Date lodged: 6 August 2018
To ask the Scottish Government what plans it has to employ a full-time IT security analyst at (a) the Scottish Public Pensions Agency, (b) the Scottish Prison Service and (c) Social Security Scotland, and when the person will be in post.
Answered by: Kate Forbes 22 August 2018
The Scottish Public Pensions Agency (SPPA) does not employ a full time Cybersecurity Analyst.
SPPA employed a Cyber Security Specialist to undertake a review of all SPPA IT functions and this work concluded in July 2017.
SPPA has assigned a responsible officer and part of their role is to oversee the day to day cyber functions and tasks within the SPPA IT Team.
Scottish Prison Service (SPS) do not employ a Cybersecurity Analyst.
SPS has employed an IT Infrastructure Manager and this role is responsible for overseeing day to day cyber security issues for operational systems, setting direction and requirement for IT staff and developing cyber policies for the organisation. This role is a permanent SPS position with no resource movement over the period being considered, and reports to the Information Governance Forum (IGF), Head of ISS and the SPS Senior Information Risk Owner as required or requested.
Social Security Scotland is embedding security and cyber protection into the fabric of its architecture and design to gain the confidence of citizens and their trust in the Agency to deliver the devolved benefits with payments made on time, every time.
The Agency is adopting a secure by design ethos with an emphasis on building security into solutions from the start. Currently, the Agency utilises the Scottish Government’s SCOTS Connect shared IT service which includes monitoring and assessing cyber-attacks on a continuous basis by the SGs in-house team.
The Scottish Government’s in-house Cyber Security and Defence Team currently consists of 17 members of staff with recruitment for two more under way. Seven of these members of staff are classed as ‘IT Security Analysts’.
‘IT Security Analysts’ only make up a small part of the SG’s overall Cyber Security function.
In parallel to this, Social Security Scotland is developing its own dedicated in-house cyber security team and, recruitment of that team began in 2017 and will continue in a phased approach as the new benefits are introduced.