Information Security Reports and Plans
Josh Levent made this Official Information request to Ministry of Social Development
Waiting for an internal review by Ministry of Social Development of their handling of this request.
From: Josh Levent
Dear Ministry of Social Development,
This is a request under the Official Information Act.
In light of the recent breaches of information security at the Ministry, I am requesting information of great public interest for determining how such breaches have come about.
1. I request that you release all reports to the Ministry and to the Ministry's agencies (and any staff member therein) regarding or containing an assessment of the IT security at the Ministry and/or any of its agencies in the last 5 years. This includes but is not limited to:
- A report made by Dimension Data in April last year
- Any internal reports made by staff
- Any reports made by IT contractors while implementing any IT solution operating on an MSD network
Please release the full text of these reports, who they were submitted by, the date they were submitted, who they were submitted to (a full list of people who received a copy of the report), and what actions related to information security were taken as a result (if any).
2. I request that you release all information security plans in place over the last 5 years at the Ministry and all of its agencies, including the full text of such plans, the date at which such plans were adopted, the date at which they were superseded by a newer plan, and the extent to which they comply with the International Standards Organisation Information Security Management Standard (AS/NZS ISO/IEC 27001:2006).
Yours faithfully,
Josh Levent
From: OIA_Requests (MSD)
Ministry of Social Development
Dear Josh Levent
Thank you for your email received 23 October 2012, under the Official Information Act 1982. Your request has been forwarded to the appropriate officials at National office to respond. You may expect a response to be sent to you as soon as possible.
Regards
Official and Parliamentary Information team | Ministerial and Executive Services
Ministry of Social Development
-----Original Message-----
From: Josh Levent [mailto:[OIA #615 email]]
Sent: Sunday, 21 October 2012 7:05 p.m.
To: Info (MSD)
Subject: Official Information Act request - Information Security Reports and Plans
Dear Ministry of Social Development,
This is a request under the Official Information Act.
In light of the recent breaches of information security at the Ministry, I am requesting information of great public interest for determining how such breaches have come about.
1. I request that you release all reports to the Ministry and to the Ministry's agencies (and any staff member therein) regarding or containing an assessment of the IT security at the Ministry and/or any of its agencies in the last 5 years. This includes but is not limited to:
- A report made by Dimension Data in April last year
- Any internal reports made by staff
- Any reports made by IT contractors while implementing any IT solution operating on an MSD network
Please release the full text of these reports, who they were submitted by, the date they were submitted, who they were submitted
to (a full list of people who received a copy of the report), and what actions related to information security were taken as a result(if any).
2. I request that you release all information security plans in place over the last 5 years at the Ministry and all of its agencies, including the full text of such plans, the date at which such plans were adopted, the date at which they were superseded by a newer plan, and the extent to which they comply with the International Standards Organisation Information Security Management Standard (AS/NZS ISO/IEC 27001:2006).
Yours faithfully,
Josh Levent
-------------------------------------------------------------------
Please use this email address for all replies to this request: [OIA #615 email]
Is [MSD request email] the wrong address for Official Information Act requests to Ministry of Social Development? If so, please contact us using this form: http://fyi.org.nz/help/contact
Disclaimer: This message and any reply that you make will be published on the internet. Our privacy and copyright policies: http://fyi.org.nz/help/officers
If you find this service useful as an OIA officer, please ask your web manager to link to us from your organisation's FOI page.
-------------------------------------------------------------------
-------------------------------
This email and any attachments may contain information that is confidential and subject to legal privilege. If you are not the intended recipient, any use, dissemination, distribution or duplication of this email and attachments is prohibited. If you have received this email in error please notify the author immediately and erase all copies of the email and attachments. The Ministry of Social Development accepts no responsibility for changes made to this message or attachments after transmission from the Ministry.
-------------------------------
hide quoted sections
From: OIA_Requests (MSD)
Ministry of Social Development
Dear Josh,
In order for the Ministry to provide you with the information you have
requested, please can you provide your postal address?
You can send this in confidence to [email address]
Thank you,
Agnes Sefo| Manager Official and Parliamentary Information
|Ministerial and Executive Services
Ministry of Social Development|
(DDI 04 916-3823 |( Internal Ext/D2D 42823
Email: [1][email address]
------------------------------- This email and any attachments may contain
information that is confidential and subject to legal privilege. If you
are not the intended recipient, any use, dissemination, distribution or
duplication of this email and attachments is prohibited. If you have
received this email in error please notify the author immediately and
erase all copies of the email and attachments. The Ministry of Social
Development accepts no responsibility for changes made to this message or
attachments after transmission from the Ministry.
-------------------------------
References
Visible links
1. mailto:[email address]
mailto:[email address]
From: OIA_Requests (MSD)
Ministry of Social Development
Dear Mr Levent,
Please find enclosed a response to your Official Information Act request.
Kind regards,
Official and Parliamentary Information Team
Ministerial and Executive Services
Ministry of Social Development
------------------------------- This email and any attachments may contain
information that is confidential and subject to legal privilege. If you
are not the intended recipient, any use, dissemination, distribution or
duplication of this email and attachments is prohibited. If you have
received this email in error please notify the author immediately and
erase all copies of the email and attachments. The Ministry of Social
Development accepts no responsibility for changes made to this message or
attachments after transmission from the Ministry.
-------------------------------
From: Josh Levent
Dear Ministry of Social Development,
Please pass this on to the person who conducts Freedom of Information reviews.
I am writing to request an internal review of Ministry of Social Development's handling of my FOI request 'Information Security Reports and Plans'.
My complaint relates to the following:
1. I was sent the 26/04/2011 Kiosk Review but not 2 pieces of information relating to this review which I requested, nor a reason why this information was witheld. This information was who the review was made available to at MSD, and what actions were taken as a result.
2. I was refused my request for information security plans operating at MSD, ostensibly on the grounds of sections 6(c) and 9(2)(k) of the Official Information Act, but it is unclear how every aspect of those plans is so sensitive as to "prejudice the maintenance of the law", or provide someone "improper gain or improper advantage". I humbly suggest that at the very least, broad level aspects of such plans would do neither of these and could be released while witholding many specific details in such plans.
A full history of my FOI request and all correspondence is available on the Internet at this address:
http://fyi.org.nz/request/information_se...
Yours faithfully,
Josh Levent
From: Josh Levent
Dear Marc Warner and the Official and Parliamentary Information Team,
Thank you for your response to my OIA request.
I would like to clarify an aspect of the response I received which is that it included only one report regarding information security at MSD. Since I requested all reports containing a review of MSD Information Security in the past five years, am I to conclude that this is the only report relating to information security in the past five years in the entire Ministry?
Yours sincerely,
Josh Levent
Things to do with this request
- Add an annotation (to help the requester or others)
- Download a zip file of all correspondence
Josh Levent left an annotation ()
I've marked this request as refused because while MSD has ostensibly responded, they have refused the vast majority of my request and only sent me one report (with sections removed), and referred me to the review by Deloitte (http://www.msd.govt.nz/documents/about-m...), which only addresses the recent Kiosk incident and not the wider issue of information security at MSD.
Link to this