Information Security Reports and Plans

Josh Levent made this Official Information Act request to Ministry of Social Development

Waiting for an internal review by Ministry of Social Development of their handling of this request.

From: Josh Levent

Dear Ministry of Social Development,

This is a request under the Official Information Act.

In light of the recent breaches of information security at the
Ministry, I am requesting information of great public interest for
determining how such breaches have come about.

1. I request that you release all reports to the Ministry and to
the Ministry's agencies (and any staff member therein) regarding or
containing an assessment of the IT security at the Ministry and/or
any of its agencies in the last 5 years. This includes but is not
limited to:
- A report made by Dimension Data in April last year
- Any internal reports made by staff
- Any reports made by IT contractors while implementing any IT
solution operating on an MSD network
Please release the full text of these reports, who they were
submitted by, the date they were submitted, who they were submitted
to (a full list of people who received a copy of the report), and
what actions related to information security were taken as a result
(if any).

2. I request that you release all information security plans in
place over the last 5 years at the Ministry and all of its
agencies, including the full text of such plans, the date at which
such plans were adopted, the date at which they were superseded by
a newer plan, and the extent to which they comply with the
International Standards Organisation Information Security
Management Standard (AS/NZS ISO/IEC 27001:2006).

Yours faithfully,
Josh Levent

Link to this

From: OIA_Requests (MSD)
Ministry of Social Development

Dear Josh Levent

Thank you for your email received 23 October 2012, under the Official Information Act 1982. Your request has been forwarded to the appropriate officials at National office to respond. You may expect a response to be sent to you as soon as possible.

Regards
Official and Parliamentary Information team | Ministerial and Executive Services
Ministry of Social Development

-----Original Message-----
From: Josh Levent [mailto:[OIA #615 email]]
Sent: Sunday, 21 October 2012 7:05 p.m.
To: Info (MSD)
Subject: Official Information Act request - Information Security Reports and Plans

Dear Ministry of Social Development,

This is a request under the Official Information Act.

In light of the recent breaches of information security at the Ministry, I am requesting information of great public interest for determining how such breaches have come about.

1. I request that you release all reports to the Ministry and to the Ministry's agencies (and any staff member therein) regarding or containing an assessment of the IT security at the Ministry and/or any of its agencies in the last 5 years. This includes but is not limited to:
- A report made by Dimension Data in April last year
- Any internal reports made by staff
- Any reports made by IT contractors while implementing any IT solution operating on an MSD network

Please release the full text of these reports, who they were submitted by, the date they were submitted, who they were submitted
to (a full list of people who received a copy of the report), and what actions related to information security were taken as a result(if any).

2. I request that you release all information security plans in place over the last 5 years at the Ministry and all of its agencies, including the full text of such plans, the date at which such plans were adopted, the date at which they were superseded by a newer plan, and the extent to which they comply with the International Standards Organisation Information Security Management Standard (AS/NZS ISO/IEC 27001:2006).

Yours faithfully,
Josh Levent

-------------------------------------------------------------------

Please use this email address for all replies to this request: [OIA #615 email]

Is [MSD request email] the wrong address for Official Information Act requests to Ministry of Social Development? If so, please contact us using this form: http://fyi.org.nz/help/contact

Disclaimer: This message and any reply that you make will be published on the internet. Our privacy and copyright policies: http://fyi.org.nz/help/officers

If you find this service useful as an OIA officer, please ask your web manager to link to us from your organisation's FOI page.

-------------------------------------------------------------------

-------------------------------
This email and any attachments may contain information that is confidential and subject to legal privilege. If you are not the intended recipient, any use, dissemination, distribution or duplication of this email and attachments is prohibited. If you have received this email in error please notify the author immediately and erase all copies of the email and attachments. The Ministry of Social Development accepts no responsibility for changes made to this message or attachments after transmission from the Ministry.

-------------------------------

hide quoted sections

Link to this

From: OIA_Requests (MSD)
Ministry of Social Development

Dear Josh,

In order for the Ministry to provide you with the information you have
requested, please can you provide your postal address?

You can send this in confidence to [email address]

Thank you,

 

Agnes Sefo| Manager Official and Parliamentary Information 

|Ministerial and Executive Services

Ministry of Social Development|

(DDI 04 916-3823 |( Internal Ext/D2D 42823  

Email: [1][email address]

 

 

------------------------------- This email and any attachments may contain
information that is confidential and subject to legal privilege. If you
are not the intended recipient, any use, dissemination, distribution or
duplication of this email and attachments is prohibited. If you have
received this email in error please notify the author immediately and
erase all copies of the email and attachments. The Ministry of Social
Development accepts no responsibility for changes made to this message or
attachments after transmission from the Ministry.
-------------------------------

References

Visible links
1. mailto:[email address]
mailto:[email address]

Link to this

From: OIA_Requests (MSD)
Ministry of Social Development


Attachment Levent Josh Final Response dated 16 November 2012.pdf
474K Download View as HTML


Dear Mr Levent,
 
Please find enclosed a response to your Official Information Act request.
 
Kind regards,
 
Official and Parliamentary Information Team

Ministerial and Executive Services

Ministry of Social Development 

 
 

------------------------------- This email and any attachments may contain
information that is confidential and subject to legal privilege. If you
are not the intended recipient, any use, dissemination, distribution or
duplication of this email and attachments is prohibited. If you have
received this email in error please notify the author immediately and
erase all copies of the email and attachments. The Ministry of Social
Development accepts no responsibility for changes made to this message or
attachments after transmission from the Ministry.
-------------------------------

Link to this

Josh Levent left an annotation ()

I've marked this request as refused because while MSD has ostensibly responded, they have refused the vast majority of my request and only sent me one report (with sections removed), and referred me to the review by Deloitte (http://www.msd.govt.nz/documents/about-m...), which only addresses the recent Kiosk incident and not the wider issue of information security at MSD.

Link to this

From: Josh Levent

Dear Ministry of Social Development,

Please pass this on to the person who conducts Freedom of
Information reviews.

I am writing to request an internal review of Ministry of Social
Development's handling of my FOI request 'Information Security
Reports and Plans'.

My complaint relates to the following:
1. I was sent the 26/04/2011 Kiosk Review but not 2 pieces of
information relating to this review which I requested, nor a reason
why this information was witheld. This information was who the
review was made available to at MSD, and what actions were taken as
a result.
2. I was refused my request for information security plans
operating at MSD, ostensibly on the grounds of sections 6(c) and
9(2)(k) of the Official Information Act, but it is unclear how
every aspect of those plans is so sensitive as to "prejudice the
maintenance of the law", or provide someone "improper gain or
improper advantage". I humbly suggest that at the very least, broad
level aspects of such plans would do neither of these and could be
released while witholding many specific details in such plans.

A full history of my FOI request and all correspondence is
available on the Internet at this address:
http://fyi.org.nz/request/information_se...

Yours faithfully,

Josh Levent

Link to this

From: Josh Levent

Dear Marc Warner and the Official and Parliamentary Information
Team,

Thank you for your response to my OIA request.

I would like to clarify an aspect of the response I received which
is that it included only one report regarding information security
at MSD. Since I requested all reports containing a review of MSD
Information Security in the past five years, am I to conclude that
this is the only report relating to information security in the
past five years in the entire Ministry?

Yours sincerely,
Josh Levent

Link to this

Things to do with this request

Anyone:
Ministry of Social Development only: