VICTORIAN PROTECTIVE DATA SECURITY FRAMEWORK (VPDSF)
INFORMATION
SECURITY GUIDE
Information Security Guide
This page is intentionally left blank.
2
V1.0
Information Security Guide
VICTORIAN PROTECTIVE DATA SECURITY FRAMEWORK (VPDSF)
INFORMATION
SECURITY GUIDE
V1.0
3
Information Security Guide
Published by the Commissioner for Privacy and Data Protection
PO Box 24014
Melbourne Victoria 3001
June 2016
Also published on:
http://www.cpdp.vic.gov.au
ISBN 978-0-9946370-1-7
4
V1.0
Information Security Guide
VPDSF Information Security Guide
Document Details
VPDSF INFORMATION SECURITY GUIDE DOCUMENT DETAILS
Protective Marking
Unclassified
Publication Date
June 2016
Review Date
June 2017
Document Status
Final V1.0
Author
Office of the Commissioner for Privacy and Data Protection
For further information, please contact the Data Protection Branch on [email protected]
V1.0
5
Information Security Guide
This page is intentionally left blank.
6
V1.0
Information Security Guide
Contents
Background..............................................................................................................................................9
Purpose.....................................................................................................................................................9
Audience...................................................................................................................................................9
Scope......................................................................................................................................................10
Use of terms..........................................................................................................................................10
Chapter 1 – Understanding Information Value.......................................................................... 11
Part 1 – Purpose................................................................................................................................... 11
Part 2 – Information Assessment Process...................................................................................... 11
Part 3 – State versus Commonwealth scheme............................................................................. 15
Part 4 – Business Impact Levels (BILs)............................................................................................. 17
Part 5 – How to read the BIL table...................................................................................................18
Part 6 – Contextualising the VPDSF BIL table for your organisation........................................19
Part 7 – Working examples................................................................................................................22
Part 8 – Continuous information assessment...............................................................................27
Chapter 1 Appendix – Understanding Information Value........................................................... 28
Appendix A – Visual representation of the information assessment process................. 28
Appendix B – VPDSF Business Impact Level (BIL) Table...................................................... 29
Chapter 2 – Protective Markings.................................................................................................. 42
Part 1 – Purpose.................................................................................................................................. 42
Part 2 – Introduction ......................................................................................................................... 42
Part 3 – What are protective markings?......................................................................................... 43
Part 4 – Protective markings scheme (Victoria)........................................................................... 44
Part 5 – Protectively marked material from another organisation............................................ 51
Part 6 – Legacy classified information ...........................................................................................52
Chapter 2 Appendix – Protective Markings ...................................................................................53
Appendix C – Relationship between Protective Markings ..................................................53
Appendix D – Common protective markings employed by each State and Territory.... 54
V1.0
7
Information Security Guide
This page is intentionally left blank.
8
V1.0
Information Security Guide
Background
The Commissioner for Privacy and Data Protection (CPDP) issues security guides to support the
Victorian Protective Data Security Framework (VPDSF). All elements of the VPDSF are inter-linked and
should not be read in isolation.
The Information Security Guide forms part of a suite of supporting security guides provided in the
Resources section of the VPDSF.
Victorian Protective Data Security Framework
Victorian Protective Data Security Standards
Assurance Model
Sec
GO
Security
GOVERNAN
Policies and
CE
ive Data
Protect
Victorian
ork
amew
anag
t Fr
emen
yM
curit
Se
GOVE
RNAN
CE
urity
VERN
Security
ork
Framew
s
n Prot
Ob
CE
liga
tion
n Prot
Secu
ures
and Proced
Policies
Security
3 GOVERNANCE
t
emenData Security Standards
agProtect
ive
Man
Victorian
y Risk
curitANCE
res
rk
wo Se
and procedu
ork s
me
RN
security policies
ewrity Standardard
ty Fra 2
GOVE
Secu Stand
m
ent and maintain
uri
a
, implem
Data
ve
posture. .
establish
ta Sec
es and riskrity risks
tion must
Da
n Prot
ntectiFr
An organisa to their size, resourc age secu
tive
oriae
Victm
tec
man
Pro
proportionate
rk to
e
ewo
ian
tor
ent fram
nag
Vic
ent of
agem of Objective
sector data.
agem
rk
man
Ma
ard
of public
man
wo
Statement
s
e a risk
ctive
protection
Stand
frame
t utilis
n for the and effe
ndard
mus
urity CE
ent directio
Sta
tion
tion
strategic
em
tifica
urity organisa
To set clear
nag
Sec AN
iden
1
Victoria
rk
ewo
rity Fram
Data
ective
Victoria
AN
s
Procedure
4
Information
GOVERNAN
Victorian
CE
Protective
ective Victorian Protect
ive Data
Data
Security
Secu
Framew
rity Fram
ork
ewo
rk
Access
5 Secu
Data Security
Standard
GOVE
Standards
Victoria
n
rity O
RNAN
CE
Prot
ective
bligat
6
Data
Secu
ions
Sec
urity
GO
rity Stan
An organisa
VEdard
Vic
Stand
RNs
tor
tion must
ian
ard
establish
public sector
AN
, implem
Pro
data.
