Premier & Cabinet

Type:
Department of Premier and Cabinet Circular
Identifier:
C2007-50
Status:
Archived

C2007-50 Survey of Electronic Information Security

Description

Premiers Memorandum M2007-04 states that agencies are to report their security status annually and that details would be promulgated separately.  This Circular provides the details for 2007. The purpose of the survey is to enable agencies to provide information about the main risks to their electronic information assets and the steps being taken to effectively manage the risks.  This information will be reported to Cabinet for its consideration of a whole of government picture of risk exposure and security management status.

Detailed Outline

Premier’s Memorandum M2007 - 04 states that agencies are to report their security status annually and that details would be promulgated separately.  This Circular provides the details for 2007.

The purpose of the survey is to enable agencies to provide information about the main risks to their electronic information assets and the steps being taken to effectively manage the risks.  This information will be reported to Cabinet for its consideration of a whole of government picture of risk exposure and security management status.  Ministers will be able to see the responses of those agencies with which their own agencies exchange electronic information.  Ministers will also be able to compare the security profile of their agencies with the government wide average.

In addition to some basic administrative information the survey seeks security information in two categories:

  • indicators about the agency’s Information Security Management System (ISMS), or what is being done if an ISMS is not yet in place; and
  • information about the security risk exposure of electronic information.  This is structured around seven broad classes of possible business risk consequences. 

The survey is to be completed by all agencies that operate their own information technology systems or have a formal outsourcing agreement with a public or private sector entity.  Small agencies that do not operate their own information technology systems and function as a de facto business unit of another agency are not required to complete the survey.  For this survey information technology systems include those with operational control functions.

The survey is only available on-line and may be accessed at http://issf.sws.com.au.  The survey is open until 14 December 2007. 

The survey does not need to be completed in a single session, different staff may answer different questions.  It is estimated that an agency with an effective and efficient information security management system will be able to complete the survey in about 2 hours. The completed survey has to be approved before being submitted.

Each participating agency will need to register with the survey to gain access to it.  Most agencies are already listed but others can apply to register.  The survey also requires each agency to identify those agencies with which it exchanges electronic information. 

Robyn Kruk
Director General

Overview

Compliance

Not Mandatory

AR Details

Date Issued
Nov 9, 2007
Review Date
Dec 31, 2014
Replaces
Replaced By

Contacts

Contact
Contact us
Phone
02 9228 5555
Publishing Entity
Department of Premier and Cabinet
Issuing Entity
Department of Premier and Cabinet