° °
  • Firstline - TV3 New Zealand


    Weekdays 6am

  • 3 News - TV3 New Zealand

    3 News

    Nightly 6pm

  • Campbell Live - TV3 New Zealand

    Campbell Live

    Weekdays 7pm

  • 3rd Degree - TV3 New Zealand

    3rd Degree

    Wednesdays 8.30pm

  • The Paul Henry Show - TV3 New Zealand

    Paul Henry

    Starts 7th April

  • Three 60 - TV3 New Zealand

    Three 60

    Sundays 9.30am

  • The Nation - TV3 New Zealand

    The Nation

    Sat 9:30am / Sun 10am

Report: MSD security flaws not widespread

Thursday 6 Dec 2012 12:38 p.m.

An investigation has cleared the Ministry of Social Development (MSD) of widespread security flaws in its computer systems, but other issues have been identified in its approach to security.

MSD ordered an investigation in October after blogger Keith Ng revealed that public computer kiosks in Work and Income offices could be used to access sensitive information, including details of children in care, foster parents, lists of debtors and the name of a person who committed suicide.

The first phase of a report by Deloitte, released last month, found security was not adequately designed into the kiosk project, and problems identified by penetration testing were not adequately escalated or followed up.

The second phase of the report, released by MSD on Thursday, says the same issues around security and follow-up were not evident across the ministry, although its escalation processes need to be improved.

At the time the kiosks were tested, MSD's policies and processes didn't require all security risk exposures to be escalated to management level - and that remains an issue across the ministry.

The report says there are also other weaknesses in MSD's approach to security that pose a risk, although "these weaknesses are not unusual for New Zealand organisations".

It recommended assigning leadership and accountability for information security at a senior level - prompting MSD chief executive Brendan Boyle to announce a new senior management position of chief information security officer on Thursday.

The new role will support the implementation of all of the recommendations from the two Deloitte reports, with recruiting to begin within the next few weeks, Mr Boyle said.

Mr Boyle also announced on Thursday that MSD is negotiating with a preferred supplier to replace the computer kiosks with workstations "completely separate" from the ministry's IT systems.

"The workstations will only be introduced once we're satisfied that they are as secure as possible. All going well, we aim to roll them out from May next year," he said.

MSD is also taking part in a review of all publicly accessible computer systems in the public sector, which was sparked by the kiosk flaw revelation.


Others Are Watching

comments powered by Disqus