Vic
CE
ent and maintain
tec
tor
An orga
tive
ian
an access
Da
Pro
management
all pers nisation
ta Sec
tec
regime
Statement
ons with must defin
tive for access
uri
of Objec
Data
to
ty Fra
e, doc
acce
tive
ss to St
Sec
ume
me
publican
nt,
urity
To ensure
wo
Statem
daorrd commun
sect
access to
rk
Sta
public sector
icate
ent
ndard
data
.
An
and
data is authoris of Ob
s
regu
org
To ensu
jec
larly
ed and controll
ani
and
tive
Protocol
revie
sation
re all
ed across
aw
w the
pers
4.1
are the
mu security
ons with
secu
nes core
st ens
rity oblig
There is
domains.
s.
acce
ation’s
executiv
Sec
ma
An
the
tive
ure
ation
Pro
ss
organis
St
ta
e
ty
sponsor
VERN
the
to
ugh
incorporated
at
Da
tocol
s of
all per
pub
ents in
ship of security
Objec securi
d thro . 3.1
GO
in the organis
requirem
tive
5.1 ents, emen lic sector
ecte col
requirem
son
security
tec
ent of intain a is protProto
ains
ation’sThe
ship
data
s wit
andof
re is
Pro
access
To and they t of
dom
e sponsor
understa
management
exec
cre
ma or data security
are
h acc
ian
Statem
rted sector it is
they
Ob
is executiv
utive
ate
re.
tor
po
sect
of
regime.
There
are
and
nd
res.
ess
jec
spon
Protocol
Vic
sec
and
their
blic ent, and
inco
sup
procedu
entpublicpostuthe core
to pu
sors
urithip ma
rpor
tive
secu
4.2
policies and lated, s to pu
lemre riskacross
agem
rk.
ated
y of inta
ensu
rity oblig
blic
man
To
ewo
imp
in the acr
the secu
risks
in a
Security
s and
articu rity
ationsec
ty risk
ish, rcerity
orga oss the
requirem
and
ent fram
stro
Pro
ed, secuuri
tor
s.
secu
rity
abl
rd
policies
nisa
ents
ou
agem
ish
ng
obli
manage
toc
cor
dat
ation’s
Prot
tion’s e
da
st est e, res
of sec
abl hip of
ment regime. are implemented ol 5.2
sec ons
3.2
a un
ol 2.1
sec gati
pers
in the organis
risk man
estsorsProto
mu
in the organis
ent ’s col
ocol
Secu
der
Stan
onn
uritel urity of all
ir siz
spon em
tion
arly
implemented
Protoc
ation’s
rity obli
tak
There access
y do
man culturpersons,
sationto the
utive
cle orga
ster.
ents are
nagnisa
6.1
e sec
pers
ani
maagem e tha
exec
gations
requirem
e
ma
and
is exe
ons
s are the
risk regi
and
org
ins ent t
re is
Security
urity
nat
it
tive Theem
and
entated inthe
Protocol
are
An
and regi
tion’s
it is
ens
cut
refle
res.
trainin
and
jec
portio
4.3
rpor ble
the me.
ure
ive
cted embedd
procedu
inc
rk, organisa
inco to ena
pro
ir ob
s
edorp
spo
in the
g
wo
arrang
of Ob
Security
ora
me in the
ce
nso
liga that all
orga into
and
requirem
Pro
teddaily rsh
tions
nan
nisationthe
d in the
t frarded
ent
per
ion
Prot
ents are
reco
organisation’s
in thefuncip of
’s reviewe
appropr tocol 5.3
anden ts. 3.3
em
to pro sons
ed and
’s pers
gover anisat
ol 2.2
d em
tionas
ocol
access manageSecu iately monitor
monitor
tifie
nisation
onnorg
nag
sec
org
Stat
urity
Protoencol
tec under
ed Th
Protoc
orga
el man
and
ani anduri
mentrity obli
appropriately
activ
the
are iden
sec
e reviewe 6.2
t pu
stand
ty ma angem
sat
ents are
ty tra
ities
in the
in the regime.
agem
oss
gations org securi d in the
ure
blic
ion ent
rity riskssecuri ce arr Security requirem
wed res.
procedu
acr
orga
ens
and
sec the imp
’s perregiininof all
revie
Secu
Protocol
nisation of allanisat ty tra
To
policies
ted
g and
tor
the
and ’s
nan
inin
sonme.
ion
mo
ortanc
4.4
dat
’s pers persons
organisation’sitored sation
ip of gover
nel
aw
’sare
pro
a.
perappg and
rsh
onn
are
’s
e
ma
y mon organi
a.
Security
2.3
sonropr aw
ness
Protoc
nag
iatel
requirem
Prot el managem
dat
and
ol 1.1 sponsoanisationtocol
the
nel iatelare
ropr
ents
em
policies
pro
in
manage
oc
ne
are
ma y mon
Pro
ive
d
ation’s
ocol
improved ol 5.4
ent
ent regi
ment.
ment
gra
are app
nag ss pro
nte col 3.4
and
Secu
reg
The
m,
Prot execut the org
and the organissecurity risk environ
me. em itore
environment. regime is updated
me
Proto
d and
6.3
rity risks
rity obli the organis
ime.
risk
is
improved ’s riskevolving
ation’s access
sec
ent gra
d in
Secu
pers to respond
ents are
imple
urity
to the security
reg m isrevie
to rev
wed
onnel gations
theiew
nisation
requirem
There bedde
register. rk is
evolving
respond
ime. imple
toorga
ving
tra
Security
of
risk
ed
man
risk
security
wo
evol
the
me
in the ining risk
environm agem all pers
is em
res are updated
nte
ons
d andd and to the
procedu
ent
frame
d in
are
org and aw
Controls
ent.
