STE WILLIAMS

Lincolnshire police authority has made security specialist G4S its preferred bidder in an outsourcing deal that will include ICT, back office and command and control and could be developed into a shared service for other police forces in the country.

The company is on course to land a 10-year, strategic partnership contract valued at more than £200m. It beat off competition from a partnership between Steria and Reliance Security to win the deal.

In the business support sector G4S will deliver services for ICT, HR, learning and development, assets and facilities management, finance and procurement and support. Operational services will include managing the force control room, the custody and identification unit, town enquiry officers, the crime management bureau, the central ticket office and collisions unit, the criminal justice unit, firearms licensing and the resource management unit.

In a joint statement, the police authority chairman Barry Young and Chief Constable Richard Crompton said the move is intended to support a transformation in the force aimed at providing savings that can be invested in areas such as IT infrastructure.

“The subsequent streamlining of processes will free up officer time to concentrate on operational policing,” they said.

“The partnership deal has the widest scope of any for policing in the country and is now open to other authorities. The Lincolnshire model is the new benchmark; underpinning the future of local policing and investing in new technologies and services.

“If additional authorities decide to obtain services through the contract, they could be provided from Lincolnshire – potentially giving a boost to local employment.” Ten other police authorities attached their names to the original tender document in the Official Journal of the European Union.

This article was originally published at Guardian Government Computing.

Guardian Government Computing is a business division of Guardian Professional, and covers the latest news and analysis of public sector technology. For updates on public sector IT, join the Government Computing Network here.

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2011/12/23/lincolnshire_cops_to_outsource_to_g4s/

Con men have developed a new approach towards spreading scams on Facebook.

Instead of using status updates as a lure, the latest generation of Facebook scams attempt to trick marks into installing malicious browser extensions. The plug-ins are supposedly needed to view non-existent video clips supposedly posted by an earlier victim.

Once installed, these malign browser ad-ons spread the scam from one user’s profile to another’s profiles.

Elad Sharf, security researcher at Websense Security labs, explains: “Scam pages typically utilise social engineering tricks such as enticing you with videos or a free voucher. In this new scam you’re encouraged to install a browser plugin.

“The plugin is an integral part of how the scam is spread and has the ability to propagate by posting in your name on friends’ pages. As much as these offers look tempting, if you’re asked to install plug-ins in order to get vouchers or watch a video – remember it could be a trick to spread scams, spam and malware.”

The bogus extensions come as add-ons for both Firefox and Chrome. More details of the scam, including screenshots, can be found in a blog post by Websense here. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2011/12/22/browser_plug_in_facebook_scam/

Hacktivists have released a manipulated version of a popular Android app to commemorate a Tunisian man whose suicide triggered anti-government protests in his country a year ago.

Street fruit’n’veg vendor Mohamed Bouazizi, 26, set himself on fire after local government officials refused to meet him and discuss his grievances. Bouazizi’s self-immolation propelled Tunisians’ general frustration with their politicians into a wave of protests that forced out President Zine El Abidine Ben Ali in early January. Ben Ali was the first Middle East dictator to be turfed out of office by the “Arab Spring” protest movement that spread to Egypt, Libya and elsewhere in the Middle East.

Altered versions of popular Android app Al Salah, which calculates prayer times and orientates believers towards Mecca, have begun appearing on forums dedicated to Middle Eastern issues. The Trojanised builds of the software sends links to a tribute to Bouazizi as SMS messages to everyone on the contact list of an infected phone. This process occurs silently, in the background, leaving victims none the wiser that anything has happened and certainly not asking for permission to spread the “martyr’s message”.

Analysis of the twiddled app by Symantec suggests it doesn’t do anything especially malign. Curiously, if an infected phone is located in Bahrain, the application attempts to download a PDF file onto a smartphone’s SD card.

“The PDF file was examined and does not contain any malicious code or exploits,” writes Symantec’s Irfan Asrar. “The report itself is a fact-finding inquiry by the Bahrain Independent Commission of Inquiry on allegations of human rights violations.

“There has been a lot of discussion regarding the impact of the internet, social media, and even the availability of cheap cell phones on the uprisings in the Middle East. In a way, this threat is a testament to the rise of Hacktisivm 2.0.”

Symantec’s Norton Mobile Security detects the threat as Android-Arspam.

