2015 to April 2016 Home Office
Application Development Information Security UK
A part of my role was to undertake a Risk Assessment in the way I had undertaken for most of my time as CLAS consultant since 2004.
The use of the IS1 process was used as it enabled a rerun of the model for different attack scenarios in for example different forms of hosting and operated as a Governance, Risk and Compliance (GRC) system.
Result : The use of IS1 was appropriate as the data set contained records of interest to the Home Office and to government agencies and helped drive the hosting of the project towards Crown Hosting in these circumstances rather than the use of public cloud hosting which would, according to the agency accreditor’s view , have pushed project risk above appetite.
GDS June 2017-July 2018 Cabinet Office Government Digital Service (GDS) Information Security Manager
I was asked to manage a security assurance project for the Cartels Behaviour Tool for the GDS client organisation: We were asked to examine this tool to verify that it was fit for purpose for sharing with and use by other government departments .
Result : This risk assessment was taken forward as a part of an assurance document set and used as the basis of remediation of risks down to the residual risk of Low in accordance with the accreditor’s assessment of the user department’s Risk Appetite.