1.2
ore ond
ent
improvenit
ani rove are
Prot regime is upd imp
the
to resp
em ts. tocol 2.4
sat
ent is
mo
ated
ocol
guide
nag
en
ated iond’sandnethe
ocol
Contr
agem
upd
ely
practice
to respper ss pro
man
Policy
rk is
The
Prot urity ma angem Pro
riat ents.
entAn organisa
orga
the better
ols
6.4
gra
ve Security
ond
son
res with ernm Protecti
nisa
rity risk frameworop
tion should
arr
em
m tion
sec
procedu
tone
Gov the technol
org securi
app ols
Secu
ent Contr
the
’s
ang
l ma
ty tra
orianres of
ani
The nance
policies and
An orga
its access
evol is app
ogy -- Security align
rk is ce arr
agem
procedu
sat
urity
nagving rop
evo
man
wo
the Vict
inin
ent.
, plans and
nisa management
control].
align its security
ion
techniq
sec
gover
lvin
em securiat
Protectiv
regime
ues --tion
s and
’s per g and
ronm
risk tices with
tion should
s.
ent rityely
the typolicies
frame vernan
Code
shou
ve security
envi
ISO/IEC aw
ofldpractice g sec with
standard
e Secu
mo
1.3
reg
ent ’s go An organisa agency protectiand
Principle Further
uri prac
Pers
urity sonne 27002:2
nitore
ent:against these
ime.
em
onnel
rity Guid align itsfor informa
ved
ion
ents
consideration
Co
g sec ent
tion l ma arene013 Information
ocol
risk
Developing
agem
nag
secu
assessm
sat
d and
lvin agem
ss pro
eline
man
Man
should also Security ntro
Framework
rity obligensecurity
(PSPF).
improrisk
conducting
Prot urity ma organi
evo
viro nagcontrols
Protoco
be
and NIST This mat
Frameworkts are rity
ed when
09 Risk
gra
lsl s Agency Pers
ation nm emen [Access
s.
erial given
0:20
m
sec in the
ols
enitsl secu
to thebe referenc
dard Systems and Organis Special publicat
An to relevant
of provisio
shou
should
the
onnel s of en
allt.pers t regim is im
em po
ion 800-53
nd
orgbe
The
MF).
e stan
ed
ns within
align
ld
ISO 3100
ations.
Contr
ldmateria
This
Secu
anirefe
, Security Protectiv
guide
the
iew
ons with
e is proved
Nationa
13 thes
resrk (VGR
shou
nst
This materia
to the ent.
arrangto
sat
rity Resp
and Privacy
e
rev
n
renc
l
20
up
ewo
e-Authe
Secu
agai
tion
ion
ce
l should
ed whe
the bett
and
trainin Protec
dat
controls
nticatio
ed
Fram
rity Polic
be give managem
onsibiliti
sho
nan ent
be referenc
n ed
for Federal
1.4An organisa
ssments01:
the
er to
uld n conduc
ld also
ed when g] of tive
updat
risk
asse C 270
prac
y Fram Informa
es and
agem
gover
restice
alig
tion
Sec
ocol Risk’s Man
Fur conducthe
rk is ration shou 6 Security
ting
ewo
ting assessm
ducting ISO/IE
s.
guid
n its
the
asse
wo
rk (PSP Australia pond
Pro urity ents
n con with
200
Prot anisation
me conside
sec these ssments
Inform r co
n Gov toe
ndard
Gu against
tec
F).
rk
the
nsider
uri
ed whe
ide
HB 167:
her
ernm
tive
standard agai
org ent fra
wo
se sta
atio
[Du
ent
s. nst thes
Sec lines ty trainin
referenc
the
atio
The
em t.Furt elines and
n
rin
frame
Ag
urity
ld be
e stan
nag
inst
en guid
Privac g Em techn n sho
g and
ent
shou
ma
Policyency
aga
nm
dard
olo
plo
uld
em
erial
Per
y
s.
nts
aw
viro
gy
ym
co
mat
nag
son
Fra
en
are
me
ntrols ent
-- Secalso be
This
This
ma
me
nes
nel
ess
ma
wo
ass
for ] and NIS urity given
urity
V1.0
terial
rk (PS Securi s progra
ing
V1.0
Fed
sec
36
tec
to
T
33
uct
era
sho
PF) ty Re
m wit
.
n its
l Inf Specia hniqu relevan
.
ls
uld
spo
ent
cond
alig
es
orm
em
l
en
nsibili h the
be
uld
ntro
refere
atio public -- Co t provis
sho Manag
bet
d wh
ties
Co
n Sys atio
de
ion
V1.0
nce
nce
[Se ter pra
sation urity
tem n 80 of pra s wit
cur
d wh
V1.0
ani
ctic
refere
hin
ity
s and 0-5
ctic
n Sec
org
be
en
e
aw
3
An
cond
atio
uld
are
for ISO/IE
Organ [Aware e35
nes
uct
Inform terial sho 34
s
isatio nes inform C 270
ing
02:20
atio
ass
ma
ns. s and
ess
n
Tra
This
me
inin securi 13
nts
ty co
g],
aga
Sec
inst
urity ntrols
the
and
se sta
ndard
V1.0
V1.0
s.
