Governments across the globe have been keen to leverage the benefits that ever enhancing
technology can provide when delivering essential goods and services to their citizens. They do
however, recognise that in order to provide joined up, timely and accurate services which are
tailored to the needs of their citizens they must collect, process and store a range of personal and
sensitive personal information about the very individuals they are employed to serve.
“While the UK is not alone in its successful embrace of ICT, we are one of the leaders in using
technology in the public sector,” *CO09+ and while there are very clear and real advantages to leading
the way, there remain a number of potential risks which necessitate a carefully considered and well
implemented risk management methodology.

Recent exposure of government departments, that have fallen victim to attacks against the
information they process, means that public awareness of the dangers inherent to the electronic
processing of data, has never been so high. As a direct consequence both ministers and senior civil
servants are becoming increasingly aware of the need to maintain effective information assurance in
order to engender trust amongst their citizens; while delivering personalised public sector services in
a secure and effective manner.

Underpinning modern information systems with effective information assurance is by no means a
simple task. The research conducted throughout this project clearly demonstrates the importance
and value of accreditation and its ability to quantify and effectively manage information risk
extremely effectively within the confines of the Ministry of Defence. Unfortunately however the
changing operational environment and evolving nature of communications between the government
and its citizens does not lend itself to the traditional methods of managing information risk.
As public sector departments continue to join-up and share data in order to realise the visions of a
transformational government, there is a clear requirement to conduct a sector-wide review of
information assurance initiatives. In particular there must be a clear understanding and standardised
approach to managing risk across all public sector departments to ensure each area can clearly
articulate the risk to its information assets.

There is also little doubt that recent high profile data losses and the potential for reputational
damage to both public sector departments and political parties have led to heightened interest
surrounding information assurance. There is widespread acknowledgement that reputation is
equally, if not more important than confidentiality, integrity and availability, due to the implications
of reduced citizen confidence in public sector services and the perceived inability of political parties
to effectively manage data.

“We have become a digitally-dependant society; the days of paper systems are well and truly a thing
of the past”. *AT09+ If we are to succeed in maintaining effective information assurance across the
public sector, we must work together to face the challenges which the 21st century presents.