Premier & Cabinet

Type:
Department of Premier and Cabinet Circular
Identifier:
C2001-46
Status:
Archived

C2001-46 Security of Electronic Information

Detailed Outline

The NSW Government has a duty to safeguard its large information holdings. The use of information and information systems is an integral, and increasingly mission critical, part of all NSW Government activities. Information is an asset that must be protected to ensure its necessary confidentiality, integrity and availability. In recognition of this, Cabinet has directed that all agencies are to undertake measures to protect electronic information.

The measures are:

  • all agencies are to develop and implement policies and plans for information security management by 2002;
  • all agencies are to assign responsibility for IT security to a nominated officer;
  • all agencies are to ensure that all staff, including contractors and consultants, understand their responsibilities for information security;
  • the Department of Information Technology and Management will establish a program for external penetration testing of agencies' IT systems; and
  • agencies are to have their IT systems certified to the national standard AS/NZS 4444 information security management when accredited certifiers become available.

The Department of Information Technology and Management (Office of Information Technology) published revised Information Management and Technology (IM&T) Guidelines for electronic security in early 2001. The Guidelines are aligned with AS/NZS 17799 and 4444 and are available from the Office of Information Technology's website at www.oit.nsw.gov.au.

The Department of Information Technology and Management is establishing on-line reporting arrangements for agencies' progress in implementing security management measures. Details will be issued in due course, but reporting will be quarterly until the end of 2002, then annually until 2004.

It should be noted that the Department of Public Works and Services currently operates a period panel contract (ITS 2037) for IT Security Consulting Services. This contract is being replaced by a new contract (ITS 2319) that includes IT security consulting services, and security products and related services.

Please contact Nigel Evans at the Office of Information Technology for further information on 9236 7718 or [email protected]

C. Gellatly
Director-General

___________________________________________

Superseded by M2007-04

Overview

Compliance

Not Mandatory

AR Details

Date Issued
Jun 13, 2014
Review Date
Jun 13, 2024
Replaces
Replaced By

Contacts

Contact
Contact us
Phone
02 9228 5555
Publishing Entity
Department of Premier and Cabinet
Issuing Entity
Department of Premier and Cabinet