VICTORIAN
PROTECTIVE
DATA SECURITY
STANDARDS
Tra
inin
ga
nd
Aw
a
ren
ess
November 2015
37
32
Resources
Purpose
The Information Security guide is designed to assist organisations to implement the VPDSS. It provides
the following guidance:
Chapter 1
Understanding
Information Value
This chapter provides a common vocabulary and a structured
approach to enable Victorian public sector organisations to
assess the value of their public sector data (referred to as official
information) by identifying the business impacts if official
information were compromised.
Chapter 2
Protective
Markings
This chapter provides guidance to Victorian public sector
organisations on protective markings (i.e. what protective
markings are available under the VPDSF and the basis for these).
Audience
This guide is intended for Victorian public sector organisations (including employees, contractors and
external parties) that are subject to the protective data security provisions under Part Four of Victoria’s
Privacy and Data Protection Act (2014).
V1.0
9
Information Security Guide
Scope
This security guide underpins the VPDSS Information security standards and supports the other
security standards across Governance and the domains of ICT, Personnel and Physical security.
Use of terms
Please refer to the VPDSF Glossary of Protective Data Security Terms for an outline of terms and
associated definitions.
10
V1.0
Information Security Guide
Chapter 1 – Understanding Information Value
Part 1 – Purpose
Everyone who works with official information has an obligation to respect the information that they
create, access and use, and are personally accountable for safeguarding information assets. In order to
do this, all persons need to have an understanding of the value of official information, and the security
measures designed to protect the confidentiality, integrity and availability of official information.
Valuing official information is the fundamental starting point for the development of a positive security
culture in the Victorian public sector. Proper valuation of official information means that the right
security precautions can be taken to protect it.
This chapter aims to assist organisations undertaking these activities by:
•
providing guidance about assessing official information using a consistent impact assessment tool
(taking the form of Business Impact Levels - BILs)
•
determining the overall value of official information
•
identifying the appropriate protective marking
•
understanding if additional security measures are required to protect official information (beyond
those informed by the protective marking)
•
contextualising the VPDSF BILs in line with the organisation’s specific operating requirements
Part 2 – Information Assessment Process
Who performs an information assessment?
When official information is created, the originator of this material is required to assess potential
business impacts if the information was compromised.
The originator is the person, or organisation, responsible for preparing / creating official information
or for actioning information generated outside the public sector (i.e. private industry).
This person, or organisation, is also responsible for deciding whether, and at what level, to value
information, by completing the information assessment process.
What is the Information Assessment Process (IAP)?
The IAP is a method to assess official information to determine the overall value of the content. The
assessment process involves three core stages:
1.
Identify official information
2. Consider potential impacts if the information was compromised
3. Understand the overall value of the information, in order to apply the appropriate security
measures
A visual representation of the full information assessment process is in Appendix A.
V1.0
11
Information Security Guide
INFORMATION ASSESSMENT PROCESS STAGES
1. Identify official
information
Official information means information (including personal
information) obtained, generated, received or held by or for a
Victorian public sector organisation for an official purpose or
supporting official activities.
This includes both hard and soft copy information, regardless of
media or format.
In contrast, unofficial information is any information that has no
relation to official activities, such as a personal correspondence.
Unofficial information does not need to undergo the assessment
process.
2. Consider potential
business impacts
C
CONFIDENTIALITY
In order to assess the potential business impact(s) from a
compromise to official information, consider the preservation of its
confidentiality, integrity and availability.
Confidentiality refers to the limiting of access to official information
to authorised persons for approved purposes. The confidentiality
requirement is determined by assessing the potential consequences
of unauthorised disclosure of official information and the level of its
sensitivity.
INTEGRITY
AVAILABILITY
I
A
The level of sensitivity:
1. refers to the degree to which, and the extent or duration of,
any impacts and related consequences to the confidentiality
of the information
2. informs the appropriate label (protective marking(s)1) for the
information
1
12
For more information on protective markings, refer to Chapter 2 of this security guide
V1.0
Information Security Guide
INFORMATION ASSESSMENT PROCESS STAGES
C
I
A
CONFIDENTIALITY
INTEGRITY
AVAILABILITY
Integrity refers to the assurance that official information has been
created, amended or deleted only by the intended authorised
means and is correct and valid.
Availability refers to allowing authorised persons to access official
information for authorised purposes at the time they need to do so.
The integrity and availability business impacts are determined by
assessing the potential consequences of unauthorised modification
or unavailability of the information and the level of its significance.
The level of significance:
1. refers to the degree to which, and the extent or duration of,
any impacts and related consequences to the integrity and/or
availability of the information
2. identifies the need for additional security measures to further
protect the information beyond those established by the
protective marking.
