FOI Request Cyber Attacks Since 2013

Request 101001562452

I am asking the following for each year since 2013:

Please note:  We are using the following definitions in accordance to guidelines given by the National Cyber Security Centre (NCSC). https://www.ncsc.gov.uk/incident-management
• Cyber-attack:  a malicious attempt to damage, disrupt or gain unauthorised access to computer systems, networks or devices, via cyber means
• Cyber security incident : a breach of a system’s security policy in order to affect its integrity or availability or the unauthorised access or attempted access to a system

1.       Please provide details of how many cyber-attacks to computer systems, networks or devices have taken place.
2.       Please provide details of how many cyber security incidents caused internal systems or devices to be infected or for services    to be affected.
3.       How many times have you reported cyber security incidents to:
         a) Police
         b) NCSC
         c) Information Commisioner’s Office (ICO)
         d) Other, please provide detail
4.       How many cyber security incidents have caused the loss/breach of data?
5.       Please provide details of the cyber security awareness training provided to staff.
6.       Please detail the number of staff trained in cyber security awareness.
7.       Please detail what percentage of the annual budget has been allocated towards:
         a) securing IT-systems and networks against cyber-attacks
         b) training staff in cyber security awareness

Response 14-08-2017

Q1 - Q4 - This information is exempt under Section 25 of the Freedom of Information (Scotland) Act 2002- Information otherwise Available. This information is published on the Moray Council website at http://www.moray.gov.uk/moray_standard/page_113966.html

Q5 - Q7.  Moray Council does not have a specific 'Cyber Security Awareness' course or module which it provides to staff members however this subject is covered in part under other training including Data Protection training provided to staff.  Therefore this information is exempt under Section 17 of the Freedom of Information - Information not Held.