Protective security governance guidelines
|
|
- Charlotte Hart
- 8 years ago
- Views:
Transcription
1 Protective security governance guidelines Business impact levels Approved November 2014 Amended April 2015 Version 2.1
2 Commonwealth of Australia 2013 All material presented in this publication is provided under a Creative Commons Attribution 3.0 Australia licence ( For the avoidance of doubt, this means this licence only applies to material as set out in this document. The details of the relevant licence conditions are available on the Creative Commons website as is the full legal code for the CC BY 3.0 AU licence ( Use of the Coat of Arms The terms under which the Coat of Arms can be used are detailed on the It's an Honour website ( Contact us Enquiries regarding the licence and any use of this document are welcome at: Commercial and Administrative Law Branch Attorney-General s Department 3 5 National Cct BARTON ACT 2600 Call: copyright@ag.gov.au Document details Security classification Dissemination limiting marking Date of security classification review Authority Author Unclassified Publicly available Not applicable Protective Security Policy Committee Attorney-General s Department Document status Version 2.0 approved 1 November 2014 Replaces Version 1.1 Approved 21 June 2011 amended October 2013 Amended April 2015
3 Contents 1. Introduction Purpose Audience Scope Use of specific terms in these guidelines Background Why the guidelines were developed Relationship to other documents How the guidelines are structured Using business impact levels Impacts to confidentiality and security classifications Terminology Benefit to agency collaboration Relationship to security risk management... 4 Annex A: Australian Government business impact levels guidance... 5
4 Amendments No. Date Location Amendment 1. April 2015 Throughout Update PSPF hyperlinks 2. 3.
5 1. Introduction 1.1 Purpose 1. The Australian Government protective security governance guidelines Business impact levels provide guidance to agencies so they can apply a consistent approach to assessing business impact from an Australian Government perspective. The guidelines give clear, understandable definitions of business impact and examples of the types of impacts to the Australian Government. 1.2 Audience 2. These guidelines are aimed at those within the Australian Government who are responsible for defining the business impact levels (BILs) for government assets, including information and ICT systems. 1.3 Scope 3. These guidelines relate to protective security within the Australian Government Use of specific terms in these guidelines 4. In these guidelines the terms: should refers to better practice; agencies are expected to apply better practice unless there is a reason based on their risk assessment to apply alternative controls. National interest a matter which has or could have impact on Australia, including: national security international relations law and governance, including: inter-state/ territory relations law enforcement operations where compromise could hamper or prevent national crime prevention strategies or investigations, or endanger personal safety economic wellbeing heritage or culture. 5. For details on policy exceptions see the Australian Government information security management protocol.
6 2. Background 2.1 Why the guidelines were developed 6. Without a broadly consistent impact assessment tool, agencies will not be able to effectively share the implications of a particular information risk with their business partners. With such a tool it becomes possible to communicate in a manner that allows the collaborative management of information risks. 7. Furthermore, automating the processes for managing risk is not straightforward if the impact is not commonly understood. 8. Collaborating agencies need more clarity over the controls that apply in their relationships. 9. With the increased significance of collaboration it is becoming more important to be able to share the implications of a risk about the potential business impact. Agencies need to do so in a manner that is generally understood. There is no commonly agreed method available to communicate, with enough detail, the impact of information risk on agencies. 10. The Australian Government needs reasonably consistent and scalable BILs that would be associated with assets of different sensitivity, suitable asset controls, and trust levels. 2.2 Relationship to other documents 11. The Attorney-General s Department issues the guidelines, in support of mandatory requirements and protocols named in the Protective Security Policy Framework (PSPF). All publicly available PSPF documents are listed in the PSPF Document Map. 2.3 How the guidelines are structured 12. These guidelines explain the purpose of BILs and describe their use. They include Annex A: Australian Government business impact levels guidance.
7 3. Using business impact levels 13. The table at Annex A: Australian Government business impact levels guidance provides a framework that allows agencies to assess the BILs for compromises to the confidentiality, integrity or availability of individual or aggregated information, ICT systems and assets. 14. The BILs scale ranges from 1 (Low/Medium) impact to 5 (Catastrophic) impact. 15. The business impacts of a loss of confidentiality, integrity and availability should be assessed separately for any given asset or aggregation of assets. 16. The highest impact from the compromise of confidentiality, integrity or availability should be the BIL assigned to a resource or aggregation of resources. 3.1 Impacts to confidentiality and security classifications 17. Where a security classification is applied to an asset there is an indicative correlation that should be considered when classifying or categorising. The security classifications of PROTECTED, CONFIDENTIAL, SECRET and TOP SECRET directly match to business impact levels 2, 3, 4, and 5 respectively for confidentiality of individual documents or files. 18. It is not the case that an aggregation of assets with a business impact level of 4 for confidentiality necessarily will be marked individually at SECRET. The Australian Government information security management guidelines Management of aggregated information, provides further guidance on managing data aggregation. 19. While the protective markings of PROTECTED, CONFIDENTIAL, SECRET and TOP SECRET relate to confidentiality, there is no equivalent set of protective markings for integrity or availability. 3.2 Terminology 20. Many BILs examples come with a descriptive adjective, for example minor or major. They are simply portraying a level of importance to the impact in a particular government business environment. 21. There are some relative terms used within the table and their use is not precisely defined; rather it is apt to the business function in question. For example, medium term in one case may mean two to five days, but in another case may mean up to three years. Agencies should consider these terms in the context of the operation requirements. 3.3 Benefit to agency collaboration 22. BILs will vary greatly between agencies, based on their functions and size.
