The Information Security domain is focused on the protection of information, ensuring its safeguarded confidentiality, integrity and availability. The domain describes how to provide appropriate and secure access to information and assists people to understand how to classify and handle information.
Required outcome
Each agency is responsible for maintaining the confidentiality, integrity and availability of all official information.
To assist agencies to achieve this security outcome, Tasmania’s Protective Security Policy Framework (TAS-PSPF) includes 3 Information Security (INFOSEC) core requirements, supported by a varying number of supplementary requirements and a guiding policy for each. These requirements cover the scope of what agencies must do in relation to their information security.
INFOSEC-1: Access to, and management of, official information
Context
Security protections support agencies in the provision of timely, reliable and appropriate access to official information while ensuring integrity, availability and confidentiality of information. The availability of information assists in service delivery, business continuity, decision making and policy development.
Core requirement
The Accountable Authority must adhere to whole-of-government protective security policies and procedures relating to the management of information security.
Policy guidance
INFOSEC-2: Protecting official information
Context
Official information refers to all information that is created, sent, or received as part of the work of the Tasmanian Government. All official information must be protected according to the assessed business impact that any compromise of the information could cause.
Core requirement
Agencies will adopt the Australian Government’s Protective Security Policy Framework and related documentation for the classification, protective marking, transfer, handling and storage requirements of information (in any format) relative to its value, importance and sensitivity.
Policy guidance
INFOSEC-3: Robust technology and information systems
Context
Access to information, particularly security-classified information, must be controlled to maintain the confidentiality and integrity of Tasmanian Government information, assets, and business operations. Limiting unintended or unauthorised access to protectively marked information relies on robust and validated technology, information and infrastructure systems, complemented by enhanced security governance.
Core requirement
The Accountable Authority must ensure the security of technology and information assets to safeguard data, information and privacy, and to ensure continuous delivery of government business during all stage of the asset life-cycle.
Policy guidance
