Information Security Policy
|
|
- Oliver Lee
- 8 years ago
- Views:
Transcription
1 Office of the Prime Minister document CIMU P 0016:2003 Version: 2.0 Effective date: 01 Oct 2003 Information 1. statement i) General The Public Service of the Government of Malta (Public Service) shall protect its information assets, employees, and the physical and working environment from a wide range of threats in order to ensure business continuity, minimise business damage and optimise return on investment and business opportunities. The Public Service shall comply with laws, contracts and with this. The Public Service shall put in place appropriate security measures to: protect all information assets from accidental or unauthorised use, theft, modification, destruction and shall prevent the unauthorised disclosure of restricted information; protect the physical and working environment from malicious attacks, power failures and other electrical anomalies, water supply failure etc; reduce the risk of human error, theft, fraud or misuse of facilities including social engineering attacks on Public Service employees; carry out regular reviews to ensure compliance with laws, contractual obligations, this, and.
2 ii) Information Framework Measurement and benchmarking activities related to information security in the Public Service, and to the physical and working environment of its employees shall be based on the Information Framework (ISF) with a focus on the following domains: Information organisation Asset classification and control Personnel security Physical and environment security Communication and operations management Access control Systems development and maintenance Business continuity management Compliance. An ISF diagram showing these domains is presented in Appendix A of this. iii) Implementation The target population of this is all Public Officers, employees of CIMU and Agents, Third parties, and outsourcing organisations. Employees of Third Parties and outsourcing organisations are involved when there is information processing, and / or in the case of Third Party physical access (to offices, computer rooms, etc.) or logical access (to databases, networks, etc.) to information assets. The implementation strategy needs to be based on three fundamental directions: a) Information security (Umbrella ) The aim of this is to establish security measurement and benchmarking based on the ISF and related to Public Service information assets, employment, and the physical and working environment. b) Corporate (Horizontal) implementation The aim of this implementation phase is to introduce a minimum level of Information security across the whole Public Service, and its Agents. This implementation shall be based on this, the Information Organisation (CIMU P 0017:2003), the Information Compliance (CIMU P 0018:2003), the Minimum Directive (CIMU D 0016:2003), the Information Organisation Directive (CIMU D 0017:2003) and the Information Compliance Directive (CIMU D 0018:2003). The high-level Corporate Information implementation plan will be issued by the CIMU. c) Specific (Vertical) implementation The aim of this implementation phase is to bring Public Service entities and the Agent to a high level of information security. This implementation shall follow the Page 2
3 Public Service Information Framework Implementation Scenario. (Refer to Appendix B). The high-level Specific Information implementation plan will be issued by CIMU. iv) violations The CIMU will take appropriate measures in cases of violation of this and of the related Framework documents. Heads of Public Service Departments and Agents shall, in cases of violation of this within their respective area, take appropriate and timely measures, and liaise with the Agent to control information security. 2. Purpose The objective of this is to set up a high-level Public Service-wide Information Framework based on an International standard and local experience. This includes introducing security measures to protect Public Service information assets, employees, and the physical and working environment from a wide range of threats in order to ensure business continuity, minimise business damage and optimise return of investment and business opportunities. This will be an umbrella policy for all policies related to the Public Service Information Framework. 3. Who should know this Persons having the following positions, as a minimum, should know this. Additional positions shall be introduced in the Information Organisation. They shall communicate appropriately with persons in other positions regarding the contents and furtherance of this : Head of Coordinating Committee CIMU Communications Executive Permanent Secretaries All Public Officers Information Management Officers Chief Information Management Officer All Account holders Heads of Department Director of the Internal Audit and Investigations Directorate Auditor General Head of Agent Head of Outsourcing Organisation Head of Third Party Organisation Page 3
