Cyber Scotland Week - People

The last day of our Scottish Cyber Security week brings us to the most important topic and the one we all play a part in - ‘People’.

Who looks after all the information, data and systems that the council owns and holds?

The Council's IT team

Our IT team looks after:

• The servers that run the systems you use
• The network that allows you to access the systems when you need to
• Security devices on the network that protect you and the systems you use
• Patching and upgrading the systems and network to make sure they're available
• Making sure there's enough storage for the data we hold
• Making sure the data we hold is properly and securely backed up
• Replacing out of date devices
• Troubleshooting and fixing reported problems
• Advising staff on IT issues

The Information Governance team

Gavin Mitchell our Data Protection Officer Paul Kesterton our Information Governance Officer are responsible for:

• Our Records Management Policy, Data Protection Policy and other information related policies
• Ensuring we meet the standards required to interact with other public sector bodies
• Ensuring that our Records Management systems are working properly Responsible for training and guidance materials
• Providing professional advice to managers and staff
• Providing professional assurance to project teams

Information Security and Cyber Security

Tony Whenman our Information Security Officer and is responsible for:

Our Information Security, Information Systems Management Policy and other Information Security and Cyber Security policies

• Independent security testing of our systems and network
• Ensuring we meet the standards required to interact with other public sector bodies
• Managing our Public Services Network (PSN) accreditation Responsible for training and guidance materials
• Providing professional advice to managers and staff
• Providing professional assurance to project teams

Information Risk Ownership and Leadership

Karen Greaves is our Senior Information Risk Owner (SIRO). This is one of the most senior roles in the Council, with overall responsibility for our information.

Trading Standards

Additionally, these roles are complemented by the excellent work of the Council’s Trading Standards Manager, Gary Foubister, who supports our community, highlighting scams and raising awareness to the public. Via the Orkney Scam Action Group, Gary works with colleagues in the Police and other partner agencies, publishes articles in The Orcadian and via the Orkney Scam Action Group Facebook page, and visits communities, raising awareness and tackling cybercrime.

You.

And last but definitely not least, you the OIC staff. You are our first line of defence against security breaches. We rely on your professional standards, prompt reporting of suspicious incidents and accidental breaches, and general care and attention to handling the information we hold on behalf of the public. We really couldn't do it without you.

I hope you have found our daily bulletins this Cyber Scotland Week of interest – and please if you have any questions do not hesitate to ask.

Very Best Regards,

Thomas Aldred, ICT Services Manager