8 23. One important difference to understand with BILs is that they do not measure the size of the risk event; a given information risk would not necessarily have the same business impact on each party in a collaboration. The ability to clearly communicate the potential impact on both parties facilitates proper negotiation between them over the risk controls or mitigation measures that should be employed. 24. Similarly, the financial implications of an event will not always be the same for each agency. Losing $10,000 would have a very different effect on a small agency than it would on a large department. It is important to ensure the BIL used tells the true implications of a risk event for each agency. 3.4 Relationship to security risk management 25. The successful exploitation of a vulnerability by a threat vector will have an impact on an asset s availability, confidentiality or integrity. 26. These BILs provide agencies with a common understanding of the resulting consequences for the National interest, organisations and the individuals, to aid them in performing effective risk assessments and analysis. 27. Agencies should consider all threat sources and potential consequences on an asset before determining the overall business impact from the asset s compromise or loss for example, the impact on national security from harm to an individual may be negligible while the impact on the individual may be extreme. Conversely minor harm to a key officer involved in a critical operation may have a high impact.
9 Annex A: Australian Government business impact levels guidance The examples given below are indicative to assist agencies in developing their own business impact level guides. 1 (Low-medium) 2 (High) 3 (Very High) 4 (Extreme) 5 (Catastrophic) Could be expected to cause limited damage to the National interest, organisations or individuals by: Impacts on National Security Could be expected to cause damage to the National interest, organisations or individuals by: Could be expected to cause significant damage to the National interest, organisations or individuals by: Could be expected to cause serious damage to the National interest, organisations or individuals by: Could be expected to cause exceptionally grave damage to the National interest, by: causing limited damage to national security causing minor damage to national security causing damage to national security causing serious damage to national security causing exceptionally grave damage to national security Impacts on Agency Operations Operational capacity causing a significant degradation in organisational capability to an extent and duration that, while the agency can perform its primary functions, the effectiveness of the functions is noticeably reduced Agency Assets causing a severe degradation in, or loss of, organisational capability to an extent and duration that the agency cannot perform one or more of its primary functions causing a severe degradation in, or loss of, organisational capability to an extent and duration that the agency cannot perform one or more of its functions for an extended time resulting in damage to agency assets resulting in major harm to agency assets resulting in major long term harm to agency assets Agency Finances resulting in moderate financial loss to an agency Australian Financial and Economic Impacts undermining the financial viability of one or more individuals, minor Australia-based or Australian-owned organisations or companies, or disadvantaging a major Australian organisation or company resulting in loss to Australian Government / public sector of $10 to $100 million causing limited damage to international trade or commerce, with the potential to reduce economic growth in Australia Impacts on Government Policies impedes the development of government policies resulting in minor loss of confidence in government resulting in substantial financial loss to an agency undermining the financial viability of, or causing substantial financial damage to, a major Australia-based or Australian-owned organisation or company, or disadvantaging a number of major Australian organisations or companies resulting in short-term material damage to national finances or economic interests to an estimated total of $100 million to $10 billion causing material damage to international trade or commerce, with the potential to directly and noticeably reducing economic growth in Australia seriously impedes the development or operation of major government policies disadvantaging Australia in international negotiations or strategy resulting in a major loss of confidence in government undermining the financial viability of, or causing substantial financial damage to, a number of major Australia-based or Australianowned organisations or companies causing long-term damage to the Australian economy to an estimated total of $10 to $20 billion causing major, short-term damage to global trade or commerce, leading to short term recession or hyperinflation in Australia significantly disadvantaging Australia in international negotiations or strategy temporarily damaging the internal stability of Australia or friendly countries causing a severe degradation in, or loss of, organisational capability to an extent and duration that the agency cannot perform any of its functions undermining the financial viability of a number of major Australia-based or Australian-owned organisations or companies in the same sector causing major, long-term damage to the Australian economy to an estimated total in excess of $20 billion causing major, long-term damage to global trade or commerce, leading to prolonged recession or hyperinflation in Australia severely disadvantaging Australia in major international negotiations or strategy threatening directly the internal stability of Australia or friendly countries leading to widespread instability resulting in the collapse of internal political stability of Australia or friendly countries 5
