The UK government's well-publicised problems with information security have typically involved public servants losing copies of data, rather than fraudsters gathering it. The child benefit discs carrying 25m people's details, the memory stick with data on every prisoner and prolific offender in England and Wales, the portable hard drive with information on 1.7m armed forces personnel - all unencrypted - are as likely to be lost down the sides of desks than in the possession of criminals.
However, government organisations do have a problem with social engineering attacks on their data, and the potential for these attacks is growing as the state gathers and joins up more information on individuals.
Central government departments and agencies, particularly those with the most valuable data such as the Ministry of Defence, the Home Office and the security services, have become accustomed to attempts to access it. Ken Munro, operational director of security tester NCC SecureTest, says the greatest strength of central government is its Protective Marking System, used to classify material and specifiy how strongly it is protected. "That's where the commercial world could learn volumes from government," he says.
Source : Hack in the box