1. How many staff do you currently have? 11,000
2. How many IT network accounts do you have for logging on to the network currently? 14,000
3. How many Full Time Equivalent (FTE) staff (including vacancies) do you have that are responsible for Information Governance (IG)? 2.2
4. How many FTE staff (including vacancies) do you have that are responsible for information/IT security? 1.7
5. Please state the make/model version number (as applicable) for the following IT security controls on your IT network;
a. Desktop firewall Not applicable
b. Anti-Malware Sophos Endpoint Security
c. Device Control (e.g. endpoint protection to prevent exfiltration of data) Sophos Endpoint Security
d. Network Vulnerability N/A
e. Web Proxy Sophos Management Appliance
f. Network Access Control Active Directory
g. Intruder Prevention System (IPS) Cisco ASA
h. Intruder Detection system (IDS) Cisco ASA
i. Firewall activity logging/monitoring Cisco ASA
j. Active Directory activity logging/monitoring Not applicable
k. Security Incident and Event Management (SIEM) Not applicable
6. Date (month/year) of last penetration test carried out on any part of your organisation’s IT infrastructure. July 2015
Please note that version numbers have not been released, in the interests of network security.