3. Understand overall
value and apply
security measures
The information assessment process delivers two equally important
outcomes:
•
the identification of the appropriate label (protective marking(s))
for official information, and
•
an understanding of the overall value of the information and
whether any additional security measures are needed to further
protect it. These additional security measures act as layered
protection for the information, beyond those established by the
protective marking
IAP Considerations
When assessing official information, organisations keep in mind the following:
Legislative requirements
governing the
information
Some forms of official information are governed by legislation that
restricts or prohibits disclosure of its content, imposes certain use and
handling requirements or restricts dissemination of the material.
Organisations should be aware of these obligations when assessing
official information in order to determine what Dissemination Limiting
Markers (DLMs) are appropriate for the content.
V1.0
13
Information Security Guide
Inappropriate use of
protective markings
Official information should only be protectively marked where there is a
clear and justifiable need to do so.
In no case should official information be protectively marked to:
•
hide violations of law, inefficiency or administrative error
•
prevent embarrassment to an individual, organisation or agency
•
restrain competition, or
•
prevent or delay the release of information that does not need
protection
The presence or absence of a protective marking does not affect a
document’s status under Freedom of Information (FOI) Act.
Prevent overclassification
It is important that information not requiring increased protection be
labelled as UNCLASSIFIED, or the appropriate DLMs.
Security classifications should only be used when potential
compromise of the confidentiality of the material warrants increased
protection.
Inappropriate over classification can result in:
Consider the aggregated
value of the information
•
access to official information being unnecessarily limited or delayed
•
overly onerous administration and procedural overheads, imposing
additional costs on the organisation
•
protective markings being devalued or ignored by personnel and
receiving parties.
Where multiple pieces of official information are stored together,
the overall value of this collective (aggregated) material should be
considered. This may include storing multiple protectively marked
records in a single file, or the storage of protectively marked material in
a folder on a shared network drive or USB.
The risks associated with this aggregated information may be higher
than any single instance or individual record, and may result in
additional security controls being needed to protect the combined
information assets.
Organisations should consider the aggregated value of their
information when selecting equipment, systems, facilities or services
for the protection of this information.
14
V1.0
Information Security Guide
Part 3 – State versus Commonwealth scheme
Different regulatory arrangements exist for the oversight and management of official information
across jurisdictions (i.e. State/Territory versus Commonwealth).
Under the VPDSF, Business Impact Levels (BILs) are used to assess official information. This approach
is consistent with Commonwealth Protective Security Policy Framework (PSPF) who also employs this
method.
By adopting a consistent assessment tool, Victorian public sector organisations are positioned to
effectively share information across jurisdictions without having to undergo complex mapping
exercises.
Prior to conducting an information assessment, organisations need to first consider which scheme
they are to apply. Ask yourself; does this information have the potential to affect national interest2?
A visual representation of this consideration is provided in Figure 2, along with a brief description of
the two complementary schemes (VPDSF and PSPF).
State vs Commonwealth scheme
VICTORIAN
PROTECTIVE
DATA SECURITY
FRAMEWORK
Does the information
have the potential to
affect national interest?
NO
YES
Protective security governance guidelines
Business impact levels
Approved November 2014
JUNE 2016
Amended April 2015
Refer to the Victorian
Protective Data Security
Framework (VPDSF)
Refer to the Protective
Security Policy
Framework (PSPF)
Version 2.1
Figure 2 – Does the information have the potential to affect National Interest?
VPDSF (State) vs. PSPF (Commonwealth) BILs
State
The VPDSF BIL table has been developed to provide a basis for Victorian
public sector organisations to assess official information that has the potential
to affect State Government operations or interests, entities and persons within
Victoria.
The full VPDSF BIL table contained in Appendix B, provides organisations
standardised impact categories and consequences levels to use to assess
official information.
2
V1.0
Refer to VPDSF Glossary of Protective Data Security Terms for National interest definition
15
Information Security Guide
Commonwealth
A limited number of Victorian organisations will create, use or receive
information that could impact on Australia’s national interest.
Where information is assessed as having the potential to impact national
interest, organisations are to adhere to the requirements set out in the PSPF
(Protective security governance guidelines – Business Impact Levels) for this
material.
The PSPF provides its own BIL table with its own set of definitions,
consequences and impact categories. For more information of the PSPF, refer
the PSPF website at www.protectivesecurity.gov.au
16
V1.0
Information Security Guide
Part 4 – Business Impact Levels (BILs)
In order to undertake the information assessment process, organisations are to use valuation criteria
called Business Impact Levels (BILs) to determine the value of official information.
What are Business Impact Levels (BILs)?
BILs are numerical measures of scaled consequences, identifying the potential impact arising from
a compromise to the confidentiality, integrity or availability of official information.
A sample representation of the VPDSF BIL table is provided below.
