GCIO Review of Publicly Accessible Systems
LATEST: The State Services Commissioner Iain Rennie released the Government Chief Information Officer’ s (GCIO) review of the security of publicly accessible computer systems in the State sector on 5 June 2013.
- Read the review and media release here: GCIO Review of Publicly Accessible Computer Systems (State Services Commission)
Terms of Reference
- Download a PDF version of this document (PDF, 10kb)
-
See the Department's media release (19 October 2012)
The Government Chief Information Officer (GCIO), together with an external specialist, will review policy, process and assurance information provided by departments relating to the security of publicly accessible agency systems.
1) Remit
a. The Government Chief Information Officer (“GCIO”) has been requested by the State Services Commissioner to review the security of publicly accessible systems across government
2) Purpose
a. provide Ministers with assurance on the security of publicly accessible systems
b. provide Chief Executives with advice on security improvements which can be made in the deployment and operation of such systems
3) Agencies in Scope
a. Public Service Departments, NZ Police and relevant Crown Entities
4) Matters in Scope
a. Publicly accessible systems including:
i. Kiosks or similar devices that provide public access that are connected to a government network
ii. Web servers that provide a service delivery interface
iii. Wireless networks providing access to the public
5) Approach
a. Review:
i. Lessons learned from MSD
ii. Agency self-review reports
iii. Agency documentation including:
a) Information Management security policy and practices
b) Change & Release Management processes
c) Network and Security architectures
d) Security and penetration tests and responses to those
e) Audit reports and responses to those
b. Recommend:
i. Identify systemic issues
ii. Provide assurance
iii. Provide advice on improvements
6) Timeframe
a. Draft report prepared by 27 November 2012