PARLIAMENTARY QUESTIONS
QUESTION NO.: 798
Mr S J F Marais (DA) to ask the Minister for the Public Service and Administration:
- Whether her department has identified measures to deal with cyber security concerns; if not, why not; if so;
- Whether his department has developed a policy framework in this regard; if not, why not; if so, what are the relevant details;
- Whether the department has begun implementation of the policy framework; if not, why not; if so, what are the relevant details? NW969E
- (1) & (2) The DPSA is working on a three pronged strategy in dealing with information security in the public service, which is synonymous with Cyber Security.
- Not yet. The department is still consulting on both the Public Service Information Security Policy and the Minimum Information Security Standards Framework. Once this process has been completed and the policies finalised, I will approach cabinet for concurrence.
REPLY
(a) The Department of Public Service and Administration, the State Security Agency, the Special Investigations Unit and the State IT Agency are jointly developing a common vulnerability assessment methodology for the public service.
(b) The DPSA has identified the need for a common policy on information security across the public service. Using the ISO17799 standard on information security, the DPSA is currently developing the Public Service Information Security Policy aimed at ensuring the protection of government, business and citizen information in its custody or safekeeping by safeguarding its confidentiality, integrity and availability.
The policy is in its draft phase, and has been circulated widely for comment and review. It is envisaged that this policy will be presented to Cabinet for approval within the first quarter of the 2012/2013 financial year.
(c) The Information Security Policy will be complimented by an Information Security Standards Framework.