IMPACT CATEGORY
Main impact category listed here…
Impact Levels
NEGLIGIBLE
0
LOW–MEDIUM
1
HIGH
2
VERY HIGH
3
EXTREME
4
BIL 0 impact descriptor
listed here
BIL 1 impact
descriptor listed here
BIL 2 impact
descriptor listed here
BIL 3 impact descriptor
listed here
BIL 4 impact
descriptor listed here
BIL 0 standardised
consequence
statement
BIL 1 standardised
consequence
statement
BIL 2 standardised
consequence
statement
BIL 3 standardised
consequence
statement
BIL 4 standardised
consequence
statement
SUB IMPACT CATEGORY
Sub impact category
listed here
CONSEQUENCES
Why use BILs?
BILs help organisations assess and communicate the consequence(s) of particular information impacts
with linked agencies, business partners, external parties and providers.
By assessing official information in a standardised manner, Victorian public sector organisations are
able to consider and collaboratively manage information risks and provide a solid foundation for
secure information sharing practices.
The ability to share information using commonly understood terms allows for informed negotiation
between organisations over the risk controls or mitigations that should be employed.
Throughout the information lifecycle, organisations are to use the impact criteria in the BILs table
to assess official information.
What is the VPDSF BIL table?
The VPDSF BIL table (Appendix B) provides:
V1.0
•
five scaled impact levels (starting at zero and scaling through to a maximum of four)
•
impact categories (grouped ‘like’ impact types listed down the table)
•
consequence statements across each of the levels.
17
Information Security Guide
Part 5 – How to read the BIL table
Impact levels
An impact level refers to the severity of the potential consequences and the degree to which a
compromise to the official information is likely to cause harm or render damage. As potential
consequences increase in severity, the impact levels rise.
NEGLIGIBLE
LOW – MEDIUM
HIGH
VERY HIGH
EXTREME
Impacts categories
In the VPDSF BIL table consequences bearing ‘like attributes’ are grouped into ‘impact categories’.
Examples of impact categories include:
Economy & Finance
Legal & Regulatory
Personal
Public Services
Public Order, Public Safety & Law Enforcement
Consequences
The VPDSF BIL table presents standardised consequence statements for State Government operations
or interests, entities and persons within Victoria.
These consequences include examples of adverse effects or results if official information were
compromised or lost.
18
V1.0
Information Security Guide
Part 6 – Contextualising the VPDSF BIL table for your
organisation
Victorian public sector organisations are expected to use the VPDSF BIL table (Appendix B) to assess
the impacts resulting from a compromise to the confidentiality, integrity and availability of official
information.
The VPDSF BIL table does not require adjustment, as pre-defined consequence statements and
impact levels provide a standardised model for Victorian public sector organisations to utilise.
The fixed nature of these statements is critical to ensuring organisations use consistent valuation
criteria when assessing official information, and in turn, communicating its sensitivities3 and
significance4 in a standardised manner.
Rather, Victorian organisations are required to consider the standardised consequence statements
in the context of their specific operating requirements. This may be based on their functions, size,
resources or information assets.
By doing so, the BILs can assist organisations can properly identify the true impacts and implications
to their business, should a compromise to the confidentiality, integrity or availability of official
information occur.
External parties with access (direct or indirect) to official information should also refer to the VPDSF
BIL table of the engaging Victorian public sector organisation, to ensure consistency when conducting
an information assessment.
Example 1 – Economy and Finance impact category
V1.0
Impact category of ‘Economy and Finance’ and sub impact category of ‘Organisations operating
budget’: B – VPDSF Business Impact Level (BIL) Table
Appendix
IMPACT CATEGORY
ECONOMY AND FINANCE
Impact Levels
NEGLIGIBLE
SUB IMPACT CATEGORY
Organisation’s
operating budget
(impact on public
finances)
0
LOW–MEDIUM
1
HIGH
2
VERY HIGH
3
EXTREME
4
Compromise of the
information could
be expected to
cause insignificant
harm/damage to
government operations,
organisations and
individuals
Compromise of the
information could
be expected to
cause limited harm/
damage government
operations,
organisations and
individuals
Compromise of the
information could be
expected to cause
major harm/damage
to government
operations,
organisations and
individuals
Compromise of the
information could be
expected to cause
significant harm/
damage to government
operations,
organisations and
individuals
Compromise of the
information could be
expected to cause
serious harm/damage
to government
operations,
organisations and
individuals
Resulting in
insignificant loss of
< 1% of organisation’s
annual operating
budget
Resulting in limited
loss of > 1% – 10% of
organisation’s annual
operating budget
Resulting in major
loss of > 10% – 15% of
organisation’s annual
operating budget
Resulting in significant
loss of > 15% – 20% of
organisation’s annual
operating budget
Resulting in serious
loss of ≥ 20% of
organisation’s annual
operating budget
CONSEQUENCES
Non-public finances
None
Resulting in major
financial hardship
to an individual or
consequence
business
Resulting in significant
financial hardship
to an individualscaling
or
statements,
business
Resulting in serious
financial hardship
to an individual or
from
business
The VPDSF BIL table presents
CONSEQUENCES
‘insignificant’ through to ‘serious’ loss. Each descriptor is accompanied by a percentage (%),
quantifying scaled business impacts for a loss to the organisations annual operating budget.
A certain percentage loss will have different implications for different organisations – i.e. losing >1% –
10% of a small organisations annual operating budget would have a very different effect to that of
a larger organisation which may be able to absorb the impact better.