10 causing embarrassment to diplomatic relations causing short term damage or disruption to diplomatic relations causing significant damage or disruption to diplomatic relations including resulting in formal protest or retaliatory action raising international tension, or causing severe damage or disruption, to diplomatic relations directly provoking international conflict or causing exceptionally grave damage to relations with friendly governments Impacts on Personal Safety limited harm to individuals could cause harm to individuals including injuries that are not serious or life threatening endangering individuals - the compromise of information could lead to serious harm or potentially life threatening injury to an individual endangering small groups of individuals - the compromise of information could lead to serious harm or potentially life threatening injuries to a small group of individuals threatening life directly the compromise of information could reasonably be expected to lead to loss of life of an individual or small group leading directly to widespread loss of life the compromise of information could reasonably be expected to lead to the death of a large number of people Impacts on Crime Prevention hindering the detection, impeding the investigation, or facilitating the commission of low-level crime or hindering the detection of a serious offence, i.e. an offence resulting in 2 or more years imprisonment impeding the investigation of, or facilitating the commission of a serious offence, i.e. an offence resulting in 2 or more years imprisonment causing major, long-term impairment to the ability to investigate serious offences, i.e. offences resulting in 2 or more years imprisonment causing major, long-term impairment to the ability to investigate serious organised crime undertaken by an organised crime group as defined in the Convention Against Transnational Organised Crime Impacts on Defence Operations causing limited damage to the non-operational effectiveness or security of Australian or allied forces without causing risk to life causing damage to the non-operational effectiveness or security of Australian or allied forces causing re-supply problems that could result in risk to life causing damage to the operational effectiveness or security of Australian or allied forces that could result in risk to life resulting in severe damage to the operational effectiveness or security of Australian or allied forces causing exceptionally grave damage to the operational effectiveness or security of Australian or allied forces Impacts on Intelligence Operations causing damage to Australian or allied intelligence capability causing severe damage to Australian or allied intelligence capability causing exceptionally grave damage to the effectiveness of extremely valuable security or intelligence operations Impacts on National Infrastructure damaging or disrupting significant State or Territory infrastructure damaging or disrupting significant national infrastructure shutting down or substantially disrupting significant national infrastructure 6
Protective security governance guidelines
Protective security governance guidelines Security of outsourced services and functions Approved 13 September 2011 Version 1.0 Commonwealth of Australia 2011 All material presented in this publication
More informationPhysical security management guidelines
Physical security management guidelines Event security Approved 13 December 2011 Version 1.0 i Commonwealth of Australia 2011 All material presented in this publication is provided under a Creative Commons
More informationProtective security governance guidelines
Protective security governance guidelines Reporting incidents and conducting security investigations Approved 13 September 2011 Version 1.0 Commonwealth of Australia 2011 All material presented in this
More informationFSDF SPATIAL INFORMATION MANAGEMENT POLICIES SECURITY
FSDF SPATIAL INFORMATION MANAGEMENT POLICIES SECURITY Objective: Securing the Foundation Spatial Data Framework. This document is presented by ANZLIC the Spatial Information Council, representing the Australian
More informationInformation security management guidelines
Information security management guidelines Agency cyber security responsibilities when transacting online with the public Version 2.1 Approved July 2014 Amended April 2015 Commonwealth of Australia 2013
More informationPersonnel security guidelines
Personnel security guidelines Vetting Practices Approved November 2014 Amended June 2015 Version 1.2 Commonwealth of Australia 2013 All material presented in this publication is provided under a Creative
More informationPhysical security management guidelines
Physical security management guidelines Security zones and risk mitigation control measures Approved 21 June 2011 Version 1.4 i Commonwealth of Australia 2011 All material presented in this publication
More informationE-SECURITY REVIEW 2008 DISCUSSION PAPER FOR PUBLIC CONSULTATION
1. Introduction E-SECURITY REVIEW 2008 DISCUSSION PAPER FOR PUBLIC CONSULTATION Australia s national security and economic and social well-being rely upon the use and availability of a range of Information
More informationMalicious cyber activity is on the increase at risk. This may involve the loss of critical data and consumer confidence, as well as profits
CYBER CRIME & SECURITY SURVEY REPORT 2013 Foreword Malicious cyber activity is on the increase and every business with an online presence is at risk. This may involve the loss of critical data and consumer