Self-immolation as a form of extreme political protest is a centuries-old tradition in some cultures. A number of Buddhist monks, including most famously Thich Quang Duc, set fire to themselves as a protest against the persecution of Buddhists under the Roman Catholic administration of South Vietnam. The practice spread to the former Soviet bloc, with the self-immolation of Czech student Jan Palach, and more recently to the Middle East and North Africa. Bouazizi’s death inspired a number of copycat protests both in Tunisia and Egypt and elsewhere. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2011/12/22/android_trojan_maytyr/

It was the kind of day most systems administrators would like to forget. A customer of Canadian security consultant David Lewis, founder of the Liquidmatrix Security Digest, had decided to roll out a software patch to a Symantec product.

Unfortunately, the firm didn’t check the patch as well as it could have and the tweak disabled its firewalls.

Patch management looks easy but can cause nightmares if not handled properly, says Lewis, who warns that companies should never rely completely on automation.

“You will always need a human element,” he says.

The patch management challenge intensifies as the number of applications in an enterprise grows. Microsoft’s update service does a good job of looking after its own applications, but takes you only so far.

Third-party applications are harder to pinpoint and manage, and they represent roughly two-thirds of the problem. In 2010, 69 per cent of the sources of vulnerabilities on endpoints were found to have originated with third-party programs.

In 2006, patching Microsoft applications and the operating system on the average endpoint would have eliminated 55 per cent of vulnerabilities. In 2010, it got rid of just 31 per cent.

Take Adobe, for example. The company has suffered from several serious vulnerability exploits over the years, one of which appeared in September. A zero-day in the Flash player makes it possible for attackers to take control of a machine and the firm admitted that it was being exploited in the wild.

Adobe’s PDF reader has also had critical vulnerabilities, and fleeing to alternatives such as FoxIT’s PDF Reader doesn’t help. It, too, has suffered from vulnerability issues.

Fast work

In addition to patches that break systems in weird ways, time management can also be an issue. In many companies, the window available to take down systems for planned maintenance is shrinking, so patches must be rolled out faster.

However, Kamel Patel, a UK practice manager at giant IT services company Dimension Data, claims the last time he had to install a patch on a machine that needed a mandatory reboot was a while back. The move to the cloud, he argues, has made patch management easier.

“Some of the issues when you installed a patch and it overrode another file are reduced,” he says.

Not everyone buys the Utopian idea of patch-free IT departments. “So, why did Google and Adobe get nailed using IE 6?” asks Lewis.

Both companies were compromised during 2009 by zero-day attacks that exploited Internet Explorer 6 in an onslaught known as Operation Aurora. These companies were running a browser a couple of generations older than the one currently available.

“Why?” asks Emerson Tan, founder of PacketStorm, an online community that collects vulnerabilities and exploits. “Because nobody has bothered to fix their corporate intranets. Upgrading to something with most of the flaws fixed will simply break their internal apps.”

Enveloping cloud

Brian Bourne, founder of Sector, a security conference taking place in Toronto in October, is equally sceptical that cloud-based apps escape patch management issues.

“You have less control because you have to move forward when they say so,” he says.

Cloud-based application vendors update their software regularly without customer input. As an enterprise user, you may be able to stay on an earlier revision for a while by negotiating with the vendor, but that won’t last forever.

“You might have written something that interfaces with its application. Or there may be some feature it removed or altered that you were dependent on but which it figured no customers were using,” says Bourne.

Other challenges include the consumerisation of IT, which encourages employees and contractors to bring in devices such as tablets and smartphones.

Making sure these are adequately patched creates a whole new set of problems, landing us in the sticky area of network access control, network quarantine and policy servers to manage the whole tangled mess.

Smaller businesses have an easier time, according to Patel. “It’s pretty straightforward,” he says. “Just accept everything from Windows Update.”

For many small companies, this will be adequate. But every so often, a patch appears that takes down a piece of software. For example, Microsoft’s recent gaffe, in which it accidentally decided that Google Chrome was a piece of malware, caused problems for many users.

For many companies the cost of setting up a proper test bed may be prohibitive

Ideally, customers will test everything before deploying a patch. But for many companies the cost of setting up a proper test bed and maintaining a configuration management database may be prohibitive, if not from a capital expenditure perspective, then simply because they don’t have the internal nous to get the job done.

