Department wide
This policy supports the department’s approach to managing information security in accordance with the Queensland Government’s Information security policy (IS18:2018). This will enable the department to apply an Information Security Management System (ISMS) based on recommendations within ISO/IEC 27001 - Information technology – Security techniques – Information security management systems – Requirements (ISO 27001:2013).
The department will apply a consistent, risk-based approach to information security that maintains the confidentiality, integrity and availability of information by protecting information against unauthorised disclosure, access or use, loss or compromise (malicious or accidental), or a breach of privacy. This includes identifying and managing risks to information, applications and technologies, throughout their lifecycle by implementing an ISMS in compliance with the Queensland Government’s Information security policy (IS18:2018).
Term
Definition
Employee
Any permanent, temporary, seconded or contracted staff member, contractors and consultants, volunteers or other person who provides services on a paid or voluntary basis to the department that are required to comply with the department's policies and procedures. Within schools this includes Principals, Deputy Principals, heads of departments, head of curriculums, guidance officers, teachers and other school staff who manage information.
Data
The representation of facts, concepts or instructions in a formalised (consistent and agreed) manner suitable for communication, interpretation or processing by human or automatic means. Typically comprised of numbers, words or images. The format and presentation of data may vary with the context in which it is used. Data is not information until it is utilised in a particular context for a particular purpose.
ICT assets
ICT hardware, software, systems and services including voice, video and unified communication such as telephony and collaboration systems that are used in the department to process, store or transmit information such as computers, telephone systems, close circuit television (CCTV) and video surveillance systems, servers, switches, wireless network equipment, cabinets, scanners multifunctional printers, mobile phones, laptops, iPads, Surface Pros, digital cameras, electronic whiteboards, projectors etc.
ICT facilities
An electronic service designed for a particular communication and/or function, which includes but is not limited to electronic networks, internet, extranet, email, instant messaging, webmail, fee-based web services and social media.
Information
Information is any collection of data that is processed, analysed, interpreted, classified or communicated in order to serve a useful purpose, present fact or represent knowledge in any medium or form. This includes presentation in electronic (digital), print, audio, video, image, graphic, cartographic, physical sample, textual or numerical form.
Information security
Information security is the preservation of confidentiality, integrity and availability of information, in addition to other properties such as authenticity, accountability, non-repudiation and reliability.
Information security management system (ISMS)
An ISMS is part of an overall management system (a type of framework), based on a business risk approach, to establish, implement, operate, monitor, review, maintain and improve information security.
IS18:2018
Queensland Government’s Information security policy (IS18:2018) issued by the Queensland Government’s Chief Information Office (QGCIO) that directs agencies to implement an ISMS based on ISO/IEC 27001:2013, but does not require agencies to obtain ISO/IEC 27001:2013 certification.
ISO/IEC 27001:2013
ISO/IEC 27001:2013 is an international standard that provides a model for establishing, implementing, maintaining and continually improving an information security management system within an organisation. This international standard also includes requirements for assessing and treating information security risks tailored to the needs of the organisation. ISO/IEC 27001:2013 is enforced through QGCIO’sInformation security policy (IS18:2018).
Previous seven years shown. Minor version updates not included.
Nil
For further information, please contact: Information Management, Digital TechnologyInformation and Technologies Branch (I&T Branch)Email: InformationManagement.INFOMNGT@qed.qld.gov.au Cyber Security and Identity Management, Enterprise Technology ServicesInformation and Technologies Branch (I&T Branch)Email: ISMS.GRC@qed.qld.gov.au
Uncontrolled copy. Refer to the Department of Education Policy and Procedure Register to ensure you have the most current version of this document.
How would you rate this page?
Thank you! We appreciate your feedback.
Share with Facebook
Share with Twitter
Share with LinkedIn
Share with Google+
Share with Pinterest