29
3
4
V1.0
Refer to VPDSF Glossary of Protective Data Security Terms for sensitivity definition
Refer to VPDSF Glossary of Protective Data Security Terms for significance definition
19
Information Security Guide
Resulting in limited
financial hardship
to an individual
or
standardised
financial
business
Information Security Guide
In order for an organisation to consider the standardised consequences in the context of their specific
operating requirements, they need to first consider their overall operating budget.
For example, the operating budget of agency X is $4,000,000. Using the VPDSF BIL table, agency X
would interchange the VPDSF BIL percentages with their commensurate financial amount for that
impact level, drawn from the organisations annual operating budget.
The below statements have been contextualised, based on agency X’s $4,000,000 annual operating
budget:
Resulting in an
insignificant
loss of less
than $40,000
of the
organisations
annual
operating
budget
Resulting in
a major loss
of $400,000
– $600,0000
of the
organisations
annual
operating
budget
Resulting in
a limited loss
of $40,000
– $400,000
of the
organisations
annual
operating
budget
Resulting in a
serious loss
of more than
$800,000
of the
organisations
annual
operating
budget
Resulting in a
significant loss
of $600,000
– $800,000
of the
organisations
annual
operating
budget
Example 2 – Legal and Regulatory impact category
IMPACT CATEGORY
LEGAL AND REGULATORY
Impact Levels
NEGLIGIBLE
SUB IMPACT CATEGORY
Legal/compliance
(including applicable
legislation and
agreements or
contracts)
E.g. Non-compliance
with legislation,
commercial
confidentiality and
legal privilege
CONSEQUENCES
0
LOW–MEDIUM
1
Compromise of the
information could
be expected to
cause insignificant
harm/damage to
government operations,
organisations and
individuals
Compromise of the
information could
be expected to
cause limited harm/
damage government
operations,
organisations and
individuals
No compliance issue
or breach
Resulting in limited:
HIGH
2
3
Compromise of the
information could be
expected to cause
significant harm/
damage to government
operations,
organisations and
individuals
Resulting in major:
Resulting in
significant:
•
legal issues
•
legal issues
•
non-compliance
with contracts or
agreements
•
non-compliance
with contracts or
agreements
failure of statutory
duty
•
•
breaches
•
breaches
•
misconduct
investigation
managed
internally
•
misconduct
investigation
managed either
internally or
externally
•
VERY HIGH
Compromise of the
information could be
expected to cause
major harm/damage
to government
operations,
organisations and
individuals
failure of statutory
duty
EXTREME
4
Compromise of the
information could be
expected to cause
serious harm/damage
to government
operations,
organisations and
individuals
Resulting in serious:
•
legal issues
•
legal issues
•
•
non-compliance
with contracts or
agreements
non-compliance
with contracts or
agreements
•
•
failure of statutory
duty
failure of statutory
duty
•
breaches
•
breaches
•
•
misconduct
investigation
managed either
internally or
externally
misconduct
investigation
managed either
internally or
externally
V1.0
20
V1.0
Information Security Guide
30
Impact category
of Business
‘Legal and
Regulatory’
andTable
sub impact category of ‘Legal/Compliance’:
Appendix
B – VPDSF
Impact
Level (BIL)
Information Security Guide
The VPDSF BIL table presents standardised legal and regulatory consequence statements, scaling
from ‘insignificant’ through to ‘serious’.
Under the Legal/Compliance sub impact category, the consequence statements represent
standardised legal or compliance business impacts that may result from a compromise to the
confidentiality, integrity and availability of official information. These consequences could include
non-compliance with legislation, commercial confidentiality and legal professional privilege.
The complex legal and regulatory landscape in which Victorian organisations operate, mean they
are required to observe a range of compliance requirements. These requirements will differ from
organisation to organisation (e.g. ‘small and simple’ to ‘large and complex’), and are significantly
influenced by the requirements of the legislation they administer.
In order for an organisation to understand how to apply the standardised consequences from the
VPDSF BIL table, they first need to consider the legal and regulatory environment in which they
operate.
For example, compliance obligations for a single entity may include:
•
Public Administration Act (2004)
•
Public Records Act (1973)
•
Financial Management Act (1994)
•
Privacy and Data Protection Act (2014)
•
Freedom of Information Act (1982)
•
Local operating agreements, arrangements or contracts
Understanding these obligations, help an organisation to contextualise the consequence statements
and define ‘insignificant, limited, major, significant and serious’ impacts in relation to their own
operating environment.
V1.0
21
Information Security Guide
Part 7 – Working examples
The following section sets out two working examples where organisations conduct an information
assessment using the VPDSF BIL table to determine the overall value of official information.
These are only sample representations of how to conduct an information assessment.
Organisations should consider the legislative and regulatory environment in which they operate as this
may also influence the assessment of any official information, and subsequent application of security
measures needed to protect this material.
EXAMPLE 1 – COMMISSIONER FOR PRIVACY AND DATA PROTECTION (CPDP)
The Commissioner for Privacy and Data Protection (CPDP)
conducts a security review on a potential breach of official
information from a government agency.
The team create a file note summarising the breach and need to
determine:
If the information requires a protective marking, and
Whether any additional security measures are required to further
protect this information, beyond those established by the protective
marking.