4 4. Scope of applicability The scope of applicability of this is to set up an Information Framework within the Public Service as a baseline for further development of Policies, and with the provision that this Framework may be extended to the Public Sector of the Government of Malta (Public Sector). 5. Definitions Access control controlled access to information. For more details, refer to the standard MSA ISO/IEC 17799:2001. Asset classification and control to evaluate, grade and control types of information assets according to information security criteria. For more details, refer to the standard MSA ISO/IEC 17799:2001. Agent A trusted organisation that acts on behalf of Government entities providing services (i.e. Information and Communication Services). Business continuity management counteracting interruptions to business activities and protecting critical business processes from the effects of major failures or disasters. For more details, refer to the standard MSA ISO/IEC 17799:2001. Communications and Operations ensuring the correct and secure operation of information processing facilities. For more details, refer to the standard MSA ISO/IEC 17799:2001. Compliance avoiding breaches to any criminal and civil law, statutory, regulatory or contractual obligation and any security requirement. For more details, refer to the standard MSA ISO/IEC 17799:2001. Information Assets all systems and services that gather, generate and store data, supported by an ICT infrastructure and related technology. In addition, information written or printed on paper, shown on film or recorded in conversation are also information assets. Information security the preservation of confidentiality, integrity and availability of information. Note: Confidentiality ensuring that information is accessible only to those authorised to have access. Integrity safeguarding the accuracy and completeness of information and processing methods. Availability ensuring that authorised users have access to information and associated assets when required. Logical access access to ICT resources, applications, systems or data mediated through software and / or ICT equipment. Page 4
5 Outsourcing the act of hiring an outside source for acquiring services and an alternative delivery mechanism or resourcing alternative. Personnel security reduction of risk of human error, theft, fraud or misuse of facilities. For more details, refer to the standard MSA ISO/IEC 17799:2001. Physical access concrete and material admission, admittance, entrance, entry to sites, buildings, offices and Data Centres. Physical and Environment security prevention of unauthorised access, damage and interference to business premises and information. For more details, refer to the standard MSA ISO/IEC 17799:2001. measurement administrative and technical / technological methods to quantify business continuity and minimise business damage. organisation initiation and control of the implementation of information security within the Public Service. Also, refers to the establishment of mechanisms for information dissemination. For more details, refer to the standard MSA ISO/IEC 17799:2001. Social engineering can be broken into two types: human based and computer based. Human-based social engineering refers to person-to person interaction to retrieve the desired information. Computer-based social engineering refers to having computer software that attempts to retrieve the desired information. Systems development and maintenance ensures that security is build into information systems. For more details, refer to the standard MSA ISO/IEC 17799:2001. Third Party someone other than the principals directly involved in a transaction or agreement. 6. Roles and responsibilities For the purpose of this policy, the following roles and responsibilities have been identified. Role 01. Head of Coordinating Committee 02. Chief Information Management Officer Responsibility i. to review, endorse and champion Information in the Public Service i. to review Information Policies,, and Handbooks ii. iii. iv. to issue the high level Information implementation plans to monitor core Information within the Public Service and take corrective action when necessary to ensure Information compliance Page 5
6 03. CIMU Communications Executive i. to publish this 04. Account Holder i. to follow Policies, and related to the nature of their job 05. Permanent Secretary / Head of Department 06. Public Service Officers / CIMU Employees i. to implement and enforce this within the Ministry / Department i. to follow Policies, and related to the nature of their job 07. Head of Agent i. to implement Policies, and related to the nature of their job 08. Agent Employees i. to follow Policies, and related to the Agent s responsibilities 7. Supporting Documents In support of this, the following Policies and shall apply: 01. CIMU D 0016:2003 Minimum Information Directive 02. CIMU P 0017:2003 Information Organisation 03. CIMU D 0017:2003 Information Organisation Directive 04. CIMU P 0018:2003 Information Compliance 05. CIMU D 0018:2003 Information Compliance Directive 8. References 01. Data Protection Act Chapter Electronic Commerce Act Chapter MSA ISO/IEC 17799:2001 Information Technology Code of Practice for information security management Page 6
7 04. United Nations Information Recommended Practices for United Nations Organisations security-managers.html 05. OECD Guidelines for the of Information Systems and Networks Towards a culture of 8. Modification history Version Date Changes Initial Release Scheduled Review without changes 9. Maintenance and review cycle Maintenance and review of this is set for six months after the initial release as indicated in the effective date. Subsequent review to this policy shall be based on a twelve month cycle. Signature and Stamp Joseph R. Grima Permanent Secretary, Office of the Prime Minister Page 7
