HMG Infosec Standard No.1
   HOME

TheInfoList



Click Here for Items Related To - HMG Infosec Standard No.1
OR:
HMG Infosec Standard No.1 on:   [Wikipedia]   [Google]   [Amazon]

HMG Information Assurance Standard No.1, usually abbreviated to IS1, was a
security Security is protection from, or resilience against, potential harm (or other unwanted coercive change) caused by others, by restraining the freedom of others to act. Beneficiaries (technically referents) of security may be of persons and social ...
standard applied to government
computer A computer is a machine that can be programmed to Execution (computing), carry out sequences of arithmetic or logical operations (computation) automatically. Modern digital electronic computers can perform generic sets of operations known as C ...
systems in the UK. The standard was used to assess – and suggest responses to – technical risks to the confidentiality, integrity and availability of government information. The modelling technique used in the standard was an adaptation of Domain Based Security. In confidentiality terms, IS1 did not apply to information which was not protectively marked, but it may still have been used to assess risks to the integrity and availability of such information. The UK Cabinet Office
Security Policy Framework The Security Policy Framework (or "SPF") is a set of high-level policies on security, mainly affecting the UK government and its suppliers. The structure has changed over time. Version 11 was published in October 2013; it has 20 "Mandatory Requirem ...
requires that all ICT systems that manage government information or that are interconnected to them are assessed to identify technical risks. IS1 was the standard method for doing this and was mandated by previous versions of the Security Policy Framework, but other methods may now be used. The results of an IS1 assessment, and the responses to risks, was recorded using HMG Information Assurance Standard No.2, usually abbreviated to IS2, which concerned risk management and was relevant to the accreditation of government computer systems. CESG provides IS1 risk assessment tools.


Example

An HMG IS2 Full Accreditation Statement based on an HMG IS1 ITSHC (IT Security Health Check) by Deloitte and subsequent remediation by Recipero of its interface between Recipero's NMPR and the UK government's PNC, which are systems used to track mobile devices for law enforcement purposes was posted publicly. A public HMG IS2 Full Accreditation Statement based on an actual ITSHC (by Deloitte in this case) puts the auditor's reputation on the line, in a way that a confidential statement does not.


See also

*
Cyber Essentials Cyber Essentials is a United Kingdom certification scheme designed to show an organisation has a minimum level of protection in cyber security through annual assessments to maintain certification. Backed by the UK government and overseen by the ...
* Information assurance * Joint Services Publication 440 *
Infosec Standard 5 HMG Infosec Standard 5, or IS5, is a data destruction standard used by the British government. Context IS5 is part of a larger family of IT security standards published by CESG; it is referred to by the more general Infosec Standard No.1. IS5 is ...


References

{{DEFAULTSORT:Hmg Infosec Standard No.1 Classified information in the United Kingdom Information assurance standards IT risk management