Thank you for your email.

We are currently experiencing a high volume of enquiries. Please see below
for answers to some of our most common enquiries.

Walk-ins

We have allowed for a limited number of walk-ins in our daily visitor
capacity. These tickets are allocated on a first-come-first-served basis.
If the time slot is fully booked when you arrive you may have to wait a
short while to be admitted. Our Welcome Team work hard to accommodate all
our visitors and we thank you in advance for your patience and
understanding.

Tickets

For tickets from 8th September please use the booking link below: 

[1]Royal Armouries Museum Leeds | 8 - 30 September Tickets, Multiple Dates
| Eventbrite

Please note that we are closed on Monday and Tuesday during school term
time.

Cancelling and rebooking

If you are unable to visit and need to cancel and/or rebook you can
amend/cancel your booking through Eventbrite. Find Order Summary on your
original booking confirmation from Eventbrite and select Manage your
booking online.

If your enquiry is for Fort Nelson then please
contact: fn[Royal Armouries request email]

If you have emailed about something other than booking a visit we will get
back to you as soon as we can.

Best wishes

The Visitor Services Team

 [2][IMG]

References

Visible links
1. https://www.eventbrite.co.uk/e/royal-arm...
2. http://royalarmouries.org/

Dear Gloria

Thank you for your email. I shall forward this to a colleague to retrieve
and answers to your questions, and let you have a response within 20
working days.

Philip Abbott

Archives and Records Manager

════════════════════════════════════════════════════════════════════════

From: Gloria Zimba <[1][FOI #815548 email]>
Sent: Monday, December 13, 2021 10:08 AM
To: Enquiries <[2][email address]>
Subject: Freedom of Information request - Information Technology Request

[You don't often get email from
[3][FOI #815548 email]. Learn why this is important
at [4]http://aka.ms/LearnAboutSenderIdentifica...

Dear Royal Armouries,

I am writing to make an open government request for all the information to
which I am entitled under the Freedom of Information Act 2000.

Please forward responses to the attached questions below.

I would like the above information to be provided to me as an electronic
document.

If this request is too wide or unclear, I would be grateful if you could
contact me as I understand that under the Act, you are required to advise
and assist requesters. If any of this information is already in the public
domain, please can you direct me to it, with page references and URLs if
necessary.

If the release of any of this information is prohibited on the grounds of
breach of confidence, I ask that you supply me with copies of the
confidentiality agreement and remind you that information should not be
treated as confidential if such an agreement has not been signed.

I understand that you are required to respond to my request within the 20
working days after you receive this letter. I would be grateful if you
could confirm in writing that you have received this request.

I look forward to hearing from you.

Yours faithfully,

Gloria Zimba.

1.      Do you have a formal IT security strategy? (Please provide a link
to the strategy)

A)      Yes

B)      No

2.      Does this strategy specifically address the monitoring of network
attached device configurations to identify any malicious or non-malicious
change to the device configuration?

A)      Yes

B)      No

C)      Don’t know

3.      If yes to Question 2, how do you manage this identification
process – is it:

A)      Totally automated – all configuration changes are identified and
flagged without manual intervention.

B)      Semi-automated – it’s a mixture of manual processes and tools that
help track and identify configuration changes.

C)      Mainly manual – most elements of the identification of
configuration changes are manual.

4.      Have you ever encountered a situation where user services have
been disrupted due to an accidental/non malicious change that had been
made to a device configuration?

A)      Yes

B)      No

C)      Don’t know

5.      If a piece of malware was maliciously uploaded to a device on your
network, how quickly do you think it would be identified and isolated?

A)      Immediately

B)      Within days

C)      Within weeks

D)      Not sure

6.      How many devices do you have attached to your network that require
monitoring?

A)      Physical Servers: record number

B)      PC’s & Notebooks: record number

7.      Have you ever discovered devices attached to the network that you
weren’t previously aware of?

A)      Yes

B)      No

If yes, how do you manage this identification process – is it:

A)      Totally automated – all device configuration changes are
identified and flagged without manual intervention.

B)      Semi-automated – it’s a mixture of manual processes and tools that
help track and identify unplanned device configuration changes.

C)      Mainly manual – most elements of the identification of unexpected
device configuration changes are manual.

8.      How many physical devices (IP’s) do you have attached to your
network that require monitoring for configuration vulnerabilities?

Record Number:

9.      Have you suffered any external security attacks that have used
malware on a network attached device to help breach your security
measures?

A)      Never

B)      Not in the last 1-12 months

C)      Not in the last 12-36 months

10.     Have you ever experienced service disruption to users due to an
accidental, non-malicious change being made to device configurations?

A)      Never

B)      Not in the last 1-12 months

C)      Not in the last 12-36 months

11.     When a scheduled audit takes place for the likes of PSN or Cyber
Essentials, how likely are you to get significant numbers of audit fails
relating to the status of the IT infrastructure?

A)      Never

B)      Occasionally

C)      Frequently

D)      Always

-------------------------------------------------------------------

Please use this email address for all replies to this request:

[5][FOI #815548 email]

Is [6][Royal Armouries request email] the wrong address for Freedom of
Information requests to Royal Armouries? If so, please contact us using
this form:

[7]https://www.whatdotheyknow.com/change_re...

Disclaimer: This message and any reply that you make will be published on
the internet. Our privacy and copyright policies:

[8]https://www.whatdotheyknow.com/help/offi...

For more detailed guidance on safely disclosing information, read the
latest advice from the ICO:

[9]https://www.whatdotheyknow.com/help/ico-...

