Cyber security resilience of the Danish public sector II
SCALE
-
-
Approximately 90 of the government's IT systems are assessed to be critical by the departments.
COMPLIANCE FOCUS
-
-
Center for Cybersecurity's general recommendation for updating software
-
-
international standard for information security ISO 27001
PERFORMANCE ASPECT
-
-
risk exposure
-
-
vulnerabilities management
-
-
effectiveness of procedures
1.
Continuity
- Preparedness
The authorities have developed contingency plans for the majority of the IT systems, but the quality of the plans varies significantly. A few plans are satisfactory, whereas others, particularly the disaster recovery plans, are affected by significant shortcomings. For example, descriptions of the technical recovery of IT systems after a major IT breakdown were missing in more than half of the plans. A few of the IT systems are without contingency plans.
only a few of the contingency plans have been tested. It means that the authorities have not tested the effectiveness of the plans and do not know if the plans have the desired effect . As an example, it has not for the majority of the IT systems been tested whether they would be recoverable after a major IT incident.