8 Appendix A Information Framework Information Framework Organisation Asset Classification & Control Personnel Physical & Environmental Communications & Operations Management Access Control Systems Development & Maintenance Business Continuity Management Compliance Implementation by the Public Service and Agents Compliance regular review and Corrective Action Page 8
9 Appendix B Public Service Information Framework Implementation Scenario S e c u r i t y D o m a i n 10 Business Continuity Management 9 System Development & Maintenance 8 Communications & Operations Management 7 Asset Classification & Control 6 Personnel 5 Access Control 4 Physical & Environment 3 Information Compliance & Information Compliance Directive 2 Information Organisation & Information Organisation Directive 1 Information & Minimum Information Directive Full Compliance Adequate Minimum S e c u r i t y C o m p l i a n c e Public Service Information Framework Implementation Scenario Page 9
Third party Web hosting services security Policy
Office of the Prime Minister Policy document CIMU P 0013:2003 Version: 2.0 Effective date: 09.04.2003 Third party Web hosting services security Policy 1. Policy statement i) General The Government of Malta
More informationNetwork Resource Management Policy
Office of the Prime Minister Policy document CIMU P0036:2003 Version: 1.0 Effective date: 10.12.2003 Network Resource Management Policy 1. Policy statement i) General Information and Communications Technology
More informationNetwork Resource Management Directive
Office of the Prime Minister Central Information Management Unit Directive document CIMU D 0036:2003 Network Resource Management Directive Version: 1.0 Effective date: 10.12.2003 Table of Contents 1. Purpose...3
More informationISO27001 Controls and Objectives
Introduction This reference document for the University of Birmingham lists the control objectives, specific controls and background information, as given in Annex A to ISO/IEC 27001:2005. As such, the
More informationNSW Government Digital Information Security Policy
NSW Government Digital Information Security Policy Version: 2.0 Date: April 2015 CONTENTS PART 1 PRELIMINARY... 3 1.1 Scope... 3 1.2 Application... 3 1.3 Objectives... 3 PART 2 POLICY STATEMENT... 4 Core
More informationINFORMATION TECHNOLOGY SECURITY STANDARDS
INFORMATION TECHNOLOGY SECURITY STANDARDS Version 2.0 December 2013 Table of Contents 1 OVERVIEW 3 2 SCOPE 4 3 STRUCTURE 5 4 ASSET MANAGEMENT 6 5 HUMAN RESOURCES SECURITY 7 6 PHYSICAL AND ENVIRONMENTAL
More informationUniversity of Sunderland Business Assurance Information Security Policy
University of Sunderland Business Assurance Information Security Policy Document Classification: Public Policy Reference Central Register Policy Reference Faculty / Service IG 003 Policy Owner Assistant
More informationInformation Security: Business Assurance Guidelines
Information Security: Business Assurance Guidelines The DTI drives our ambition of prosperity for all by working to create the best environment for business success in the UK. We help people and companies
More informationTasmanian Government Information Security Framework
Tasmanian Government Information Security Framework Tasmanian Government Information Security Charter Version 1.0 May 2003 Department of Premier and Cabinet Inter Agency Policy And Projects Unit 1 Purpose
More informationHow To Protect Decd Information From Harm
Policy ICT Security Please note this policy is mandatory and staff are required to adhere to the content Summary DECD is committed to ensuring its information is appropriately managed according to the
More informationIssue 1.0. UoG/ILS/IS 001. Information Security and Assurance Policy. Information Security and Compliance Manager
Document Reference Number Date Title Author Owning Department Version Approval Date Review Date Approving Body UoG/ILS/IS 001 January 2016 Information Security and Assurance Policy Information Security
More informationFINAL May 2005. Guideline on Security Systems for Safeguarding Customer Information
FINAL May 2005 Guideline on Security Systems for Safeguarding Customer Information Table of Contents 1 Introduction 1 1.1 Purpose of Guideline 1 2 Definitions 2 3 Internal Controls and Procedures 2 3.1
More informationInformation security policy
Information security policy Issue sheet Document reference Document location Title Author Issued to Reason issued NHSBSARM001 S:\BSA\IGM\Mng IG\Developing Policy and Strategy\Develop or Review of IS Policy\Current
More informationWEST LOTHIAN COUNCIL INFORMATION SECURITY POLICY
WEST LOTHIAN COUNCIL INFORMATION SECURITY POLICY DATA LABEL: PUBLIC INFORMATION SECURITY POLICY CONTENTS 1. INTRODUCTION... 3 2. MAIN OBJECTIVES... 3 3. LEGISLATION... 4 4. SCOPE... 4 5. STANDARDS... 4
More informationNSW Government Digital Information Security Policy
NSW Government Digital Information Security Policy Version: 1.0 Date: November 2012 CONTENTS PART 1 PRELIMINARY... 3 1.1 Scope... 3 1.2 Application... 3 1.3 Objectives... 3 PART 2 CORE REQUIREMENTS...
