Louise O'Reilly (Dublin Fingal, Sinn Fein)
Link to this: Individually | In context | Oireachtas source

335. To ask the Minister for Employment Affairs and Social Protection how many staff members in her Department have received training in cyber security in the past three years; what types of cyber security training programmes have been conducted; if she will provide details of these programmes; and of the staff trained in cyber security, how many have obtained accredited cyber security qualifications. [50805/23]

Louise O'Reilly (Dublin Fingal, Sinn Fein)
Link to this: Individually | In context | Oireachtas source

336. To ask the Minister for Employment Affairs and Social Protection the expenditure on cyber security consultants and companies within her Department in the past three years; if her Department engaged in cyber security audits with outside firms in the past three years; if so, the expenditure on same; the amount her Department spent on cyber security consultants and companies in the past three years; and for a breakdown of these expenditures by year and type of service provided. [50823/23]

Louise O'Reilly (Dublin Fingal, Sinn Fein)
Link to this: Individually | In context | Oireachtas source

337. To ask the Minister for Employment Affairs and Social Protection if there are any ongoing contracts or commitments with cyber security firms; and if details can be provided [50841/23]

Louise O'Reilly (Dublin Fingal, Sinn Fein)
Link to this: Individually | In context | Oireachtas source

338. To ask the Minister for Employment Affairs and Social Protection if her Department has a policy and plan in place to address a ransomware attack and restore her Department's IT systems. [50859/23]

Heather Humphreys (Cavan-Monaghan, Fine Gael)
Link to this: Individually | In context | Oireachtas source

I propose to take Questions Nos. 335, 336, 337 and 338 together.

My Department has a dedicated cyber security function to manage the security of the Department’s network and information assets. My Department takes a risk-based approach to cyber security, is regularly audited, and has achieved the ISO 27001:2013 International Standard for Information Security. This standards-based approach enables teams to proactively identify areas where security can be improved, and these security improvements are funded from my Department’s overall ICT budget.

In common with other Government Departments, my Department has in place comprehensive arrangements to support ICT security and receives regular advice on these matters from the relevant authorities including the Office of the Government Chief Information Officer and the National Cyber Security Centre. The Deputy will understand that it is not the practice, for sound operational and security reasons, to disclose the detail of these arrangements.

Furthermore, Staff working in the Department of Social Protection are provided with regular cyber security awareness communications and all staff are supported in completing the Introduction to Cyber Security Awareness training module run through the Department of Public Expenditure, NDP Delivery and Reform's OneLearning programme.