ISO standard puts Caerphilly LA ahead on security

Caerphilly County Borough Council has been selected as one of the pilot sites for a secure network to link government departments, after a three-month programme to step up its internal security.

Caerphilly County Borough Council has been selected as one of the pilot sites for a secure network to link government departments, after a three-month programme to step up its internal security.

The Government Connect Secure Extranet (GCSX) requires local authorites to meet stringent security standards concerning storing data on portable media, creating full audit trail of their use and ensuring that the storage media is tamper proof.

But Caerphilly was able to meet the stringent security standards needed to join the network in just over three months, after signing up to the interational security code of practice.

ISO 27001

"Some local authorities struggle with GCSX compliance because it requires input from many different areas of IT," said Vernon Coles, IT security officer for Caerphilly CBC. "But compliance with ISO 27001 meant that we already had the answers to many of the questions for GCSX compliance," he said.

The council's IT department realised it needed to improve security around portable storage months ahead of the introduction of the GCSX standard.

"Compliance with ISO 27001 requires regular risk assessments, which led us to begin considering endpoint security about two years ago," said Coles.

After searching for suitable technologies, Caerphilly rolled out data leakage prevention technology from Safend system across its desktop and laptop computers.

"This gave us a complete picture of all the removable devices in use and the files written to them since the computers were commissioned," said Turner.

The council followed the project with a programme to raise awareness of staff on the safe use of removable storage devices.

It ran a USB amnesty, offering to replacing unauthorised devices with Caerphilly CBC-branded, Safend-encrypted USB sticks. And it explained the importance of encryption on these devices to protect users if the devices were lost or stolen.

"Users appreciate the importance of taking pre-emptive steps to protect the authority and its employees from any damaging loss of data," said Turner.

"With this system in place, no-one has to worry about being named and shamed in the press for data breaches," he said Coles.

Local authorities that failed to meet the GCSX deadline of 31 March 2009 are expected to be ready for connection to the network by the end of September.


Securing Caerphilly CBC 
 Vernon Coles, IT security officer for Caerphilly CBC, shelved a plan to beef-up the security of its portable storage devices for a year, after being unable to find a solution which complied with the government's criteria.
 He was only able to find five suppliers that met the criteria for the government's secure GCSX network.
 Caerphilly chose an endpoint data leakage prevention system from software supplier Safend following an independent penetration testing report.
 Wayne Turner, network development officer for Caerphilly CBC said: "Both products met the criteria, but the testing report said Safend had the edge."
 "Penetration testing is routine part of our technology procurement process," said Coles.





Enjoy the benefits of CW+ membership, learn more and join.

Read more on IT governance



Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:




  • Dissecting the Hack

    In this excerpt from chapter three of Dissecting the Hack: The V3RB0TEN Network, authors Jayson E. Street, Kristin Sims and Brian...

  • Digital Identity Management

    In this excerpt of Digital Identity Management, authors Maryline Laurent and Samia Bousefrane discuss principles of biometrics ...

  • Becoming a Global Chief Security Executive Officer

    In this excerpt of Becoming a Global Chief Security Executive Officer: A How to Guide for Next Generation Security Leaders, ...