More informationInformation Security Policy
Information Security Policy Author: Responsible Lead Executive Director: Endorsing Body: Governance or Assurance Committee Alan Ashforth Alan Lawrie ehealth Strategy Group Implementation Date: September
More informationISO 27001 Controls and Objectives
ISO 27001 s and Objectives A.5 Security policy A.5.1 Information security policy Objective: To provide management direction and support for information security in accordance with business requirements
More informationInformation Management and Security Policy
Unclassified Policy BG-Policy-03 Contents 1.0 BG Group Policy 3 2.0 Policy rationale 3 3.0 Applicability 3 4.0 Policy implementation 4 Document and version control Version Author Issue date Revision detail
More informationNHS Business Services Authority Information Security Policy
NHS Business Services Authority Information Security Policy NHS Business Services Authority Corporate Secretariat NHSBSAIS001 Issue Sheet Document reference NHSBSARM001 Document location F:\CEO\IGM\IS\BSA
More informationThird Party Security Requirements Policy
Overview This policy sets out the requirements expected of third parties to effectively protect BBC information. Audience Owner Contacts This policy applies to all third parties and staff, including contractors,
More informationService Children s Education
Service Children s Education Data Handling and Security Information Security Audit Issued January 2009 2009 - An Agency of the Ministry of Defence Information Security Audit 2 Information handling and
More informationCorporate Information Security Policy
Corporate Information Security Policy. A guide to the Council s approach to safeguarding information resources. September 2015 Contents Page 1. Introduction 1 2. Information Security Framework 2 3. Objectives
More informationInformation Security Policy September 2009 Newman University IT Services. Information Security Policy
Contents 1. Statement 1.1 Introduction 1.2 Objectives 1.3 Scope and Policy Structure 1.4 Risk Assessment and Management 1.5 Responsibilities for Information Security 2. Compliance 3. HR Security 3.1 Terms
More informationHead of Information & Communications Technology Responsible work team: ICT Security. Key point summary... 2
Policy Procedure Information security policy Policy number: 442 Old instruction number: MAN:F005:a1 Issue date: 24 August 2006 Reviewed as current: 11 July 2014 Owner: Head of Information & Communications
More informationInformation Security and Governance Policy
Information Security and Governance Policy Version: 1.0 Ratified by: Information Governance Group Date ratified: 19 th October 2012 Name of organisation / author: Derek Wilkinson Name of responsible Information
More informationInformation Security Program
Stephen F. Austin State University Information Security Program Revised: September 2014 2014 Table of Contents Overview... 1 Introduction... 1 Purpose... 1 Authority... 2 Scope... 2 Information Security
More informationHengtian Information Security White Paper
Hengtian Information Security White Paper March, 2012 Contents Overview... 1 1. Security Policy... 2 2. Organization of information security... 2 3. Asset management... 3 4. Human Resources Security...
More informationINFORMATION SECURITY PROCEDURES
INFORMATION AN INFORMATION SECURITY PROCEURES Parent Policy Title Information Security Policy Associated ocuments Use of Computer Facilities Statute 2009 Risk Management Policy Risk Management Procedures
More informationOVERVIEW. In all, this report makes recommendations in 14 areas, such as. Page iii
The Office of the Auditor General has conducted a procedural review of the State Data Center (Data Center), a part of the Arizona Strategic Enterprise Technology (ASET) Division within the Arizona Department
More informationSITA Security Requirements for Third-Party Service Providers that Access, Process, Store or Transmit Data on Behalf of SITA
SITA Information Security SITA Security Requirements for Third-Party Service Providers that Access, Process, Store or Transmit Data on Behalf of SITA September, 2012 Contents 1. Introduction... 3 1.1 Overview...
More informationINFORMATION SECURITY MANAGEMENT SYSTEM. Version 1c
INFORMATION SECURITY MANAGEMENT SYSTEM Version 1c Revised April 2011 CONTENTS Introduction... 5 1 Security Policy... 7 1.1 Information Security Policy... 7 1.2 Scope 2 Security Organisation... 8 2.1 Information
More informationNewcastle University Information Security Procedures Version 3
Newcastle University Information Security Procedures Version 3 A Information Security Procedures 2 B Business Continuity 3 C Compliance 4 D Outsourcing and Third Party Access 5 E Personnel 6 F Operations
More informationinformation systems security policy...