Examination fatigue

Many companies are settling for a compromise, Patel suggests. Rather than testing a patch to death with a variety of different configurations they give it quick once-over.

“You might try it out on test machines and if after a week users aren’t experiencing problems, you release it to the whole estate,” he says.

Some companies may simply wait for two weeks to see if any adverse reactions to new patches turn up elsewhere, and if not, they deploy. It all depends on the level of risk that the company is comfortable with.

Ultimately, any patching strategy involves at least some human interaction, but the key lies in minimising fuss by adopting a mature approach to IT.

For example, any change management process can be made simpler by adopting just one or two images for corporate desktops, rather than juggling many desktop builds. Reporting software can also illustrate the effects of changes and help ensure that a deployment has succeeded, with minimal impact on the infrastructure.

Maintaining the reliability of your systems involves attention to detail and a refined approach to change management. Do you have what it takes? ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2011/12/22/patch_management/

A 52-year-old female police officer was the first cop to be arrested yesterday morning in connection with allegations of receiving illegal payments from journalists.

The unnamed suspect was questioned at an Essex police station before being bailed until a return date in April next year pending further inquiries, Scotland Yard said.

She was arrested “on suspicion of misconduct in a public office and offences contrary to the Prevention of Corruption Act 1906.”

It’s the eighth arrest under Operation Elveden – a police probe supervised by the Independent Police Complaints Commission that is linked to two other investigations.

Officers working on Operation Weeting are investigating alleged voicemail interception by people said to be working at – or on behalf of – the now-defunct News Corp-owned Sunday tabloid News of the World.

Sixteen arrests have so far been made in connection with Op Weeting.

A Metropolitan police team is also working on Operation Tuleta, an investigation into alleged breaches of privacy including computer hacking, for which one person has so far been arrested.

No charges have yet been brought against any of the suspects cuffed as part of the three Scotland Yard investigations that were opened following fresh allegations earlier this year in connection to the phone-hacking scandal that engulfed Rupert Murdoch’s media empire. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2011/12/22/operation_elveden_police_woman_cuffed/

Doubts that Iran managed to bring down an advanced US drone over the country last month using an advanced GPS spoofing attack have been raised by experts, who say that attacks of this type would be extremely tough to pull off.

Iran announced on 4 December that it had captured an advanced American remotely piloted spy drone, thought to be an RQ-170 Sentinel, and proudly broadcast images of the captured kit on state TV. The images depicted a drone that was intact and showed little or no signs of damage.

The Islamic Republic initially claimed that its air forces shot the drone down after it encroached  on the country’s airspace near the Afghan border. Iran later claimed it was taken down by a sophisticated cyber-attack.  Days later an Iranian engineer said that this attack involved swamping the drone’s GPS receivers with a rogue signal that tricked it into landing on autopilot in Iran instead of a US Air Force base.

The unnamed Iranian boffin told Christian Science Monitor that Iran developed the attack after reverse-engineering previously captured or shot down US drones, and by taking advantage inherent weaknesses in the GPS navigation system.

The US said the drone was lost on a mission in Western Afghanistan before conceding it was carrying out a covert spy operation over Iran. The US has asked for the return of the drone via Swiss authorities.

RQ-170 Sentinel drones, nicknamed the Beast of Kandahar, are advanced unmanned aerial vehicle (UAV) with stealth capabilities, developed by Lockheed Martin and operated by the US Air Force, sometimes on behalf of the CIA. The stealth capabilities should have prevented the Iranians from spotting the UAV on radar. However they might have intensified GPS jamming around uranium enrichment sites to ward off drones, so it is plausible that the downed RQ-170 Sentinel came under a GPS nobbling attack. Publicly available material collated by specialist sites, such as The Aviationist, suggest US drones might be vulnerable to this sort of attack, among others.

However, such GPS spoofing attacks are really tough to pull off and analysts are wary of swallowing Iran’s spy drone hacking claims. The Iranian authorities would need to know the location of the drone within a matter of metres and hit it with a GPS signal stronger than the satellites’ transmissions. Neither of these signals are encrypted so the stronger signal would win out, but the hijacker must gradually introduce errors to guide the craft down towards the chosen landing point, all the time maintaining a signal lock, a non-trivial effort established by US academics during experimentation:

According to our experiments, the attacker must ensure that his time offset to the system time is less than 75ns. Any greater offset will cause the GPS receiver to lose lock when the spoofing signal is turned on. A value of 75ns roughly corresponds to a distance of 22.5m, meaning that the attacker must know his distance from the victim with an accuracy of 22.5m (or better) — a higher offset will cause the victim to lose lock due to the signal (chip phase) misalignment.

