A pilot study investigating the process of risk assessment and re-accreditation in UK public sector systems
The provision of security of information and its supporting ICT infrastructures within the UK Public Sector is long-standing and well established, underpinned by a wide range of standards and literature. For the many security practitioners that are employed in the sector, a number of important conce...
| Main Author: | |
|---|---|
| Format: | Working paper |
| Language: | English |
| Published: |
Cyber Security Centre, University of Oxford
2015
|
| Subjects: |
| Summary: | The provision of security of information and its supporting ICT infrastructures within the UK Public Sector is long-standing and well established, underpinned by a wide range of standards and literature. For the many security practitioners that are employed in the sector, a number of important concerns have experientially emerged over several iterations of policy and standards that have been developed over time to govern this activity. The aim of this qualitative pilot study was to explore these concerns from the perspective of security practitioners employed in the sector. Data was collected from six security practitioners via semi-structured interviews. Subsequent transcripts were analysed using a Thematic Analysis approach that identified four significant themes that suggest that re-accreditation rarely occurs outside of the formal accreditation cycle, and point to the underlying reasons why this is the case. |
|---|