National Cyber Security Centre CHECK Penetration Test - Find a freedom of information request

Request

 

1.Could you please tell me whether you have had a CHECK test in i) 2016/17, ii) 2017/18 and iii) 2018/19?

 

2. Could you also tell me what cyber security do you have aside from CHECK work including the following?

 

a) User education

 

b) Other penetration tests

c) Internal security

d) Other

Decision

1. Yes Lincolnshire County Council has had a CHECK test in 2016/17,  2017/18 and  2018/19?

 

2a) User education includes mandatory annual e-learning; regular email updates; security presentations; and updates at team meetings.  

b) In addition to an annual penetration test there may be occasions when the council deems it necessary to carry out further penetration tests based on project needs or changes to infrastructure.  

c) Security management of the council's network is primarily the responsibility of our strategic partner Serco who have a number of roles in place which have responsibility for cyber security. In addition, the council have an internal Information Assurance Team and Information Management and Technology Team who also have cyber security included as part of their responsibilities.         

d) Serco, who manage the councils network, and the council have in place an information security management system which is independently certified to ISO 27001:2013.  This system considers the deployment of wide ranging technical and organisational controls designed to reduce information risk, which includes those risks generated from the cyber environment.

Reference number
FOI0427
Date request received
01 August 2019
Date of decision
29 August 2019