Cofnod Datgeliadau

Defnyddiwch y rhan hon o'r wefan i weld Bas Data cofnod datgeliadau'r Awdurdod.

Cwestiwn

Under the Freedom of Information Act, I would like to ask for information on Merthyr Tydfil Council’s data security spending & training on behalf of Redscan. Please could you share the following information in the format of an CSV, XLS, XLXF file - or any other format that may be opened via Excel or Google Spreadsheets (preferably not a pdf). If you wish to add more context or information, please do so in a separate document or in the body of an email. N.B we intend on anonymising the results of this FOI when publishing it on the Redscan site. We do not wish to highlight which councils are performing better/worse than others (which would be irresponsible), we simply want to understand the risks posed to councils and how they approach training/qualifications. Council name Region - please select from the following: South East, London, North West, East of England, West Midlands, South West, Yorkshire and the Humber, East Midlands, North East, Wales, Scotland, Northern Ireland The total number of full-time and part-time employees employed by your organisation (as of 1st January 2021 or latest figures available) The total number of full-time and part-time employees employed by your organisation with professional data security / cybersecurity qualifications (as of 1st January 2021 or latest figures available) - Common qualifications may include any cyber or IT security related qualifications such as CISSP, SSCP, CSA, CEH, CISA, CISM, Security+ The total number of full-time and part-time employees employed by your organisation who have completed cyber security training between 1stJanuary 2020 and 31stDecember 2020 (or latest annual figures available) How much money (in pounds sterling) has been spent on cyber security training between 1stJanuary 2020 and 31stDecember 2020 (or latest annual figures available) this may include GDPR-related training How many data breaches did your organisation report to the ICO between 1st January 2019 and 1st January 2020 How many data breaches did your organisation report to the ICO between 1st January 2020 and 1st January 2021 Was your organisation victim to a successful ransomware attack between 1st January 2020 and 31st December 2020? As for the definition of a “successful ransomware attack”, please include any incident in which an attacker requesting a ransom/payment managed to successfully encrypt, steal or leak any data/systems/assets that your organisation processes/holds. If you answered yes to the previous question, did your organisation agree to pay a ransom? Yes/No Did your organisation suffer a cyber security incident between 1st January 2020 and 31st December 2020 which resulted in disruption to the council’s services? This refers to any cyber incident that forced usual services to go offline or become unavailable. Yes/No I appreciate the time that it takes to complete these requests so, if it is not possible to provide the information requested due to the information exceeding the cost of compliance limits identified in Section 12, please provide advice and assistance, under the Section 16 obligations of the Act, as to how I can refine my request (for instance, only receiving responses to some of the sections). If it is not possible to provide a breakdown of data in this detail, then please provide separately, statistics on data security / cybersecurity training and qualifications as you record them.

Ateb

Council name Region - please select from the following: South East, London, North West, East of England, West Midlands, South West, Yorkshire and the Humber, East Midlands, North East, Wales, Scotland, Northern Ireland The total number of full-time and part-time employees employed by your organisation (as of 1st January 2021 or latest figures available) The total number of full-time and part-time employees employed by your organisation with professional data security / cybersecurity qualifications (as of 1st January 2021 or latest figures available) - Common qualifications may include any cyber or IT security related qualifications such as CISSP, SSCP, CSA, CEH, CISA, CISM, Security+ The total number of full-time and part-time employees employed by your organisation who have completed cyber security training between 1stJanuary 2020 and 31stDecember 2020 (or latest annual figures available) How much money (in pounds sterling) has been spent on cyber security training between 1stJanuary 2020 and 31stDecember 2020 (or latest annual figures available) this may include GDPR-related training How many data breaches did your organisation report to the ICO between 1st January 2019 and 1st January 2020 How many data breaches did your organisation report to the ICO between 1st January 2020 and 1st January 2021 Was your organisation victim to a successful ransomware attack between 1st January 2020 and 31st December 2020? As for the definition of a “successful ransomware attack”, please include any incident in which an attacker requesting a ransom/payment managed to successfully encrypt, steal or leak any data/systems/assets that your organisation processes/holds. If you answered yes to the previous question, did your organisation agree to pay a ransom? Yes/No Did your organisation suffer a cyber security incident between 1st January 2020 and 31st December 2020 which resulted in disruption to the council’s services? This refers to any cyber incident that forced usual services to go offline or become unavailable. Yes/No Merthyr Tydfil County Borough Council Wales ***Payroll will need to confirm this*** 1 1 £0 9 2 The Council will neither confirm nor deny details about number and types of cyber-attacks held under Section 31(3) of the Freedom of Information Act 2000. The Council will neither confirm nor deny details about number and types of cyber-attacks held under Section 31(3) of the Freedom of Information Act 2000.