Information is power…
MQA personnel include several information technology professionals who were involved in research into artificial intelligence, encryption and decryption as well as the design and development of computer hardware and software. Thus, we are aware that computers are capable of playing chess at the highest level, diagnosis of diseases and real time translation of natural languages. However, computer systems lack common sense and have the intelligence of a 2 year old human child.
Thus Information Technology cannot guarantee security of information. While suppliers of hardware and software incorporate features which deter unauthorised access, Information Technology is incapable of preventing a determined hacker from gaining access to data stored in computer systems which are connected to networks and the internet.
Security of Information is dependent on the diligence of the users of that information. Users of Information Technology should carefully define and agree Service Level Agreements with their IT suppliers who are responsible for the products supplied.
Certification to ISO 27001 provides useful guidelines designed to achieve a degree of confidence that a company applies diligence to the information it holds. However, it cannot guarantee that the information is one hundred percent secure.
Possibly the securest information is handwritten in large, heavy ledgers which are locked into a safe built into the walls of a vault which is securely locked (!)
Remember that visiting salespersons are trained to read documents upside down, recognise competitors’ logos on pens and spot gifts and literature from a competitor. Staff use of the internet carries considerable risk of cyber-attack and it is essential at all times to be aware of the identity of anyone or any organisation which is accessing your computer systems via networks including the Internet.
The greatest risk is human. The leaving of a laptop, without password protected access, on a train; the walking with legible documents tucked under the arm whilst a photographer takes a picture which can be enlarged to read secret information; careless talk; the handwritten note flushed down the loo and collected in the drains from a secure room situation. It’s not rocket science, it is considerate procedure and due care that keeps data safe.