sales assessment.com information systems security policy... Approved: 2nd February 2010 Last updated: 2nd February 2010 sales assessment.com 2 index... 1. Policy Statement 2. IT Governance 3. IT Management
More informationInformation Security Management System Policy
Information Security Management System Policy Public Version 3.3 Issued Document Name Owner P079A ISMS Security Policy Information Security Security Policies, Standards and Procedures emanate from the
More information1st June 2005. Internet Access Service Provider (IASP) Sub-Code for the Communications and Multimedia Industry Malaysia
1st June 2005 for the Communications and Multimedia Industry Malaysia TABLE OF CONTENTS PART 1 - INTRODUCTION...2 PART 2- GENERAL RULES OF THE CODE FOR INTERNET ACCESS SERVICE PROVIDERS...6 PART 3- REVIEW
More informationInformation Security Management System Information Security Policy
Management System Policy Version: 3.4 Issued Document Name: Owner: P079A - ISMS Security Policy Classification: Public Security Policies, Standards and Procedures emanate from the Policy which has been
More informationINFORMATION GOVERNANCE POLICY
INFORMATION GOVERNANCE POLICY Issued by: Senior Information Risk Owner Policy Classification: Policy No: POLIG001 Information Governance Issue No: 1 Date Issued: 18/11/2013 Page No: 1 of 16 Review Date:
More informationInformation Security Management Systems
Information Security Management Systems Øivind Høiem CISA, CRISC, ISO27001 Lead Implementer Senior Advisor Information Security UNINETT, the Norwegian NREN About Øivind Senior Adviser at the HE sector
More information(NOTE: ALL BS7799 REFERENCES IN THIS DOCUMENT ARE FROM BS7799-2:1999 and SHOULD BE AMENDED TO REFLECT BS7799-2:2002)
(NOTE: ALL BS7799 REFERENCES IN THIS DOCUMENT ARE FROM BS7799-2:1999 and SHOULD BE AMENDED TO REFLECT BS7799-2:2002) 1. Approval and Authorisation Completion of the following signature blocks signifies
More informationTABLE OF CONTENTS. 2006.1259 Information Systems Security Handbook. 7 2006.1260 Information Systems Security program elements. 7
PART 2006 - MANAGEMENT Subpart Z - Information Systems Security TABLE OF CONTENTS Sec. 2006.1251 Purpose. 2006.1252 Policy. 2006.1253 Definitions. 2006.1254 Authority. (a) National. (b) Departmental. 2006.1255
More informationInformation Incident Management Policy
Information Incident Management Policy Change History Version Date Description 0.1 04/01/2013 Draft 0.2 26/02/2013 Replaced procedure details with broad principles 0.3 27/03/2013 Revised following audit
More informationINFORMATION SECURITY POLICY
Information Security Policy INFORMATION SECURITY POLICY Introduction Norwood UK recognises that information and information systems are valuable assets which play a major role in supporting the companies
More informationUniversity of Aberdeen Information Security Policy
University of Aberdeen Information Security Policy Contents Introduction to Information Security... 1 How can information be protected?... 1 1. Information Security Policy... 3 Subsidiary Policy details:...
More informationData Protection Policy
Data Protection Policy Document Ref: DPA20100608-001 Version: 1.3 Classification: UNCLASSIFIED (IL 0) Status: ISSUED Prepared By: Ian Mason Effective From: 4 th January 2011 Contact: Governance Team ICT
More informationCorporate Records Management Policy
Corporate Records Management Policy Introduction Part 1 Records Management Policy Statement. February 2011 Part 2 Records Management Strategy. February 2011 Norfolk County Council Information Management
More informationGovernance and Management of Information Security
Governance and Management of Information Security Øivind Høiem, CISA CRISC Senior Advisor Information Security UNINETT, the Norwegian NREN About Øivind Senior Adviser at the HE sector secretary for information
More informationInformation and Compliance Management Information Management Policy
Aurora Energy Group Information Management Policy Information and Compliance Management Information Management Policy Version History REV NO. DATE REVISION DESCRIPTION APPROVAL 1 11/03/2011 Revision and
More informationInformation Security Guideline for NSW Government Part 1 Information Security Risk Management
Department of Commerce Guidelines Information Security Guideline for NSW Government Part 1 Information Security Risk Management Issue No: 3.2 First Published: Sept 1997 Current Version: Jun 2003 Table
More informationCorporate Affairs Overview and Scrutiny Committee
Agenda item: 4 Committee: Corporate Affairs Overview and Scrutiny Committee Date of meeting: 29 January 2009 Subject: Lead Officer: Portfolio Holder: Link to Council Priorities: Exempt information: Delegated
More informationCOMMERCIALISM INTEGRITY STEWARDSHIP. Security Breach and Weakness Policy & Guidance
Security Breach and Weakness Policy & Guidance Document Control Document Details Author Adrian Last Company Name The Crown Estate Division Name Information Services Document Name Security Breach & Weakness
More informationTELEFÓNICA UK LTD. Introduction to Security Policy
TELEFÓNICA UK LTD Introduction to Security Policy Page 1 of 7 CHANGE HISTORY Version No Date Details Authors/Editor 7.0 1/11/14 Annual review including change control added. Julian Jeffery 8.0 1/11/15
More informationInformation and records management. Purpose. Scope. Policy
Information and records management NZQA Quality Management System Policy Purpose The purpose of this policy is to establish a framework for the management of corporate information and records within NZQA.