We confirmed that the initial location offset will cause a noticeable jump of the victim’s reported position during the attack. Large offsets could therefore be detected by the victim by monitoring its position. Any imperfections in the arrival time of the signal from different antennas will directly impact the position calculated by the victim. If the relative time offset gets above 80ns, the signals will even cause the receiver to lose lock. This means that, if an attacker has multiple antennas, he must precisely know the distance from each antenna to the attacker in order to be able to spoof a desired location. We could also observe a general localization error as predicted in our theoretical analysis, even for smaller mismatches in the arrival times.

The paper, On the Requirements for Successful GPS Spoofing Attacks [PDF], compiled by eggheads at ETH Zurich, in Switzerland, and UCI, in Irvine in the US, suggests various countermeasures. The covert satellite-lock takeover attack is straight out of the playbook of James Bond villains*. Iran may be trying to run such attacks, Russia might even be helping, but the probability of such a hijacking succeeding is very low.

Either Iran got very lucky or the the drone was simply lost, possibly a result of a command-and-control failure, or jamming over an nuclear facility that disrupted communications with its base, before fail-safe mechanisms, er, failed. In this scenario, the drone unluckily landed in the desert somewhere (rather than mountains where it would have been destroyed or severely damaged).

You’d normally expect the drone to have sustained more damage, even in this scenario, but the possibility that it succumbed to a Blofeld-inspired GPS-spoofing attack looks even more far-fetched. Although the drone operates at high altitude it could have fallen into a flat spin that meant it went into the ground belly first and survived relatively unscathed. ®

*The spacecraft-hijacking opening scene of You Only Live Twice to be precise.

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2011/12/21/spy_drone_hijack_gps_spoofing_implausible/

An unpatched critical flaw in 64-bit Windows 7 leaves computers vulnerable to a full ‘blue screen of death’ system crash.

The memory corruption bug in x64 Win 7 could also allow malicious kernel-level code to be injected into machines, security alert biz Secunia warns. Fortunately the 32-bit version of Windows 7 is immune to the flaw, which has been pinned down to the win32k.sys operating system file – which contains the kernel portion of the Windows user interface and related infrastructure.

Proof-of-concept code showing how to crash vulnerable Win 7 boxes has been leaked: the simple HTML script, when opened in Apple’s Safari web browser, quickly leads to the kernel triggering a page fault in an unmapped area of memory, which halts the machine at a blue screen of death.

The offending script is just an IFRAME tag with an overly large height attribute. Although Safari is required to spark the system crash via HTML, modern operating systems should not allow usermode applications to bring down the machine. Microsoft is now investigating the vulnerability, which was first reported by Twitter user WebDEVil, although the software giant is racing against hackers tracing the code execution path to discover the underlying vulnerability in Windows 7.

A video of the Safari-triggered crash along with the HTML PoC can be seen here. Other exploit scenarios might also be possible. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2011/12/21/win_7_bug_crash_risk/

Facebook’s handling of its user data in Ireland is legitimate, the Irish data protection commissioner’s office said today.

The DPA released a 149-page audit report detailing the outcome of a privacy inspection carried out by the information commission in Ireland.

“The audit has found a positive approach and commitment on the part of Facebook Ireland Ltd to respecting the privacy rights of its users, said Irish Data Protection Commissioner Billy Hawkes.

“Arising from the audit, Facebook-Ireland has agreed to a wide range of ‘best practice’ improvements to be implemented over the next 6 months, with a formal review of progress to take place in July of next year,” he added.

His deputy, Gary Davis, led the audit that was announced in September, following a number of privacy complaints brought against Facebook, whose international headquarters are in Dublin, Ireland, that were submitted to the Commission.

An Austria-based collective called Europe versus Facebook filed 22 complaints with the Irish data protection commissioner. Among other things, the group griped about Facebook’s “Like” button that – it was revealed by Oz blogger Nik Cubrilovic – had carried cookies that included unique information after people had logged out of the dominant social network.

At the time, Facebook said it had “quickly” fixed the issue, but insisted there was no privacy or security breach.

