Term
|
Definition
|
Employee
|
Any permanent, temporary, seconded or contracted staff member, contractors and consultants, volunteers or other person who provides services on a paid or voluntary basis to the department that are required to comply with the department's policies and procedures. Within schools this includes Principals, Deputy Principals, heads of departments, head of curriculums, guidance officers, teachers and other school staff who manage information.
|
Data
|
The representation of facts, concepts or instructions in a formalised (consistent and agreed) manner suitable for communication, interpretation or processing by human or automatic means. Typically comprised of numbers, words or images. The format and presentation of data may vary with the context in which it is used. Data is not information until it is utilised in a particular context for a particular purpose.
|
ICT assets
|
ICT hardware, software, systems and services including voice, video and unified communication such as telephony and collaboration systems that are used in the department to process, store or transmit information such as computers, telephone systems, close circuit television (CCTV) and video surveillance systems, servers, switches, wireless network equipment, cabinets, scanners multifunctional printers, mobile phones, laptops, iPads, Surface Pros, digital cameras, electronic whiteboards, projectors etc.
|
ICT facilities
|
An electronic service designed for a particular communication and/or function, which includes but is not limited to electronic networks, internet, extranet, email, instant messaging, webmail, fee-based web services and social media.
|
Information
|
Information is any collection of data that is processed, analysed, interpreted, classified or communicated in order to serve a useful purpose, present fact or represent knowledge in any medium or form. This includes presentation in electronic (digital), print, audio, video, image, graphic, cartographic, physical sample, textual or numerical form.
|
Information security
|
Information security is the preservation of confidentiality, integrity and availability of information, in addition to other properties such as authenticity, accountability, non-repudiation and reliability.
|
Information security management system (ISMS)
|
An ISMS is part of an overall management system (a type of framework), based on a business risk approach, to establish, implement, operate, monitor, review, maintain and improve information security.
|
IS18:2018
|
Queensland Government’s Information security policy (IS18:2018) issued by the Queensland Government’s Chief Information Office (QGCIO) that directs agencies to implement an ISMS based on ISO/IEC 27001, but does not require agencies to obtain ISO/IEC 27001 certification.
|
ISO/IEC 27001
|
ISO/IEC 27001 is an international standard that provides a model for establishing, implementing, maintaining and continually improving an information security management system within an organisation. This international standard also includes requirements for assessing and treating information security risks tailored to the needs of the organisation. ISO/IEC 27001 is enforced through QGCIO’sInformation security policy (IS18:2018).
|