Please note that in some cases publication of requests and responses will
be delayed.

If you find this service useful as an FOI officer, please ask your web
manager to link to us from your organisation's FOI page.

-------------------------------------------------------------------

References

Visible links
1. mailto:[FOI #815548 email]
2. mailto:[email address]
3. mailto:[FOI #815548 email]
4. http://aka.ms/LearnAboutSenderIdentifica...
5. mailto:[FOI #815548 email]
6. mailto:[Royal Armouries request email]
7. https://www.whatdotheyknow.com/change_re...
8. https://www.whatdotheyknow.com/help/offi...
9. https://www.whatdotheyknow.com/help/ico-...

Please find below the information requested:

 1. B - No
 2. C – Don’t know (strategy is currently a work in progress)
 3. N/A
 4. A - Yes
 5. A – Immediately
 6. As below:

 a. 11
 b. 169

 7. B – No
 8. 125
 9. A – Never
10. This is the same question as question 4 so please see Q4 response.
11. B - Occasionally   

Philip Abbott
Archives and Records Manager

══════════════════════════════════════════════════════════════════════════

From: Gloria Zimba <[FOI #815548 email]>
Sent: Monday, December 13, 2021 10:08 AM
To: Enquiries <[email address]>
Subject: Freedom of Information request - Information Technology Request
 
[You don't often get email from
[FOI #815548 email]. Learn why this is important at
[1]http://aka.ms/LearnAboutSenderIdentifica...

Dear Royal Armouries,

I am writing to make an open government request for all the information to
which I am entitled under the Freedom of Information Act 2000.

Please forward responses to the attached questions below.

I would like the above information to be provided to me as an electronic
document.

If this request is too wide or unclear, I would be grateful if you could
contact me as I understand that under the Act, you are required to advise
and assist requesters. If any of this information is already in the public
domain, please can you direct me to it, with page references and URLs if
necessary.

If the release of any of this information is prohibited on the grounds of
breach of confidence, I ask that you supply me with copies of the
confidentiality agreement and remind you that information should not be
treated as confidential if such an agreement has not been signed.

I understand that you are required to respond to my request within the 20
working days after you receive this letter. I would be grateful if you
could confirm in writing that you have received this request.

I look forward to hearing from you.

Yours faithfully,

Gloria Zimba.

1.      Do you have a formal IT security strategy? (Please provide a link
to the strategy)

A)      Yes

B)      No

2.      Does this strategy specifically address the monitoring of network
attached device configurations to identify any malicious or non-malicious
change to the device configuration?

A)      Yes

B)      No

C)      Don’t know

3.      If yes to Question 2, how do you manage this identification
process – is it:

A)      Totally automated – all configuration changes are identified and
flagged without manual intervention.

B)      Semi-automated – it’s a mixture of manual processes and tools that
help track and identify configuration changes.

C)      Mainly manual – most elements of the identification of
configuration changes are manual.

4.      Have you ever encountered a situation where user services have
been disrupted due to an accidental/non malicious change that had been
made to a device configuration?

A)      Yes

B)      No

C)      Don’t know

5.      If a piece of malware was maliciously uploaded to a device on your
network, how quickly do you think it would be identified and isolated?

A)      Immediately

B)      Within days

C)      Within weeks

D)      Not sure

6.      How many devices do you have attached to your network that require
monitoring?

A)      Physical Servers: record number

B)      PC’s & Notebooks: record number

7.      Have you ever discovered devices attached to the network that you
weren’t previously aware of?

A)      Yes

B)      No

If yes, how do you manage this identification process – is it:

A)      Totally automated – all device configuration changes are
identified and flagged without manual intervention.

B)      Semi-automated – it’s a mixture of manual processes and tools that
help track and identify unplanned device configuration changes.

C)      Mainly manual – most elements of the identification of unexpected
device configuration changes are manual.

8.      How many physical devices (IP’s) do you have attached to your
network that require monitoring for configuration vulnerabilities?

Record Number:

9.      Have you suffered any external security attacks that have used
malware on a network attached device to help breach your security
measures?

A)      Never

B)      Not in the last 1-12 months

C)      Not in the last 12-36 months

10.     Have you ever experienced service disruption to users due to an
accidental, non-malicious change being made to device configurations?

A)      Never

B)      Not in the last 1-12 months

C)      Not in the last 12-36 months

11.     When a scheduled audit takes place for the likes of PSN or Cyber
Essentials, how likely are you to get significant numbers of audit fails
relating to the status of the IT infrastructure?

A)      Never

B)      Occasionally

C)      Frequently

D)      Always

-------------------------------------------------------------------

Please use this email address for all replies to this request:

[FOI #815548 email]

Is [Royal Armouries request email] the wrong address for Freedom of Information
requests to Royal Armouries? If so, please contact us using this form:

[2]https://www.whatdotheyknow.com/change_re...

Disclaimer: This message and any reply that you make will be published on
the internet. Our privacy and copyright policies:

[3]https://www.whatdotheyknow.com/help/offi...

For more detailed guidance on safely disclosing information, read the
latest advice from the ICO:

[4]https://www.whatdotheyknow.com/help/ico-...

Please note that in some cases publication of requests and responses will
be delayed.

If you find this service useful as an FOI officer, please ask your web
manager to link to us from your organisation's FOI page.

-------------------------------------------------------------------

References

Visible links
1. http://aka.ms/LearnAboutSenderIdentifica...
2. https://www.whatdotheyknow.com/change_re...
3. https://www.whatdotheyknow.com/help/offi...
4. https://www.whatdotheyknow.com/help/ico-...