More informationUNCLASSIFIED UNCONTROLLED-IF-PRINTED. Public. 2:51 Outsourced Offshore and Cloud Based Computing Arrangements
Defence Security Manual DSM Part 2:51 Outsourced Offshore and Cloud Based Computing Arrangements Version 1 ation date July 2105 Amendment list 23 Optimised for Screen; Print; Screen Reader Releasable to
More informationEmail Protective Marking Standard Implementation Guide for the Australian Government
Email Protective Marking Standard Implementation Guide for the Australian Government May 2012 (V2012.1) Page 1 of 14 Disclaimer The Department of Finance and Deregulation (Finance) has prepared this document
More informationASDEFCON INSURANCE CASE STUDIES CASE STUDY #8 AVIATION IN SERVICE SUPPORT CONTRACT
ASDEFCON INSURANCE CASE STUDIES CASE STUDY #8 AVIATION IN SERVICE SUPPORT CONTRACT NOTES TO READER This case study has been prepared to assist drafters in the use of the ASDEFCON insurance clauses. This
More informationInformation Sharing Protocols (IL1 to IL3) Classification & Encryption Method Using 7 Zip Software
Information Sharing Protocols (IL1 to IL3) Classification & Encryption Method Using 7 Zip Software Classifying Information How does the information author/owner decide what the correct classification should
More informationAustralian Government Information Security Manual CONTROLS
2014 Australian Government Information Security Manual CONTROLS 2014 Australian Government Information Security Manual CONTROLS Commonwealth of Australia 2014 All material presented in this publication
More informationAustralian Government Information Security Manual CONTROLS
2015 Australian Government Information Security Manual CONTROLS 2015 Australian Government Information Security Manual CONTROLS Commonwealth of Australia 2015 All material presented in this publication
More informationProtective Marking for UK Government
Protective Marking for UK Government WHITE PAPER Contents Introduction 3 Regulatory Requirements 3 Government Protective Marking System (GPMS) 3 The Value Beyond Regulatory Requirements 4 Leveraging Other
More informationCYBER SECURITY STRATEGY AN OVERVIEW
CYBER SECURITY STRATEGY AN OVERVIEW Commonwealth of Australia 2009 This work is copyright. Apart from any use as permitted under the Copyright Act 1968, no part may be reproduced by any process without
More informationAustralia s counter-terrorism laws
Australia s counter-terrorism laws & Questions and answers OFFENCES This pamphlet is a reference to help explain Australia s counter-terrorism laws. There are five main sections to this pamphlet: Terrorist
More informationYour guide to. Dispute Resolution
Your guide to Dispute Resolution Your guide to Dispute Resolution ISBN 978-1-922032-16-4 Commonwealth of Australia 2012 All material presented in this publication is provided under a Creative Commons
More informationPOLICY FRAMEWORK AND STANDARDS INFORMATION SHARING BETWEEN GOVERNMENT AGENCIES
POLICY FRAMEWORK AND STANDARDS INFORMATION SHARING BETWEEN GOVERNMENT AGENCIES January 2003 CONTENTS Page 1. POLICY FRAMEWORK 1.1 Introduction 1 1.2 Policy Statement 1 1.3 Aims of the Policy 1 1.4 Principles
More informationThird Party Identity Services Assurance Framework. Information Security Registered Assessors Program Guide
Third Party Identity Services Assurance Framework Information Security Registered Assessors Program Guide Version 2.0 December 2015 Digital Transformation Office Commonwealth of Australia 2015 This work
More informationThe Management of Physical Security
The Auditor-General Audit Report No.49 2013 14 Performance Audit Australian Crime Commission Geoscience Australia Royal Australian Mint Australian National Audit Office Commonwealth of Australia 2014 ISSN
More informationInquiry into the ability of Australian law enforcement authorities to eliminate gun-related violence in the community
Senate Legal and Constitutional Affairs Committee Inquiry into the ability of Australian law enforcement authorities to eliminate gun-related violence in the community Attorney-General s Department Submission
More informationSecurity Awareness and Training
T h e A u d i t o r - G e n e r a l Audit Report No.25 2009 10 Performance Audit A u s t r a l i a n N a t i o n a l A u d i t O f f i c e Commonwealth of Australia 2010 ISSN 1036 7632 ISBN 0 642 81115
More informationProtective security governance guidelines
Protective security governance guidelines Security awareness training Version 1.0 Approved September 2010 Contents Introduction... 1 Who gets of security awareness training/briefings?... 2 Security awareness
More informationProtective Security Governance Policy. Outlines ANAO protective security arrangements
Protective Security Governance Policy Outlines ANAO protective security arrangements Version 2.0 Effective JULY 2012 Document management Document identification Document ID Document title Release authority
More informationDepartment of the Premier and Cabinet Circular. PC030 Protective Security Policy Framework
Department of the Premier and Cabinet Circular PC030 Protective Security Policy Framework February 2012 PROTECTIVE SECURITY MANAGEMENT FRAMEWORK TABLE OF CONTENTS TABLE OF CONTENTS 2 1. PURPOSE 3 2. SCOPE
More informationCRIME PROFILE SERIES ORGANISED CRIME IN PROFESSIONAL SPORT
Threats to the integrity of professional sport in Australia Organised criminal groups currently have a limited presence in professional sports in Australia. However, there are vulnerabilities within the
More informationWhen should this tool be used?
Protecting adults at risk: The London Multi-agency policy and procedures to safeguard adults from abuse. Practice Guidance: Safeguarding Adults Risk Assessment & Risk Rating Tool Why do we need this tool?
