TAS Information Security Framework (ISF)
Details
This download includes the TAS Information Security Framework (ISF) policies only so there are no mapped questions. Use this download if you just want the provisions and you want to create your own question set.
The TAS Information Security Framework provides a consistent, risk-based approach to protecting Tasmanian Government information, systems and services from cybersecurity threats. The Tasmanian Government Information Security Charter outlines the endorsed Information Security Principles and Policies to be applied by agencies. These,
together with guidelines, form the Agency Information Security Framework for application by agencies.
The framework uses a risk based approach to implement appropriate levels of information security. Risk assessment and management methodology guidelines are integral to the framework
The TAS ISF includes 14 provisions across the following 7 domains:
- Underlying principles
- Governance
- Record Security
- Physical Security for Information Security
- Personnel
- General IT
- Incident Reporting
Principles:
- Each agency must develop and implement an Agency Information Security Plan that is appropriate to the Agency’s functions and the risks that it faces.
- The Agency Information Security Plan needs to identify the information assets of the Agency.
- Each agency is to conduct regular information security risk assessments.
- The Agency Information Security Plan needs to be monitored and reviewed to minimise information security risks.
- Information resources, including ICT systems, to be reasonably protected from compromise and misuse – that is, the range of means by which harm could be caused to information, especially loss, damage, corruption, or disclosure, whether deliberate or accidental.
- People employed to perform Government functions to be suitable and meet relevant standards of integrity and honesty.
- When outsourcing a function, agencies remain accountable for the secure performance of that function.
- Information resources used in a home-based or mobile environment are suitably secured.
Getting Started
Click "Book a demo" and our team will provide you with an overview of our content library within the 6clicks GRC platform.More Information
Jurisdiction | Australia |
---|---|
Type | Laws or related obligations |