Draft information security management protocol
Download 349.87 Kb.
|
- Navigate this page:
- Amendments
- 1. Status and applicability
- Figure 1: Information security policy hierarchy
ContentsContents iii Amendments vi 1. Status and applicability 1 1.1 Status 1 1.2 Specific terms in this protocol 2 1.3 Applicability 2 1.4 Policy exceptions 3 1.5 Structure and design of this protocol 4 1.6 References and supporting documents 5 1.7 Document change control 6 2. How this protocol fits into the PSPF structure 7 3. Compliance 8 3.1 Compliance with legal requirements 8 3.2 Compliance with information security core policy, mandatory requirements, protocols, standards and technical advice 9 3.3 Information systems audit considerations 10 4. Risk assessment and treatment 11 4.1 Information security risk assessments 11 5 Agency information security policy and planning 12 5.1 Information security policy 12 6. Information security framework and external party access 13 6.1 Internal framework 13 6.2 External parties 14
7.1 Responsibility for assets 15 7.2 Information classification 16 7.3 Business impact levels 17 7.4 Aggregation 17 7.5 Foreign government information (FGI) 17 7.6 Information declassification 18
8.1 Operational procedures and responsibilities 19 8.2 External party service delivery management 19 8.3 System planning and acceptance 20 8.4 Protection against malicious and mobile code 20 8.5 Back-up 21 8.6 Network security management 21 8.7 Media handling 21 8.8 Exchange of information 22 8.9 Electronic commerce services 22 8.10 Monitoring 23
9.1 Business requirements for access control 25 9.2 User access management 25 9.3 User responsibilities 26 9.4 Network access control 26 9.5 Operating system access control 27 9.6 Application and information access control 28 9.7 Mobile computing and tele-working 28 10. Information systems development and maintenance 29 10.1 Security requirements of information systems 29 10.2 Correct processing in applications 29 10.3 Cryptographic controls 30 10.4 Security of system files 30 10.5 Security in development and support activities 30 10.6 Technical vulnerability management 31 Amendments
1. Status and applicability1.1 StatusThe Attorney-General approved the Information security management protocol on 18 July 2011. This protocol is part of the third level of the Australian Government’s information security policy hierarchy, as shown in Figure 1. Figure 1: Information security policy hierarchy
This protocol draws its authority from the PSPF—Directive on the security of government business, Governance arrangements, and the Information security core policy and mandatory requirements. It should be read in conjunction with: the Protective Security Policy Framework (PSPF) governance arrangements and core policies the PSPF - Australian Government Personnel Security Protocol the PSPF - Australian Government Physical Security Management Protocol the Commonwealth Fraud Control Framework any agency specific legislation the PSPF - Australian Government protective security governance management guideline—Business impact levels the PSPF - Australian Government information security management guidelines—Australian Government security classification system the PSPF - Australian Government physical security management guidelines—Physical security of ICT equipment, systems and facilities, and other guidelines issued from time to time. Download 349.87 Kb. Share with your friends:
|