Information Technology Request

The request was refused by Gravesham Borough Council.

Dear Gravesham Borough Council,

I am writing to make an open government request for all the information to which I am entitled under the Freedom of Information Act 2000.

Please forward responses to the attached questions below.

I would like the above information to be provided to me as an electronic document.
If this request is too wide or unclear, I would be grateful if you could contact me as I understand that under the Act, you are required to advise and assist requesters. If any of this information is already in the public domain, please can you direct me to it, with page references and URLs if necessary.

If the release of any of this information is prohibited on the grounds of breach of confidence, I ask that you supply me with copies of the confidentiality agreement and remind you that information should not be treated as confidential if such an agreement has not been signed.
I understand that you are required to respond to my request within the 20 working days after you receive this letter. I would be grateful if you could confirm in writing that you have received this request.

I look forward to hearing from you.

Yours faithfully,

Gloria Zimba.

1. Do you have a formal IT security strategy? (Please provide a link to the strategy)

A) Yes
B) No

2. Does this strategy specifically address the monitoring of network attached device configurations to identify any malicious or non-malicious change to the device configuration?

A) Yes
B) No
C) Don’t know

3. If yes to Question 2, how do you manage this identification process – is it:

A) Totally automated – all configuration changes are identified and flagged without manual intervention.
B) Semi-automated – it’s a mixture of manual processes and tools that help track and identify configuration changes.
C) Mainly manual – most elements of the identification of configuration changes are manual.

4. Have you ever encountered a situation where user services have been disrupted due to an accidental/non malicious change that had been made to a device configuration?

A) Yes
B) No
C) Don’t know

5. If a piece of malware was maliciously uploaded to a device on your network, how quickly do you think it would be identified and isolated?

A) Immediately
B) Within days
C) Within weeks
D) Not sure

6. How many devices do you have attached to your network that require monitoring?

A) Physical Servers: record number
B) PC’s & Notebooks: record number

7. Have you ever discovered devices attached to the network that you weren’t previously aware of?

A) Yes
B) No

If yes, how do you manage this identification process – is it:

A) Totally automated – all device configuration changes are identified and flagged without manual intervention.
B) Semi-automated – it’s a mixture of manual processes and tools that help track and identify unplanned device configuration changes.
C) Mainly manual – most elements of the identification of unexpected device configuration changes are manual.

8. How many physical devices (IP’s) do you have attached to your network that require monitoring for configuration vulnerabilities?

Record Number:

9. Have you suffered any external security attacks that have used malware on a network attached device to help breach your security measures?

A) Never
B) Not in the last 1-12 months
C) Not in the last 12-36 months

10. Have you ever experienced service disruption to users due to an accidental, non-malicious change being made to device configurations?

A) Never
B) Not in the last 1-12 months
C) Not in the last 12-36 months

11. When a scheduled audit takes place for the likes of PSN or Cyber Essentials, how likely are you to get significant numbers of audit fails relating to the status of the IT infrastructure?

A) Never
B) Occasionally
C) Frequently
D) Always

foi, Gravesham Borough Council

Dear Customer,

Thank you for contacting Gravesham Borough Council.
Please note that we have a Shared Information Governance Team between
Gravesham Borough Council and Medway Council with effect from 1st April
2018. Your email has been forwarded on to the Shared Information
Governance Team.
This is an automated response to acknowledge your email has been received.
If this is an initial request for information under the Freedom of
Information Act 2000 or Environmental Information Regulations 2004, you
can expect to receive a response within 20 working days.
If your email relates to a current request for information, your email
will be forwarded to the relevant case officer.
Should your email be because you are dissatisfied with the way we have
processed your request the Council has an internal review process and your
email will be forwarded to the Information Governance section for review,
you should receive a response within 20 working days.
If you remain dissatisfied you have the right to appeal to the Information
Commissioners' Office (ICO) www.ico.org.uk/concerns
Thank you

freedomgravesham,

Dear Customer,

 

Thank you for contacting Gravesham Borough Council. This response is to
acknowledge your email has been received. If this is an initial request
for information under the Freedom of Information Act 2000 or Environmental
Information Regulations 2004, you can expect to receive a response within
20 working days.

 

If your email relates to a current request for information, your email
will be forwarded to the relevant case officer.

 

Should your email be because you are dissatisfied with the way we have
processed your request the Council has an internal review process and your
email will be forwarded to the Information Governance Team for review, you
should receive a response within 20 working days.

 

If you remain dissatisfied you have the right to appeal to the Information
Commissioners' Office (ICO) [1]www.ico.org.uk/concerns.

 

Yours Sincerely

 

Richie McNicol

Information Governance Officer

Legal Services - Medway Council & Gravesham Borough Council

Tel: 01634 33(5143)

Gun Wharf, Dock Road, Chatham, ME4 4RT

 

Check out the [2]ICO guidance on Information Sharing Agreements

 

I am currently working from home Mon –Fri.

 

This Email, and any attachments, may contain Protected or Restricted
information and is intended solely for the individual to whom it is
addressed.  It may contain sensitive or protectively marked material and
should be handled accordingly.

Nothing in this email message amounts to a contractual or other legal
commitment on the part of Medway Council and Gravesham Borough Council. If
this Email has been misdirected, please notify the author immediately. If
you are not the intended recipient you must not disclose, distribute,
copy, print or rely on any of the information contained in it or attached,
and all copies must be deleted immediately.

Whilst we take reasonable steps to try to identify any software viruses,
any attachments to this Email may nevertheless contain viruses which our
anti-virus software has failed to identify. You should therefore carry out
your own anti-virus checks before opening any documents. Medway Council
and Gravesham Borough Council will not accept any liability for damage
caused by computer viruses emanating from any attachment or other document
supplied with this e-mail.

All Medway Council and Gravesham Borough Council and PSN traffic may be
subject to recording and / or monitoring in accordance with relevant
legislation.

 

 

 

 

Our Ref: DocumentOwner\GFOI-018343\DocumentRef

 

 

show quoted sections

Everden, Darren, Gravesham Borough Council

1 Attachment

Dear Gloria Zimba,

 

Please find attached the response to your recent Freedom of Information
request.

 

Should you have any further enquiries about this request, please send all
correspondence to [1][Gravesham Borough Council request email].

 

Regards,

 

Darren Everden
Assistant Director (IT and Transformation)
Gravesham Borough Council
Tel. 01474 33 72 40
e-mail. [2][email address]
Gravesham Borough Council - Delivering for the Community

Please consider the environment before printing this email

 

 

References

Visible links
1. mailto:[Gravesham Borough Council request email]
2. blocked::mailto:[email address] mailto:[email address]
file:///tmp/blocked::mailto:[email address]