More informationCyber security the facts
Cyber security the facts By Dr Carolyn Patteson, Executive Manager, CERT Australia The cyber threat is real and ever present and every business is at risk. Australia s security and intelligence agencies
More informationHow To Protect Your Information Security From Cyber Threats
2015 Australian Government Information Security Manual PRINCIPLES 2015 Australian Government Information Security Manual PRINCIPLES Commonwealth of Australia 2015 All material presented in this publication
More informationContact Reporting Guidelines The Australian Government Contact Reporting Scheme
Contact Reporting Guidelines The Australian Government Contact Reporting Scheme Version 1.0 Approved September 2010 Contents Introduction... 1 The role of ASIO... 1 Australian Government Contact Reporting
More informationUNCLASSIFIED UNCONTROLLED-IF-PRINTED. Public
Defence Security Manual DSM Part 2:41 Security for Projects and Capability Planning Version 3 ation date July 2015 Amendment list 24 Optimised for Screen; Print; Screen Reader Releasable to Compliance
More informationBLUEPRINT FOR INTEGRATION
BLUEPRINT FOR INTEGRATION Commonwealth of Australia 2014 With the exception of the Commonwealth Coat of Arms, all material presented in this publication is provided under a Creative Commons Attribution
More informationNATIONAL CYBERSECURITY STRATEGIES: AUSTRALIA AND CANADA
NATIONAL CYBERSECURITY STRATEGIES: AUSTRALIA AND CANADA JOÃO MANUEL ASSIS BARBAS Coronel de Artilharia. Assessor de Estudos do IDN INTRODUCTION Globalization and information and communication technologies
More informationNSW Government Digital Information Security Policy
NSW Government Digital Information Security Policy Version: 1.0 Date: November 2012 CONTENTS PART 1 PRELIMINARY... 3 1.1 Scope... 3 1.2 Application... 3 1.3 Objectives... 3 PART 2 CORE REQUIREMENTS...
More informationTOWARDS PREVENTING VIOLENT RADICALISATION
TOWARDS PREVENTING VIOLENT RADICALISATION PRACTICE GUIDELINES WORKING WITH VIOLENT EXTREMISTS With support from the Prevention of and Fight against Crime Programme of the European Union, European Commission
More informationLegal Studies. Total marks 100
2014 HIGHER SCHOOL CERTIFICATE EXAMINATION Legal Studies Total marks 100 Section I Pages 2 6 20 marks Attempt Questions 1 20 Allow about 30 minutes for this section General Instructions Reading time 5
More informationNSW Government Digital Information Security Policy
NSW Government Digital Information Security Policy Version: 2.0 Date: April 2015 CONTENTS PART 1 PRELIMINARY... 3 1.1 Scope... 3 1.2 Application... 3 1.3 Objectives... 3 PART 2 POLICY STATEMENT... 4 Core
More informationSpecific recommendations
Background OpenSSL is an open source project which provides a Secure Socket Layer (SSL) V2/V3 and Transport Layer Security (TLS) V1 implementation along with a general purpose cryptographic library. It
More informationAustralian Work Health and Safety Strategy 2012 2022. Healthy, safe and productive working lives
Australian Work Health and Safety Strategy 2012 2022 Healthy, safe and productive working lives Creative Commons ISBN 978-0-642-78566-4 [PDF online] ISBN 978-0-642-78565-7 [Print] With the exception of
More informationChairman's Draft Paper 3 March 2010
Chairman's Draft Paper 3 March 2010 Elements 1. Preamble/ Principles 2. Goals and Objectives 3. Scope 4. Criteria for the transfer of conventional arms and other related items 5.. Implementation and Application
More informationPublic Consultation: Expanded use of automated processes by IP Australia
Public Consultation: Expanded use of automated processes by IP Australia June 2015 Copyright All content in this publication is provided under a Creative Commons Attribution 4.0 International (CC BY 4.0)
More informationRisk Management Policy
Risk Management Policy Responsible Officer Author Ben Bennett, Business Planning & Resources Director Julian Lewis, Governance Manager Date effective from December 2008 Date last amended December 2012
More informationRisk Management: Coordinated activities to direct and control an organisation with regard to risk.
