search

ministryofjustice / security-guidance

Security guidance from the MOJ Digital & Technology Cybersecurity team
https://ministryofjustice.github.io/security-guidance/
Other
21 stars 25 forks source link

SC advice is not as strict as current Vetting Matrix #462

Open martin-ballhatchet-moj opened 9 months ago

martin-ballhatchet-moj commented 9 months ago

https://github.com/ministryofjustice/security-guidance/blob/039ddb1cfe01ce416f12fabd29e4d777601cb590/docs/minimum-user-clearance-requirements-guide.md?plain=1#L27C1-L34C43

There are a number of items that mandate SC level security clearance in the National Security Vetting Matrix (which I will not link to here as it has handling instructions that make this tricky) that are not covered in this short list.

This is important because people may be relying on the advice in this page to determine whether they need higher than BPSS clearance and are then not starting that process when they should by our own policies.

joelstobart-moj commented 1 month ago

Just to echo Martin's point here I think this should also consider the following:

1. Privacy

Personal Data:

Does the role or data involve access to personal information of individuals within the justice system (e.g., defendants, victims, witnesses)?

Sensitive Information:

Does the data include sensitive personal information such as health records, financial details, or family information?

Data Protection Regulations:

Compliance with legal requirements

2. Safety and Security of Individuals in the Justice System

Inmates and Detainees:

Access to information about individuals in custody, their movements, and their security status.

Inmates Family Information:

Access to information about the dependents of those in custody, their movements, and their security status.

Victims and Witnesses:

Ensuring the protection of identities and personal details of victims and witnesses to prevent retaliation or intimidation.

3. Safety and Security of Staff

Employee Data:

Access to personal and professional details of MoJ staff, including their roles, responsibilities, and contact information. Operational Security: Information related to staff schedules, deployment, and security protocols.

4. National Security Concerns

Terrorism:

Information that may be used to determine behaviours or trends, or individuals or groups suspected or convicted of terrorism-related activities.

Serious Organised Crime:

Data concerning organised criminal gangs and their activities, including ongoing investigations and intelligence.

5. Operational Impact

System Integrity:

Access to critical systems and infrastructure that, if compromised, could disrupt justice services or operations.

Decision-Making Information:

Access to data that influences high-level decisions, policies, or legal judgments.

Amount, Scope and Data characteristics

There is also a dimension about the amount, scope and type of data access to which folks have access.

1. Scope of Data Access

Single vs. Multiple Records:

Single Record Access: Does the individual need access to only one record at a time, reducing the risk of large-scale data breaches? Multiple Record Access: Does the individual need access to multiple records simultaneously, increasing the potential risk?

2. System-Specific Access:

Single System Access: Is the access confined to a single system, limiting the exposure of data? Multiple System Access: Does the individual need access to data across multiple systems, which could aggregate sensitive information?

3. Data Anonymisation and Pseudonymisation

Anonymised Data: Is the data anonymised in such a way that individuals cannot be identified directly or indirectly? Pseudonymised Data: Is the data pseudonymised, where identifiable information is replaced with pseudonyms, but can potentially be re-identified? Direct Identification: Can the user access data that includes direct identifiers like names, addresses, or social security numbers?

4. Ability to Reverse Anonymisation

Undo Anonymisation/Pseudonymisation: Can the user access data in a manner that allows for the reversal of anonymisation or pseudonymisation, leading to the identification of individuals?

5. Audit and Traceability

Audited Access: Is all data access logged and monitored, ensuring traceability and accountability for every action taken by the user? Unaudited Access: Does the user have direct access to data without sufficient logging, making it harder to trace actions and identify breaches?

6. Data Access Permissions

Read-Only Access: Does the user have read-only access, preventing any modifications to the data? Read-Write Access: Does the user have permissions to amend, update, or delete data, which should require a higher level of trust and security clearance?

7. Data Specificity and Sensitivity

General Data: Is the data non-specific and aggregated, posing less risk if accessed? Highly Specific Data: Is the data highly specific and sensitive, such that individual persons can be easily identified and potentially harmed?

8. Data Manipulation and Interaction

Data Aggregation: Can the user aggregate data from different sources, potentially increasing the sensitivity and value of the information? Data Modification: Can the user modify or interact with the data beyond simple viewing, increasing the risk of data integrity issues?