Just when we thought the work of public sector IA had stabilised after the PSN Zero Tolerence Regime, we now find a move from a rules based to a more principles based approach to Cyber Project risk man agent.
We have worked with rules for many years, likewise with principles, especially around Data Protection.
Likewise the financial services and legal professions have both been subject to principles based regulated regimes for many years. The change in IA will be interesting as there isn't a regulator to cover information assurance.
this change and the move to the OFFICIAL classification and handling regime almost a year ago has brought about consider able change. These changes will continue with the added dimension of agile development becoming increasingly popular.
Now we need to look at agile information assurance and agile development at OFFICIAL. New principles based guidance will need to be produced and a further update to the Local Public Services Data Handling Guidance, hitting version four, this Summer.