More informationProtection. Code of Practice. of Personal Data RPC001147_EN_WB_L_1
Protection of Personal Data RPC001147_EN_WB_L_1 Table of Contents Data Protection Rules Foreword From the Data Protection Commissioner Introduction From the Chairman Data Protection Responsibility of Employees
More informationWest Midlands Police and Crime Commissioner Records Management Policy 1 Contents
West Midlands Police and Crime Commissioner Records Management Policy 1 Contents 1 CONTENTS...2 2 INTRODUCTION...3 2.1 SCOPE...3 2.2 OVERVIEW & PURPOSE...3 2.3 ROLES AND RESPONSIBILITIES...5 COMMISSIONED
More informationCCG: IG06: Records Management Policy and Strategy
Corporate CCG: IG06: Records Management Policy and Strategy Version Number Date Issued Review Date V3 08/01/2016 01/01/2018 Prepared By: Consultation Process: Senior Governance Manager, NECS CCG Head of
More informationPolicy and Procedure for approving, monitoring and reviewing personal data processing agreements
Policy and Procedure for approving, monitoring and reviewing personal data processing agreements 1 Personal data processing by external suppliers, contractors, agents and partners Policy and Procedure
More informationAUSTRALIAN GOVERNMENT INFORMATION MANAGEMENT OFFICE CYBER SECURITY CAPABILITY FRAMEWORK & MAPPING OF ISM ROLES
AUSTRALIAN GOVERNMENT INFORMATION MANAGEMENT OFFICE CYBER SECURITY CAPABILITY FRAMEWORK & MAPPING OF ISM ROLES Final Report Prepared by Dr Janet Tweedie & Dr Julie West June 2010 Produced for AGIMO by
More informationOperational Risk Publication Date: May 2015. 1. Operational Risk... 3
OPERATIONAL RISK Contents 1. Operational Risk... 3 1.1 Legislation... 3 1.2 Guidance... 3 1.3 Risk management process... 4 1.4 Risk register... 7 1.5 EBA Guidelines on the Security of Internet Payments...
More informationREGULATIONS FOR THE SECURITY OF INTERNET BANKING
REGULATIONS FOR THE SECURITY OF INTERNET BANKING PAYMENT SYSTEMS DEPARTMENT STATE BANK OF PAKISTAN Table of Contents PREFACE... 3 DEFINITIONS... 4 1. SCOPE OF THE REGULATIONS... 6 2. INTERNET BANKING SECURITY
More informationHarper Adams University College. Information Security Policy
Harper Adams University College Information Security Policy Introduction The University College recognises that information and information systems are valuable assets which play a major role in supporting
More information(Instructor-led; 3 Days)
Information Security Manager: Architecture, Planning, and Governance (Instructor-led; 3 Days) Module I. Information Security Governance A. Introduction to Information Security Governance B. Overview of
More informationInformation & ICT Security Policy Framework
Information & ICT Security Framework Version: 1.1 Date: September 2012 Unclassified Version Control Date Version Comments November 2011 1.0 First draft for comments to IT & Regulation Group and IMG January
More informationScotland s Commissioner for Children and Young People Records Management Policy
Scotland s Commissioner for Children and Young People Records Management Policy 1 RECORDS MANAGEMENT POLICY OVERVIEW 2 Policy Statement 2 Scope 2 Relevant Legislation and Regulations 2 Policy Objectives
More informationHow To Ensure Network Security
NETWORK SECURITY POLICY Policy approved by: Assurance Committee Date: 3 December 2014 Next Review Date: December 2016 Version: 1.0 Page 1 of 12 Review and Amendment Log/Control Sheet Responsible Officer:
More informationUniversity of Liverpool
University of Liverpool Information Security Policy Reference Number Title CSD-003 Information Security Policy Version Number 3.0 Document Status Document Classification Active Open Effective Date 01 October
More informationIT SECURITY POLICY (ISMS 01)
IT SECURITY POLICY (ISMS 01) NWAS IM&T Security Policy Page: Page 1 of 14 Date of Approval: 12.01.2015 Status: Final Date of Review Recommended by Approved by Information Governance Management Group Trust
More informationEaling Council Corporate Information and Data Security Policy
Appendix 3 Ealing Council Corporate Information and Data Security Policy Classification: Internal Use Date Created: July 2008 Policy Ref: INFOSEC 00.02 Author: Information & Data Management Owner: Business
More informationKEELE UNIVERSITY IT INFORMATION SECURITY POLICY
Contents 1. Introduction 2. Objectives 3. Scope 4. Policy Statement 5. Legal and Contractual Requirements 6. Responsibilities 7. Policy Awareness and Disciplinary Procedures 8. Maintenance 9. Physical
