Welcome to Scribd, the world's digital library. Read, publish, and share books and documents. See more
Download
Standard view
Full view
of .
Look up keyword or section
Like this
1Activity
P. 1
Isp

Isp

Ratings: (0)|Views: 8|Likes:
Published by papafasha

More info:

Published by: papafasha on Feb 17, 2014
Copyright:Attribution Non-commercial

Availability:

Read on Scribd mobile: iPhone, iPad and Android.
download as PDF, TXT or read online from Scribd
See more
See less

04/29/2014

pdf

text

original

 
 
Information Security Policy
Version 2.2 October 2012
Office of the Government Chief Information Officer
Ministry of Citizens’ Services
 and Open Government Security Classification: PUBLIC
 
 
Security Classification:
 PUBLIC
 Province of British Columbia Information Security Policy Page 2 Office of the Government Chief Information Officer Copyright © 2006-2012 Province of British Columbia. All rights reserved.
Permission to use extracts from ISO 27002:2005 was provided by Standards Council of Canada, the Canadian member body for the International Organization for Standardization (ISO) and in cooperation with IHS Canada. No further reproduction is permitted without prior written approval from Standards Council of Canada.
Contact
For inquiries regarding the Information Security Policy, contact Information Security Branch, Office of the Government Chief Information Officer or email CITZCIOSecurity@gov.bc.ca. 
 
 
Security Classification:
 PUBLIC
 Province of British Columbia Information Security Policy Page 3 Office of the Government Chief Information Officer
Introduction
Government is the custodian of extensive information holdings and relies upon its information assets for fiscal, policy and program delivery initiatives. The management of public information requires government to protect confidentiality, integrity and availability of the information assets in its care. The Information Security Policy is based on the ISO 27002:2005 standard for information security management. This standard provides a structured approach to identifying the broad spectrum of information security activities in the life-cycle of information systems. The Information Security Policy provides the framework for government organizations to establish local policies and procedures necessary for the protection of government information and technology assets. Implementation of a structured Information Security Program will provide more consistent protection of government information and technology resources. The policies incorporate a risk assessment approach to security using Security Threat and Risk Assessments to consider:
 
Business process and government service delivery implications;
 
Technological implications; and,
 
Communications strategies including changes to personnel information security awareness programs. The risk assessment approach enables:
 
Compliance with legislative and policy objectives;
 
Cost-effective allocation of resources based on a risk assessment;
 
Responsible
governance of the Province’s information assets; and,
 
 
Secure provision of government e-services.
Glossary
The Information Security Policy includes a Glossary of key terms. The first instance of a defined term in a policy is italicized. Terms from existing policies are adopted where appropriate.
Authority
The Information Security Policy is issued under the authority of the Government Chief Information Officer. Exemptions to this policy may be granted subject to the approval of the Government Chief Information Officer. A Briefing Note, outlining the exemption required and supporting documentation for the business need must be submitted to the Government Chief Information Officer for consideration of the exemption. The next Scheduled Review of the Information Security Policy is December 2013. Suggested modifications will be reviewed and policies updated as required.
Revision
This version includes metrics for policy statements to facilitate compliance. It also includes changes from, and references to, new and updated standards since last revision, including the Payment Card Industry Data Security Standard 2.0. Revisions are made to improve clarity. Broken links and obsolete references are corrected and kept current. The itemized change log is available from the Information Security Branch, Office of the Government Chief Information Officer (CITZCIOSecurity@gov.bc.ca).

You're Reading a Free Preview

Download
scribd
/*********** DO NOT ALTER ANYTHING BELOW THIS LINE ! ************/ var s_code=s.t();if(s_code)document.write(s_code)//-->