You've thrown down the gauntlet and I accept the challenge....But let's put the problem into context first. Both private and public sector have had equally disastrous data breaches of late. From RBS Worldpay late last year to this month's 2nd hit on Monster.com. From whichever stance either of us take both private and public have the growing embarrassment of large scale, technology facilitated (but often people and process faulted), and hugely costly information security breaches. My humble opinion has always been that both private and public sector are both in this together and as equally challenged as each other in all the same people, process and technological areas.
The difference becomes clearer when we look at levels of capability maturity in the supporting infrastructure and capacity and I believe that the public sector is head and shoulders above and beyond anything the private sector is doing, or has done in this regard. From the early foresight and initial sponsorship of the development of BS7799 - Information Security Management System to the on-going work of CESG, the National Technical Authority for Information Assurance, the public sector has a long history of investment in, and understanding of, the needs and requirements of robust information security solutions in the widest sense.
Lets face it, information security and information risk management in particular is a young, emerging, and by it's very nature evolving discipline that has only just started to be better understood and appreciated as we all comes to terms with being an information and information infrastructure dependent economy. What better place to be than an environment with a history of coming to terms with these problems and putting in place real solutions, rather than the 'security theatre' that is often seen in the private sector?
Over to you Stuart for your retort.....
