weeks, Mr Boyle said.
Mr Boyle also announced on Thursday that MSD is negotiating with a preferred
supplier to replace the computer kiosks with workstations "completely separate"
from the ministry's IT systems.
"The workstations will only be introduced once we're satisfied that they are
as secure as possible. All going well, we aim to roll them out from May next
year," he said.
MSD is also taking part in a review of all publicly accessible computer
systems in the public sector, which was sparked by the kiosk flaw
Post a Comment
Before commenting, please take the time to read our moderation guide
(Won't be published)
Prime Minister John Key has labelled the Labour-led Opposition the "devil beast"...
Police had to physically push anti-poverty protestors back after they tried to b...
Tonight comes the Budget announcement you didn't hear yesterday – Food for Schoo...
One major issue heading into the Budget was child poverty....
The Police Commissioner Peter Marshall has threatened to discipline any staff wh...
Copyright © 2013 MediaWorks TV. All Rights Reserved.