Details of the Request
The questions concern cybersecurity within your IT environment.
1. Are you aware of the Minimum Cyber Security Standard, published 25th June 2018?
2. What is your annual dedicated budget for cybersecurity (including personnel and technology)? *
- £10,000 or less
- £10,001 - £50,000
- £50,001 - £100,000
- £100,001 - £500,000
- £500,001 - £1,000,000
- £1,000,001 - £5,000,000
- £5,000,001 - £10,000,000
- £10,000,001 or more
3. Approximately how many cyber-attacks (of any kind) have you experienced in your organisation in these 12-month periods?
- 1st January 2017 – 31st December 2017
- 1st January 2018 – 31st December 2018
- 1 – 50
- 50 – 100
- 100 – 200
- 200 – 500
- 500 -1000
4. Which of the following attack / cybersecurity threat types have been detected by your organisation? [Select all that apply]
- Accidental/careless insider threat
- Malicious insider threat
- Foreign governments
- Crypto mining
5. Which of the following form part of your cybersecurity defence technology strategy?
- Antivirus software
- Network device monitoring
- DNS filtering
- Malware protection
- Log management
- Network configuration management
- Patch management
- Network traffic analysis
- Multi-factor authentication
- Network perimeter security solutions
- Employee training (whole organisation)
- Employee training (IT team)
6. Which of these obstacles has your organisation experienced in maintaining or improving IT security?
- Competing priorities and other initiatives
- Budget constraints
- Lack of manpower
- Lack of technical solutions available at my agency
- Complexity of internal environment
- Lack of training for personnel
- Inadequate collaboration with other internal teams or departments
Details of the Response
The Trust does not hold this information.
Questions 2 to 6
The Trust holds this information, but considers it is exempt from disclosure under Section 31.1g)Law Enforcement where disclosure would be likely to prejudice the exercise by any public authority of its functions for any of the purposes specified in subsection 2.
AND Section 38 Health & Safety where disclosure would endanger the physical or mental health or safety of any individual.