POLICY CG01 RISK MANAGEMENT Document Control Statement This Policy is maintained by the Governance and Organisational Strategy. Any printed copy may not be up to date and you are advised to check the electronic
More informationInternal Audit Progress Report Performance and Overview Committee (19 th August 2015) Cheshire Fire Authority
Internal Audit Progress Report (19 th August 2015) Contents 1. Introduction 2. Key Messages for Committee Attention 3. Work in progress Appendix A: Risk Classification and Assurance Levels Appendix B:
More informationACT Auditor-General s Office. Performance Audit Report. Whole-of-Government Information and Communication Technology Security Management and Services
ACT Auditor-General s Office Performance Audit Report Whole-of-Government Information and Communication Technology Security Management and Services Report No. 2 / 2012 PA 09/03 The Speaker ACT Legislative
More informationASDEFCON INSURANCE CASE STUDIES CASE STUDY #2 DESIGN AND CONSTRUCT CONTRACT
ASDEFCON INSURANCE CASE STUDIES CASE STUDY #2 DESIGN AND CONSTRUCT CONTRACT NOTES TO READER This case study has been prepared to assist drafters in the use of the ASDEFCON insurance clauses. This case
More informationPOLICY ON THE SECURITY CLASSIFICATION OF DOCUMENTS
POLICY ON THE SECURITY CLASSIFICATION OF DOCUMENTS Policy on the Security Classification of Documents Page: Page 1 of 22 Recommended by Approved by Executive Management Team Board of Directors Approval
More informationThe Protection and Security of Electronic Information Held by Australian Government Agencies
The Auditor-General Audit Report No.33 2010 11 Performance Audit The Protection and Security of Electronic Information Held by Australian Government Agencies Australian National Audit Office Commonwealth
More informationAppendix A DRAFT INFORMATION MANAGEMENT PLAN
1 Appendix A DRAFT INFORMATION MANAGEMENT PLAN Pacific Region Identity Protection Project PRIPP April 2004 Forum Eyes Only 2 ABBREVIATIONS Throughout this report the following abbreviations will be utilised:
More informationInformation Integrity & Data Management
Group Standard Information Integrity & Data Management Serco recognises its responsibility to ensure that any information and data produced meets customer, legislative and regulatory requirements and is
More informationNSW Government Open Data Policy. September 2013 V1.0. Contact
NSW Government Open Data Policy September 2013 V1.0 Contact datansw@finance.nsw.gov.au Department of Finance & Services Level 15, McKell Building 2-24 Rawson Place SYDNEY NSW 2000 DOCUMENT CONTROL Document
More informationAustralian Government Information Security Manual EXECUTIVE COMPANION
2015 Australian Government Information Security Manual EXECUTIVE COMPANION 2015 Australian Government Information Security Manual EXECUTIVE COMPANION Commonwealth of Australia 2015 All material presented
More informationCyber Attacks: Securing Agencies ICT Systems
The Auditor-General Audit Report No.50 2013 14 Performance Audit Cyber Attacks: Securing Agencies ICT Systems Across Agencies Australian National Audit Office Commonwealth of Australia 2014 ISSN 1036 7632
More informationAustralian Government Attorney-General's Department. Criminal Justice Division. Parliament of Victoria Law Reform Committee. Inquiry into Sexting
Submission No. 56 0s) 2012 Received j0 1 Law Reform Committee Australian Government Attorney-General's Department Criminal Justice Division Parliament of Victoria Law Reform Committee Inquiry into Sexting
More informationChapter 4. Evidence in support of the current legislative and regulatory framework
Chapter 4 Evidence in support of the current legislative and regulatory framework 4.1 This chapter considers the evidence to the committee in support of the current legislative and regulatory framework.
More informationRisk Management Handbook
Risk Management Handbook 1999 Introduction Risk management is the process of selecting and implementing countermeasures to achieve an acceptable level of risk at an acceptable cost. The analytical risk
More informationa Medical Device Privacy Consortium White Paper
a Medical Device Privacy Consortium White Paper Introduction The Medical Device Privacy Consortium (MDPC) is a group of leading companies addressing health privacy and security issues affecting the medical
More informationINFRASTRUCTURE CONTROL SYSTEMS ENCRYPTION
INFRASTRUCTURE CONTROL SYSTEMS ENCRYPTION solutions-paper INFRASTRUCTURE AND INDUSTRIAL PROCESS AND CONTROL SYSTEMS SECURITY ARE OF NATIONAL IMPORTANCE DUE TO THEIR ESSENTIAL SERVICES AND ECONOMIC IMPACT.
More informationDFS C2013-6 Open Data Policy
DFS C2013-6 Open Data Policy Status Current KEY POINTS The NSW Government Open Data Policy establishes a set of principles to simplify and facilitate the release of appropriate data by NSW Government agencies.
