• No results found

Information Security Policy

N/A
N/A
Info
Download
Protected

Academic year: 2021

Share "Information Security Policy"

Copied!
6
0
0

Loading.... (view fulltext now)

Download now ( 6 Page )

Full text

(1)

Information Security Policy

Information policies and standards

Department of Transport and Main Roads

Prepared by Enterprise Security Unit

Version no. v3.0

Status Final

QGCIO ref. QGEA Information Standard, Information Security (IS18)

DMS ref. no. 700/00458 E125416

Template v1.0 I:\Policies\Information Security IS18\v3.0 Final 2009\Information security policy v3.0.doc

(2)

Version legend

Version Document status Date

2.0 Final Sign off document 08/08/2008

2.1 Draft policy rewritten by Information Policies and Standards Unit to combine the two department's separate policies. Further amended to align to updated QGCIO Information Security Standard (IS18)

18/06/2009

2.2 Review by Enterprise Security Unit 10/09/2009

2.3 Additional review by Enterprise Security Unit 16/11/2009

3.0 Final document 25/01/2010

Document control sheet

Contact for enquiries and proposed changes

Officer Name Phone

Operational owner (Director) Lloyd Carter, Director (Information Management) 3834 2461 Review officer (contact officer) Greg Smith, Enterprise Security Manager 3834 8934

Version history

Version no. Issue date Nature of amendment

1.0 09/09/2003 First final version. 2.0 08/08/2008 Major review

3.0 25/01/2010 Major review to create one policy and remove all sub-policies including updated to new department's name following a restructure. This document has an information security classification of PUBLIC.

© The State of Queensland (Department of Transport and Main Roads) 2009

http://creativecommons.org/licences/by/2.5/au

This work is licensed under a Creative Commons Attribution 2.5 Australia Licence

To attribute this material, cite State of Queensland (Department of Transport and Main Roads) 2009, Information

(3)

Information policies and standards v3.0 iii

Department of Transport and Main Roads, Information Security Policy, 2009

Document sign off

This information policy is approved by the Director-General:

Name David Stewart

Position Director-General

Signature Date 25/01/2010

This information policy is endorsed by:

Name Jack Noye

Position Deputy Director-General (Corporate)

Signature Date 21/01/2010

This information policy is endorsed by:

Name Cathi Taylor

Position Chief Information Officer

Signature Date 18/12/2009

This information policy is presented for approval by the operational owner:

Name Lloyd Carter

Position Director (Information Management), Enterprise Information and Systems Division

(4)

Contents

1

Policy statement... 1

2

Scope... 1

3

Applicability ... 1

4

Objectives... 1

5

Rationale ... 1

6

Benefits ... 1

7

Definitions ... 1

8

References ... 2

(5)

1

Policy statement

The Department of Transport and Main Roads will develop, document, implement and continually review appropriate security controls and processes to ensure the confidentiality, integrity and availability of the department's information and ICT assets.

These information security controls and processes will include security measures to protect information from misuse and loss, and from unauthorised access, modification or disclosure.

2

Scope

This policy encompasses all information and ICT assets (as defined in section 7) that are owned, managed or operated by the department.

3

Applicability

This policy applies to all employees (as defined in section 7) for the duration of their employment within the department.

4

Objectives

The objectives of this policy are to assist the department to meet all legislative requirements for information security and to mitigate the risk to the confidentiality, integrity and

availability of the department's information and ICT assets.

5

Rationale

Under the Queensland Financial

and

Performance Management Standard 2009(Part 2, Section 27), the department has a legal requirement to implement policies and standards in compliance with the Queensland Government's Information Standard, Information Security (IS18).

6

Benefits

The benefits to the department from implementing this policy include:

appropriate protection and control of the departments information and ICT assets

information security measures commensurate with the value, business significance and sensitivity of the department's information assets

adherence to all legal and legislative requirements.

7

Definitions

Terms, abbreviations

and acronyms Definitions

Authentication Process that verifies the claimed identity of an individual as established by an identification process.

Information policies and standards v3.0 1

(6)

Terms, abbreviations

and acronyms Definitions

Employee All temporary and permanent staff, consultants, contractors, students or any other person who provides services on a paid or voluntary basis to the Department of Transport and Main Roads. ICT Information and communication technology.

ICT assets ICT hardware, software, systems and services used in the departments operations including physical assets used to process, store or transmit information.

Information Knowledge communicated, processed, analysed, interpreted, classified or received concerning some fact or circumstance. Information assets An identifiable collection of data stored in any manner and

recognised as having value for the purpose of enabling the department to perform its business functions, thereby satisfying a recognised departmental requirement.

Note:

Data or information from an external source does not need to be managed as the department's information asset.

However, any modification of this information will create a new information asset that will require management.

QGCIO The Queensland Government Chief Information Office within the Department of Public Works provides strategic leadership, management and advice to ensure that whole-of-government ICT initiatives are maximised.

8

References

Queensland Government Information Standard, Information security (IS18), Queensland Government Chief Information Office

http://qgcio.qld.gov.au/qgcio/architectureandstandards/informationstandards/current/Pa ges/Information%20Security.aspx

Financial Accountability Act 2009

http://www.legislation.qld.gov.au/LEGISLTN/ACTS/2009/09AC009.pdf

Financial and Performance Management Standard 2009

http://www.legislation.qld.gov.au/LEGISLTN/SLS/2009/09SL104.pdf

Queensland Government Enterprise Architecture 2.0, Queensland Government Chief Information Office

http://qgcio.qld.gov.au/QGCIO/ARCHITECTUREANDSTANDARDS/QGEA2.0/Page s/index.aspx

Queensland Government Authentication Framework, Queensland Government Chief Information Office

http://qgcio.qld.gov.au/qgcio/architectureandstandards/Pages/security.aspx

Queensland Government Information Security Classification Framework, Queensland Government Chief Information Office

References

Download now ( PDF - 6 Page - 87.38 KB )

Related documents

Security. Tiffany Trent-Abram VP, Global Product Management. November 6 th, One Connection - A World of Opportunities

–   Requirement 11: Regularly test security systems and processes §  Maintain an Information Security Policy. –   Requirement 12: Maintain a policy that addresses

Richard Gadsden Information Security Office Office of the CIO Information Services

MUSC's Security Policies ➲ Computer Use Policy (updated) ➲ Information Security Policies (new) ●

Excerpt of Cyber Security Policy/Standard S Information Security Standards

Based on a risk assessment , the required level of protection will be identified taking into account the type and quality of the encryption algorithm used and the length

INFORMATION TECHNOLOGY POLICY

Physical & Environmental Security Policy Information Privacy Policy Access Enforcement Standard Information Flow Management Standard 1 … 2 … 3 … … Account Management

ISO/IEC 27001:2013 Thema Änderungen der Kontrollen der ISO/IEC 27001:2013 im Vergleich zur Fassung aus 2005 Datum

A.5.1 Management direction for information security A.5.1 Information security policy A.5.1.1 Policies for information security A.5.1.1 Information security policy document

Hengtian Information Security White Paper

Hengtian has developed a set of corporate information security standards and policies, which covers the control areas of asset management, human resources security, physical

Field Processing of Credit Cards: Solving Credit and Collections Issues

– Requirement 11: Regularly test security systems and processes – Maintain an Information Security Policy. – Requirement 12: Maintain a policy that addresses

Exploring the CO2-Impact for Building Height; A Study on Technical Building Installations

Each case study consists of one building, which was scaled up or down in order to make fair comparisons of the GHG emissions attributed to the technical systems with increased