Competition Commission uses ethical hacker to test data systems

The Competition Commission has used ethical hacking to test electronic document management systems before choosing a product.

The government organisation, which conducts inquiries into mergers, markets and the regulation of the major regulated industries, has rolled out Wisdom from Diagonal Solutions to create an auditable and secure repository of structured and unstructured data.

With mergers worth billions of pounds depending on the commission's decisions, it could be a target for industrial hacking, said Brian Sallery, the organisation's head of information services.

"We are slightly neurotic about security, in the nicest possible way. We hired a professional ethical hacker to see what a malicious internal user could do to the system, since this is the greatest threat. We ranked products against what the hacker could do."

The Competition Commission requires stringent document governance because companies that do not agree with its decisions can appeal to an independent body.

Although such instances are rare, the commission has to be able to present all its documentation in relation to the case, the audit trails associated with them, and be able to guarantee the authenticity of those documents.

The new system not only fulfils this statutory requirement, it also places all commission documents in a single, searchable repository, enabling greater efficiency, Sallery said.

However, IT procurement was only a small part of the project. "The organisational challenge is probably 80% of the project, picking a product is almost the easy bit," he said.

"The challenge is winning the hearts and minds of the users and convincing them this is the direction for the organisation and that they will benefit."

Sallery advised organisations embarking on large-scale governance projects to have a business plan that delivers benefits, not just legislative requirements, and to ensure end-users had the correct expectations. "Sometimes users' expectations are set too high. They should understand this is not all going to be easy, it might get difficult for a while, but it will be worth it," he said.


Email Alerts

Register now to receive IT-related news, guides and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

COMMENTS powered by Disqus  //  Commenting policy