As The Register pointed out in September, Facebook farms all the data it stores back to its spiritual homeland in the US.

But while a privacy audit in Ireland might have appeared significant given that the Irish data protection commissioner’s office was the nearest responsible DPA outside of the firm’s US headquarters, the reality was that Facebook isn’t breaching European law.

Davis, who wants to see “improvements” from Facebook, acknowledged that in the audit document, seen by El Reg, and published later today. The Irish DPA described the dominant social network as having “an almost Darwinian nature”, which meant it should have “robust mechanisms” in place. But the commissioner’s office indicated today that it wants to see Facebook be at the forefront of data privacy online.

“Taking a leadership position that moves from compliance with the law to the achievement of best practice is for Facebook Ireland to decide but if it continues to display the commitment I witnessed throughout the audit process it is certainly achievable,” said Davis.

The report issued recommendations to Facebook and asked it to “commit” to implementing “best practice” across the company’s site:

• a mechanism for users to convey an informed choice for how their information is used and shared on the site including in relation to Third Party Apps;
• a broad update to the Data Use Policy/Privacy Policy to take account of recommendations as to where the information provided to users could be further improved;
• transparency and control for users via the provision of all personal data held to them on request and as part of their everyday interaction with the site;
• the deletion of information held on users and non-users via what are known as social plugins and more generally the deletion of data held from user interactions with the site much sooner than presently;
• increased transparency and controls for the use of personal data for advertising purposes;
• an additional form of notification for users in relation to facial recognition/”tag suggest” that is considered will ensure Facebook Ireland is meeting best practice in this area from an Irish law perspective an enhanced ability for users to control tagging and posting on other user profiles;
• an enhanced ability for users to control whether their addition to Groups by friends; and
• the Compliance management/Governance function in Dublin which will be further improved and enhanced to ensure that the introduction of new products or new uses of user data take full account of Irish data protection law.

Facebook is expected to implement those commitments over the next six months, said the Irish DPA. An agreed “formal review” will undertaken by the commissioner’s office in July next year. However, there are various examples throughout the audit report of Facebook batting back recommendations from the watchdog.

On the contentious issue of photo-tagging, Facebook simply said it would “examine the broader implications” of the issue during the July 2012 review.

The social network added in the report: “Facebook firmly believes that it has struck the right balance in terms of product development and user control” when it comes to use of its facial recognition tech.

On the issue of individual users having their profile pictures and names displayed in third-party ads, Facebook said it would ” enter into discussions” with the commission “in advance of any plans to introduce such functionality.”

The Irish data regulator had asked Facebook to consider gaining consent from its users before implementing such a feature. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2011/12/21/facebook_irish_data_protection_commissioner_implement_best_practice_improvements/

Legal experts are warning that the proposed PROTECT IP and the Stop Online Piracy Act (SOPA) legislation, currently working their way through Congress, will damage the world’s DNS system, cripple attempts to get better online security and violate free speech rights in the US constitution.

In an essay published in the Stanford Law Review professors Mark Lemley, David Levine and David Post warned that the overarching reach of the legislation would cause people to seek alternatives to the existing DNS system, manufacture massive technical problems in the implementation of DNSSEC and trample over rights of free expression by allowing the total suppression of published opinion based on allegations without proof, or even a hearing.

“These bills, and the enforcement philosophy that underlies them, represent a dramatic retreat from this country’s tradition of leadership in supporting the free exchange of information and ideas on the internet,” the trio warn.

Under the terms of the proposed PROTECT IP legislation a US federal prosecutor who finds a foreign website that is “dedicated to infringing activities” can force all US internet service providers, domain name registries, domain name registrars and operators of domain name servers to block either the offending page or the whole web domain from the DNS system* – effectively wiping the site off the internet map.

The professors warn that the SOPA legislation is even worse in this regard. “Under SOPA, IP rights holders can proceed vigilante-style against allegedly offending sites, without any court hearing or any judicial intervention or oversight whatsoever… and all of this occurs based upon a notice delivered by the rights holder, which no neutral third party has even looked at, let alone adjudicated on the merits,” they write.

The team also echoes concerns from Sandia Labs and others that the laws would break the implementation of DNSSEC. Those companies using the secure protocol could find themselves liable for legal action, some experts have warned, and would encourage the formation of new, unregulated DNS systems that would fracture the overall structure of the internet.