More informationFISH AND WILDLIFE SERVICE INFORMATION RESOURCES MANAGEMENT. Chapter 7 Information Technology (IT) Security Program 270 FW 7 TABLE OF CONTENTS
TABLE OF CONTENTS General Topics Purpose and Authorities Roles and Responsibilities Policy and Program Waiver Process Contact Abbreviated Sections/Questions 7.1 What is the purpose of this chapter? 7.2
More informationSubject: Safety and Soundness Standards for Information
OFHEO Director's Advisory Policy Guidance Issuance Date: December 19, 2001 Doc. #: PG-01-002 Subject: Safety and Soundness Standards for Information To: Chief Executive Officers of Fannie Mae and Freddie
More informationInformation Governance Toolkit Report 2013/14
TAUNTON AND SOMERSET NHS FOUNDATION TRUST Information Governance Toolkit Report 2013/14 Report to: Trust Board on: 28 May 2014 Purpose of the Report: This report is presented to the Trust Board for information
More informationINFORMATION SECURITY MANAGEMENT POLICY
INFORMATION SECURITY MANAGEMENT POLICY Security Classification Level 4 - PUBLIC Version 1.3 Status APPROVED Approval SMT: 27 th April 2010 ISC: 28 th April 2010 Senate: 9 th June 2010 Council: 23 rd June
More informationProtection. Code of Practice. of Personal Data RPC001147_EN_D_19
Protection of Personal Data RPC001147_EN_D_19 Table of Contents Data Protection Rules Foreword From the Data Protection Commissioner Introduction From the Chairman Data Protection Rules Responsibility
More informationNOT PROTECTIVELY MARKED. Suffolk County Council DATA QUALITY POLICY
Suffolk County Council DATA QUALITY POLICY This policy is sponsored by the Director of Resource Management on behalf of the Chief Executive of Suffolk County Council. Responsibility for maintaining, reviewing
More informationIncident Reporting Guidelines for Constituents (Public)
Incident Reporting Guidelines for Constituents (Public) Version 3.0-2016.01.19 (Final) Procedure (PRO 301) Department: GOVCERT.LU Classification: PUBLIC Contents 1 Introduction 3 1.1 Overview.................................................
More informationRECORDS MANAGEMENT POLICY
RECORDS MANAGEMENT POLICY POLICY STATEMENT The records of Legal Aid NSW are a major component of its corporate memory and risk management strategies. They are a vital asset that support ongoing operations
More informationRECORDS MANAGEMENT POLICY
[Type text] RECORDS MANAGEMENT POLICY POLICY TITLE Academic Year: 2013/14 onwards Target Audience: Governing Body All Staff and Students Stakeholders Final approval by: CMT - 1 October 2014 Governing Body
More informationAn Approach to Records Management Audit
An Approach to Records Management Audit DOCUMENT CONTROL Reference Number Version 1.0 Amendments Document objectives: Guidance to help establish Records Management audits Date of Issue 7 May 2007 INTRODUCTION
More informationMike Casey Director of IT
Network Security Developed in response to: Contributes to HCC Core Standard number: Type: Policy Register No: 09037 Status: Public IG Toolkit, Best Practice C7c Consulted With Post/Committee/Group Date
More informationACT Auditor-General s Office. Performance Audit Report. Whole-of-Government Information and Communication Technology Security Management and Services
ACT Auditor-General s Office Performance Audit Report Whole-of-Government Information and Communication Technology Security Management and Services Report No. 2 / 2012 PA 09/03 The Speaker ACT Legislative
More informationInformation Governance Policy (incorporating IM&T Security)
(incorporating IM&T Security) ONCE PRINTED OFF, THIS IS AN UNCONTROLLED DOCUMENT. PLEASE CHECK THE INTRANET FOR THE MOST UP TO DATE COPY Target Audience: All staff employed or working on behalf of the
More informationCODE OF PRACTICE ON THE MANAGEMENT OF POLICE INFORMATION
CODE OF PRACTICE ON THE MANAGEMENT OF POLICE INFORMATION Made by the Secretary of State for the Home Department under sections 39 and 39A of the Police Act 1996 and sections 28, 28A, 73 and 73A of the
More informationWho Should Know This Policy 2 Definitions 2 Contacts 3 Procedures 3 Forms 5 Related Documents 5 Revision History 5 FAQs 5
Information Security Policy Type: Administrative Responsible Office: Office of Technology Services Initial Policy Approved: 09/30/2009 Current Revision Approved: 08/10/2015 Policy Statement and Purpose
More informationPractical Overview on responsibilities of Data Protection Officers. Security measures
