HMG Infosec Standard No.1
Encyclopedia
HMG Information Assurance Standard No.1, usually abbreviated to IS1, is a security
standard applied to government
computer
systems in the UK.
The standard is used to assess - and suggest responses to - technical risks to confidentiality, integrity and availability. In confidentiality terms, IS1 does not apply to information which is not protectively marked, but it may still be used for integrity and availability.
IS1 part of the Security Policy Framework
; Mandatory Requirement 32 requires UK government bodies to perform technical risk assessments using IS1; both annually, and when there is a significant change to risk (for instance when a new system is deployed).
The results of IS1 assessment, and the responses to risks, should be recorded using IS2, which concerns risk management and the accreditation
of government computer systems.
CESG
provides IS1 risk assessment tools.
Computer security
Computer security is a branch of computer technology known as information security as applied to computers and networks. The objective of computer security includes protection of information and property from theft, corruption, or natural disaster, while allowing the information and property to...
standard applied to government
Government of the United Kingdom
Her Majesty's Government is the central government of the United Kingdom of Great Britain and Northern Ireland. The Government is led by the Prime Minister, who selects all the remaining Ministers...
computer
Computer
A computer is a programmable machine designed to sequentially and automatically carry out a sequence of arithmetic or logical operations. The particular sequence of operations can be changed readily, allowing the computer to solve more than one kind of problem...
systems in the UK.
The standard is used to assess - and suggest responses to - technical risks to confidentiality, integrity and availability. In confidentiality terms, IS1 does not apply to information which is not protectively marked, but it may still be used for integrity and availability.
IS1 part of the Security Policy Framework
Security Policy Framework
The Security Policy Framework is a set of high-level policies on security, mainly affecting the UK government and its suppliers.The SPF has 70 "mandatory requirements", which are grouped into 7 areas:*...
; Mandatory Requirement 32 requires UK government bodies to perform technical risk assessments using IS1; both annually, and when there is a significant change to risk (for instance when a new system is deployed).
The results of IS1 assessment, and the responses to risks, should be recorded using IS2, which concerns risk management and the accreditation
ITHC
An ITHC, or IT Health Check, is an IT security assessment required, as part of an accreditation process, for many government computer systems in the UK....
of government computer systems.
CESG
CESG
CESG may refer to:* The Communications-Electronics Security Group, a group within the Government Communications Headquarters.* The Canada Education Savings Grant, a Government of Canada program....
provides IS1 risk assessment tools.