From a legal standpoint the proposed laws are almost certainly unconstitutional, the trio warns, since it can be used to deprive first amendment free speech rights without any access to a court hearing and with little or no evidence presented of a crime – indeed overseas website owners may not even be informed before a site is taken down.

Who is leading the fightback?

Some of the biggest names in the internet world have rallied to fight the current round of legislation, including some unlikely bedfellows. Vint Cerf and other leading luminaries have warned of the dangers, Google, Facebook and other online businesses are battling against it and Mozilla is mobilizing the open-source community. Even the Business Software Alliance has opposed it – and when the software industry’s anti-piracy goon squad doesn’t like copyright legislation you know it has to be seriously flawed.

News of the proposed changes has even reached China, where it is inspiring some bloggers to take the piss out of America for copying the Great Firewall of China. Weiping Li, a blogger with Global Voices Advocacy, told The Register that the similarities between the two countries were amusing some.

“Now they’re copying us to build up a wall. It’s like after climbing over the wall, we then bump into another one. It’s crazy!” said one web scribbler.

Even the legislators themselves are expressing concern at the lack of technical expertise they can access during House Judiciary Committee hearings on the bills and the speed with which they are being asked to act.

“When we had that last hearing, there wasn’t a single person who could answer the technical questions, and they all admitted that, even though a couple of them still opined,” complained California congressman Dan Lungren.

“But that is very unsatisfactory to me, and it ought to be very unsatisfactory to this committee, and it certainly ought to be very unsatisfactory to this institution. This is an extremely important issue. We better do it right, and I would just hope that we would take the time to do that.” ®

Bootnote

DNS, for the uninitiated, is the vital system that points browsers at websites when given a human-readable address, such as facebook.com or theregister.co.uk. Get removed from the DNS system and you can kiss goodbye to your traffic.

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2011/12/20/us_ip_fail_internet_constitution/

Sharing data on public services could have serious consequences unless the material has been valued, maintained and protected and the original reasons for its collection have been taken into account, the Information Society Alliance (Eurim), has warned.

In a report (PDF) on the quality of public sector information, the group says that the drive to put central and local government data online, open to public scrutiny, has revealed the long standing problems with quality that lie behind the reluctance of some departments and agencies to trust one another’s data. It adds that it is important that decisions on spending cuts are based on good quality information.

“Meanwhile demands from regulators and government agencies for the collection and retention of data that is not required for operational purposes, but might be needed in future, reduce UK competitiveness and add to public sector costs,” says the document.

“The scale and nature of current duplication, inconsistency, confusion and error, both random and systemic, derives from failure to apply the disciplines of information management. The consequences include personal tragedy, avoidable suffering, inefficiency, waste and policy decisions based on mythology, hunch and guesswork, rather than the well informed analysis of timely and reliable data.”

Despite its concerns, Eurim says that it welcomes the EU’s new Open Data Strategy, which aims to make public sector data more freely available.

To help improve the quality of public sector information, Eurim recommends that:

• Government departments need to recognise that they are comparatively minor players in a mature, global market for personal and business information, including identity registration and customer identification services and analyses of transactions and patterns of behaviour.
• The information they collect and maintain should be clearly relevant to the service delivered and aligned to the objectives of the organisation, using collection and validation processes that do not get in the way of efficient service delivery.
• Information should be a treated as an asset, to be valued, maintained and protected.
• When information is re-used, the context in which it was originally collected needs to be understood, including its provenance, for example, who collected it?
• The public sector needs to rebuild its skills to manage and use information, at all levels, including technical and professional, as a matter of urgency.
• The demise of the Audit Commission and pressures for regulatory rationalisation, including information assurance and data protection, suggests the need for a single authoritative and independent guardian of public sector information and information management standards, under the aegis of the public administration select committee.

Dr Edwards Phelps, secretary general at Eurim, said: “While the government should be applauded for its aim of opening up data on public services to save money and stimulate economic growth, it is absolutely essential that government departments understand the risks associated with data sharing and the procedures that should be followed.”

This article was originally published at Guardian Government Computing.

Guardian Government Computing is a business division of Guardian Professional, and covers the latest news and analysis of public sector technology. For updates on public sector IT, join the Government Computing Network here.

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2011/12/20/eurim_says_public_sector_needs_to_improve_quality_of_information/