More informationSubmission of the.au Domain Administration Ltd (auda) to the Australian Government's Cyber Security Review
Submission of the.au Domain Administration Ltd (auda) to the Australian Government's Cyber Security Review About auda.au Domain Administration Ltd (auda) is the industry self regulatory, not for profit
More informationCYBER SECURITY GUIDANCE
CYBER SECURITY GUIDANCE With the pervasiveness of information technology (IT) and cyber networks systems in nearly every aspect of society, effectively securing the Nation s critical infrastructure requires
More informationAustralian Government Cloud Computing Policy
Australian Government Cloud Computing Policy Maximising the Value of Cloud VERSION 2.1 JULY 2013 AGIMO is part of the Department of Finance and Deregulation Contents Foreword 3 Introduction 4 Policy 5
More informationAustralian Government Cloud Computing Policy
Australian Government Cloud Computing Policy Maximising the Value of Cloud VERSION 2.0 MAY 2013 AGIMO is part of the Department of Finance and Deregulation Contents Foreword 3 Introduction 4 Australian
More informationOverview TECHIS60241. Carry out risk assessment and management activities
Overview Information in all its forms is a vital component of the digital environment in which we live and work. The protection of information in its physical form is well understood but the protection
More informationAUSTRALIAN SECURITY INTELLIGENCE ORGANISATION
AUSTRALIAN SECURITY INTELLIGENCE ORGANISATION Section 1: Agency overview and resources 1.1 STRATEGIC DIRECTION STATEMENT The mission of the Australian Security Intelligence Organisation (ASIO) is to identify
More informationEffective consultation The ACMA s guide to making a submission NOVEMBER 2015
Effective consultation The ACMA s guide to making a submission NOVEMBER 2015 Canberra Red Building Benjamin Offices Chan Street Belconnen ACT PO Box 78 Belconnen ACT 2616 T +61 2 6219 5555 F +61 2 6219
More informationRisk Management Policy and Framework
Risk Management Policy and Framework December 2014 phone 1300 360 605 08 89589500 email info@centraldesert.nt.gov.au location 1Bagot Street Alice Springs NT 0870 post PO Box 2257 Alice Springs NT 0871
More informationNo. 33 February 19, 2013. The President
Vol. 78 Tuesday, No. 33 February 19, 2013 Part III The President Executive Order 13636 Improving Critical Infrastructure Cybersecurity VerDate Mar2010 17:57 Feb 15, 2013 Jkt 229001 PO 00000 Frm 00001
More informationADRI. Statement on the Application of Digital Rights Management Technology to Public Records. ADRI-2008-001-v1.0
ADRI Statement on the Application of Digital Rights Management Technology to Public Records ADRI-2008-001-v1.0 Version 1.0 6 August 2008 Statement on the Application of Digital Rights Management Technology
More informationCriteria for adopting International Standards and Risk Assessments
Criteria for adopting International Standards and Risk Assessments February 2016 Criteria for Accepting International Standards and Risk Assessments 1 Table of Contents 1 About the Department... 3 2 The
More information005ASubmission to the Serious Data Breach Notification Consultation
005ASubmission to the Serious Data Breach Notification Consultation (Consultation closes 4 March 2016 please send electronic submissions to privacy.consultation@ag.gov.au) Your details Name/organisation
More informationRecords Authority. Australian Security Intelligence Organisation
Records Authority Australian Security Intelligence Organisation This is an accurate reproduction of the authorised records authority content, created for accessibility purposes CONTENTS INTRODUCTION 3
More informationThis chapter notes, where appropriate, further legislative reforms by the Commonwealth and each State or Territory jurisdiction.
FURTHER REFORMS Since 2002, jurisdictions across Australia have taken account of their individual circumstances and made alterations to their legislative regimes additional to the comprehensive programme
More informationClinical Trials - Insurance and Indemnity
Policy Directive Clinical Trials - Insurance and Indemnity Document Number PD2011_006 Publication date 25-Jan-2011 Functional Sub group Corporate Administration - Governance Clinical/ Patient Services
More informationNATIONAL INSURANCE BROKERS ASSOCIATION OF AUSTRALIA (NIBA) Submission to WorkCover Western Australia. Legislative Review 2013
NATIONAL INSURANCE BROKERS ASSOCIATION OF AUSTRALIA (NIBA) ABOUT NIBA Submission to WorkCover Western Australia Legislative Review 2013 February 2014 NIBA is the peak body of the insurance broking profession
More informationSECOND READING SPEECH
SECOND READING SPEECH Ambulance Service Amendment Bill 2013 Mr Speaker The purpose of this Bill is to amend the Ambulance Service Act 1982 to better reflect contemporary ambulance practice and to provide
More informationPROTECTION OF INFORMATION BILL
REPUBLIC OF SOUTH AFRICA PROTECTION OF INFORMATION BILL (As introduced in the National Assembly (proposed section 7); explanatory summary of Bill published in Government Gazette No. 32999 of March ) (The
More informationFOREIGN AFFAIRS AND TRADE Australia - Cyber: Reports of Chinese cyber attacks
F-43 FOREIGN AFFAIRS AND TRADE Australia - Cyber: Reports of Chinese cyber attacks Possible Ouestion Why has the Government not confronted China about cyber attacks including on DFAT, such as those aired
More informationAISA NATIONAL CONFERENCE 2015 TRUST IN INFORMATION SECURITY. 14 October 2015 OPENING ADDRESS LYNWEN CONNICK
