BCC Secure?
So we believe that BCC secures the email addresses?
9 publicly visible posts • joined 18 Apr 2015
This is not the first time that a site linked to gov.uk has been found lacking. If their statement that ' .. conforms to industry standards' is defensible then those standards need an immediate review. I do not need to remind the group that there is a young man awaiting his fate for playing on the US Govt sites - and that was just for fun! It would not be so bad had the agency not had FREE access to some of the best security advice in the world and could simply have had the site tested for them by a third party.
This is not the first time that a gov.uk site has been found lacking. If their statement that ' .. conforms to industry standards' is defensible then those standards need an immediate review. I do not need to remind the group that there is a young man awaiting his fate for playing on the US govt sites - and that was just for fun!
It would not be so bad had the agency not had FREE access to some of the best security advice in the world and could simply have had the site tested for them by a third party.
One of my ex ACSLs used to say of me 'you are a 9 year old Cub that just allows a few other 9 year olds to join in your game'; I am now 71 - just led my last meeting as BSL:( going deaf and it was not fair on the others; BP was a 9 year old Cub and he lived to 84; something in this Cubbing. :-)
I agree that by far the most secure way was when we used to keep records locally and only completed the census with numbers and no details; then HQ started to ask for names etc. I refused for years citing lack of security but it was inevitable as soon as OSM (OnLine Scout (and Guide) Manager) started up that the little green eyes at HQ would see their opportunity. As to testing: I am sure that the contractors hated it but we leaders were involved though I am not sure that results/suggestions, even from pros were taken into account. The testing process was flawed as was, I guess, the design. In the final analysis 'they' tried to do too much too soon; a 'start simple' system (and KISS) would have been better - say a membership system and then add the badges and then, if that works, link the two? Big smile.