Question to the Ministry of Defence:
To ask the Secretary of State for Defence, what steps he has taken to improve information security training within his Department.
All Ministry of Defence (MOD) personnel are required to undertake initial and refresher information security training to ensure they can recognise threats to security and can respond appropriately. This consists of the Defence Information Management Passport online course, which must be retaken every three years, and annual attendance at a General Security Threat Brief (this covers all elements of protective security and includes information and cyber security).
Additionally, a core part of our defensive Cyber Strategy and Plan includes a major all-staff Cyber Awareness, Behaviours, Skills and Culture Programme designed to ensure that all MOD personnel are able to understand what they need to do to work effectively and in a secure way in the modern context, both at home and at work. This is achieved through directed interventions targeting specific risky behaviours, supported by novel and engaging awareness campaigns under the 'Cyber Confident' header, which are designed to increase motivation to act.