1 AISA NATIONAL CONFERENCE 2015 TRUST IN INFORMATION SECURITY 14 October 2015 OPENING ADDRESS LYNWEN CONNICK Thanks Arno, and good morning everyone. Welcome to Australian Information Security Association
More informationGAO. INFORMATION SECURITY Persistent Weaknesses Highlight Need for Further Improvement
GAO For Release on Delivery Expected at time 1:00 p.m. EDT Thursday, April 19, 2007 United States Government Accountability Office Testimony Before the Subcommittee on Emerging Threats, Cybersecurity,
More informationIslington ICT Physical Security of Information Policy A council-wide information technology policy. Version 0.7 June 2014
Islington ICT Physical Security of Information Policy A council-wide information technology policy Version 0.7 June 2014 Copyright Notification Copyright London Borough of Islington 2014 This document
More informationAct CLXV of 2013. on Complaints and Public Interest Disclosures. 1. Complaint and public interest disclosure
Act CLXV of 2013 on Complaints and Public Interest Disclosures The National Assembly, committed to increasing public confidence in the functioning of public bodies, recognising the importance of complaints
More informationIDENTITY SECURITY NATIONAL IDENTITY SECURITY STRATEGY. Identity crime and misuse in Australia
NATIONAL IDENTITY SECURITY STRATEGY Identity crime and misuse in Australia Key findings from the National Identity Crime and Misuse Measurement Framework Pilot IDENTITY SECURITY ISBN: 978-1-925118-34-6
More informationMandatory Reporting of Child Sexual Abuse in Western Australia
Government of Western Australia Department for Child Protection Mandatory Reporting of Child Sexual Abuse in Western Australia A guide for mandatory reporters Mandatory reporting of child sexual abuse
More informationFact Sheet. Parental Alienation Syndrome vs the Alienated Child
Fact Sheet Parental Alienation Syndrome vs the Alienated Child Copyright Commonwealth of Australia 2010 This resource is protected by copyright. Apart from any use as permitted under the Copyright Act
More informationCOURSE INFORMATION BSB61015 Advanced Diploma of Leadership and Management
COURSE INFORMATION BSB61015 Advanced Diploma of Leadership and Management What is the Australian Qualifications Framework? The Australian Qualifications Framework (AQF) establishes the quality of Australian
More informationCompliance Guide: ASD ISM OVERVIEW
Compliance Guide: ASD ISM OVERVIEW Australian Information Security Manual Mapping to the Principles using Huntsman INTRODUCTION In June 2010, The Australian Government Protective Security Policy Framework
More informationGatekeeper Public Key Infrastructure Framework. Compliance Audit Program
Gatekeeper Public Key Infrastructure Framework Compliance Audit Program V 2.1 December 2015 Digital Transformation Office Commonwealth of Australia 2015 This work is copyright. Apart from any use as permitted
More informationMobile application security How security and privacy issues can derail mobile applications. Whitepaper
Mobile application security How security and privacy issues can derail mobile applications Whitepaper 2 Introduction Today, many organisations are rushing to develop mobile applications, to remain competitive
More informationCYBER CRIME & SECURITY SURVEY REPORT 2012_
CYBER CRIME & SECURITY SURVEY REPORT 2012_ Acknowledgements CERT Australia and the CIS would like to acknowledge the following contributors to the production of this report: CERT Australia s partner organisations
More informationCYBER CRIME & SECURITY SURVEY REPORT 2012_
CYBER CRIME & SECURITY SURVEY REPORT 2012_ ACKNOWLEDGEMENTS CERT Australia and the CIS would like to acknowledge the following contributors to the production of this report: CERT Australia s partner organisations
More informationPerforming Effective Risk Assessments Dos and Don ts
Performing Effective Risk Assessments Dos and Don ts % Gary Braglia Security Specialist GreyCastle Security TCTC March 18, 2013 Introduction Who am I? Why Risk Management? Because you have to Because
More informationCrime Statistics Data Security Standards. Office of the Commissioner for Privacy and Data Protection
Crime Statistics Data Security Standards Office of the Commissioner for Privacy and Data Protection 2015 Document details Security Classification Dissemination Limiting Marker Dissemination Instructions
More informationPROTECTION OF INFORMATION BILL
REPUBLIC OF SOUTH AFRICA PROTECTION OF INFORMATION BILL (As introduced in the National Assembly (proposed section 7); explanatory summary of Bill published in Government Gazette No. 88 of 18 March 08)
More information"A prospectus for the Electronic Delivery of Government Services" - A response from the Centre for Computing and Social Responsibility
"A prospectus for the Electronic Delivery of Government Services" - A response from the Centre for Computing and Social Responsibility Prof. Simon Rogerson Director srog@dmu.ac.uk ( The British Cabinet
More informationASEAN Regional Forum Cyber Incident Response Workshop Republic of Singapore 6-7 September 2012. Co-Chair s Summary Report
ASEAN Regional Forum Cyber Incident Response Workshop Republic of Singapore 6-7 September 2012 Co-Chair s Summary Report 1. Pursuant to the 18 th ASEAN Regional Forum (ARF) Ministerial meeting in Bali,
More informationStage 2: Making a referral
Stage 2: Making a referral This Stage covers: How to make a referral and where to send it Screening referrals Trafford s 5 Harms 16.5 What is a referral? A referral is the direct reporting of an allegation,
More information