Practical Overview on responsibilities of Data Protection Officers Security measures Manuel Villaseca Spanish Data Protection Agency mvl@agpd.es Security measures Agenda: The rol of DPO on security measures
More informationRevised Guide to information security
Revised Guide to information security Reasonable steps to protect personal information Consultation draft August 2014 Contents Background... 1 The purpose of this guide... 1 The Privacy Act and the security
More informationIT Security Management
The Auditor-General Audit Report No.23 2005 06 Protective Security Audit Australian National Audit Office Commonwealth of Australia 2005 ISSN 1036 7632 ISBN 0 642 80882 1 COPYRIGHT INFORMATION This work
More informationStellenbosch University. Information Security Regulations
Stellenbosch University Information Security Regulations 1. Preamble 1.1. Information Security is a component of the Risk structure and procedures of the University. 1.2. Stellenbosch University has an
More informationOutsourcing and third party access
Outsourcing and third party access This document is part of the UCISA Information Security Toolkit providing guidance on the policies and processes needed to implement an organisational information security
More informationInformation Governance Policy
Information Governance Policy Information Governance Policy Issue Date: June 2014 Document Number: POL_1008 Prepared by: Information Governance Senior Manager Insert heading depending on Insert line heading
More informationBOARD OF DIRECTORS PAPER COVER SHEET. Meeting date: 22 February 2006. Title: Information Security Policy
BOARD OF DIRECTORS PAPER COVER SHEET Meeting date: 22 February 2006 Agenda item:7 Title: Purpose: The Trust Board to approve the updated Summary: The Trust is required to have and update each year a policy
More informationLEEDS BECKETT UNIVERSITY. Information Security Policy. 1.0 Introduction
LEEDS BECKETT UNIVERSITY Information Security Policy 1.0 Introduction 1.1 Information in all of its forms is crucial to the effective functioning and good governance of our University. We are committed
More informationJoint Universities Computer Centre Limited ( JUCC ) Information Security Awareness Training- Session One
Joint Universities Computer Centre Limited ( JUCC ) Information Security Awareness Training- Session One Information Security- Perspective for Management Information Security Management Program Concept
More informationInformation Governance Strategy & Policy
Information Governance Strategy & Policy March 2014 CONTENT Page 1 Introduction 1 2 Strategic Aims 1 3 Policy 2 4 Responsibilities 3 5 Information Governance Reporting Structure 4 6 Managing Information
More informationAccess Control Policy
Version 3.0 This policy maybe updated at anytime (without notice) to ensure changes to the HSE s organisation structure and/or business practices are properly reflected in the policy. Please ensure you
More informationElectronic Information Security Policy - NSW Health
Electronic Information Security Policy - NSW Health Document Number PD2013_033 Publication date 11-Oct-2013 Functional Sub group Corporate Administration - Information and data Corporate Administration
More informationData Protection Breach Management Policy
Data Protection Breach Management Policy Please check the HSE intranet for the most up to date version of this policy http://hsenet.hse.ie/hse_central/commercial_and_support_services/ict/policies_and_procedures/policies/
More informationInformation Security Policies and Procedures Development Framework for Government Agencies. First Edition - 1432 AH
Information Security Policies and Procedures Development Framework for Government Agencies First Edition - 1432 AH 6 Contents Chapter 1 Information Security Policies and Procedures Development Framework
More informationCouncil Policy. Records & Information Management
Council Policy Records & Information Management COUNCIL POLICY RECORDS AND INFORMATION MANAGEMENT Policy Number: GOV-13 Responsible Department(s): Information Systems Relevant Delegations: None Other Relevant
More informationSuppliment tal-gazzetta tal-gvern ta Malta Nru. 18,412, 30 ta April, 2009 Taqsima B FINANCIAL MARKETS ACT (CAP. 345)
VERŻJONI ELETTRONIKA B 1579 Suppliment tal-gazzetta tal-gvern ta Malta Nru. 18,412, 30 ta April, 2009 Taqsima B L.N. 138 of 2009 FINANCIAL MARKETS ACT (CAP. 345) Central Securities Depository (Authorisation
More information