Information assessment process
The team conducts an initial assessment to consider what are
the potential impacts if the confidentiality of the information was
compromised. This assessment will help determine the relevant
impact level for this stage.
C
I
A
CONFIDENTIALITY
INTEGRITY
AVAILABILITY
After assessing each of the consequence statements in the BIL
table, multiple outcomes are identified.
These outcomes determined that the information must remain
confidential as unauthorised access could be expected to cause
major harm/damage to government operations, organisations and
individuals).
Potential consequences included major:
22
•
legal and compliance implications (non-compliance with
secrecy provisions in legislation)
•
harm to an individuals safety or liberty resulting in compromise
of person
•
reputational damage, including generating broad public
concern, mainstream media reports and negative publicity
•
damage to crime fighting including impeding the investigation
of an indictable offence
V1.0
Information Security Guide
EXAMPLE 1 – COMMISSIONER FOR PRIVACY AND DATA PROTECTION (CPDP)
Confidentiality result:
Using this example, a compromise to the confidentiality of the
official information was assessed as a business impact level of 2.
Confidentiality consequences at this level, correspond with a
security classification of ‘PROTECTED’. Depending on the content,
the information may also require Dissemination Limiting Markers
(DLMs)5.
C
I
A
CONFIDENTIALITY
INTEGRITY
AVAILABILITY
The team then conducts a secondary, layered assessment of the
same information to consider what potential impacts could occur
if the integrity or availability of the material was compromised. This
secondary assessment will help determine the relevant impact level
for this stage.
After assessing each of the consequence statements in the
BIL table, limited outcomes were identified. These outcomes
were based on the need for the team to readily access accurate
information.
Potential consequences included limited:
Integrity and
Availability result:
•
damage to an organisation’s assets
•
degradation or cessation of non-critical (essential or important)
business operations, systems or services, to an extent that
while the organisation can perform its primary functions, the
efficiency and effectiveness of the functions is noticeably
reduced or impeded.
In this example the secondary, layered assessment for integrity and
availability identified an impact level (BIL of 1).
As this BIL is lower than the level identified under the initial
‘confidentiality’ assessment, additional security measures do not
need to be considered in this instance.
Security controls that accompany a security classification of
PROTECTED should be employed to secure this official information.
Note: The secondary assessment does not alter the protective
marking.
5
5
V1.0
Refer to Chapter 2 of this security guide for more information on Dissemination Limiting Markers (DLMs) and the legislative
basis for particular markings
23
Information Security Guide
6
EXAMPLE 1 – OVERALL VALUE
In this working example, the overall value of the information was
determined to be a BIL of 2.
This is based on the selection of the highest overall BIL from both
stages of the assessment (confidentiality, integrity and availability):
•
confidentiality assessed at a BIL of 2
•
integrity and availability assessed at a BIL of 1
This means that the information requires a security classification of
PROTECTED with accompanying information, personnel, ICT and
physical security controls being needed to protect the material.
The team also need to be mindful of any legislative obligations
surrounding the information, and the application of Dissemination
Limiting Markers (DLMs)6 to signify this.
EXAMPLE 2 – COUNTRY FIRE AUTHORITY (CFA)
The Country Fire Authority (CFA) regularly publishes important
information on their website notifying members of the community
about fire warnings, incidents and planned burns.
The CFA team are looking to publish updated material about a fire
warning on their website, however prior to doing this they need to
determine:
1. If the information requires a protective marking, and
2. Whether any additional security measures are required to
further protect this information, beyond those established by
the protective marking.
Information assessment process
The team conduct an initial assessment to consider what are the
potential impacts, if the confidentiality of the information was
compromised. This assessment will help determine the relevant
impact level for this stage.
A
C
I
CONFIDENTIALITY
INTEGRITY
AVAILABILITY
After assessing each of the consequence statements in the BIL
table, limited outcomes were determined.
These potential consequences identified that unauthorised release
of the material could be expected to cause insignificant harm/
damage
to government operations, organisations and individuals resulting in
a BIL of 0.
6
24
Refer to Chapter 2 (Protective Markings) of this document for further information
V1.0
Information Security Guide
EXAMPLE 2 – COUNTRY FIRE AUTHORITY (CFA)
Additional considerations include:
Confidentiality result:
•
authorising environment of the agency, which had approved the
content for public release (authorisation)
•
the information was initially created/designed for members of
the public to consume (purpose), and
•
the agency (CFA) need to ensure all persons (public and VPS)
have unrestricted access to the information presented on their
corporate website (intent)
In this example, a compromise to the confidentiality of the official
information was assessed as a BIL of 0.
Confidentiality consequences at this level, do not require a security
classification. Information assessed at this level is considered
‘Unclassified’ and may be suitable as Public Domain if authorised by
the CFA for unlimited public release.
C
I
A
CONFIDENTIALITY
INTEGRITY
AVAILABILITY
The team then conduct a secondary, layered assessment to
consider what potential impacts could occur if the integrity or
availability of the same information was compromised. This
assessment will help determine the relevant impact level for this
stage.
After assessing each of the consequence statements in the BIL
table, multiple outcomes were identified. These outcomes took into
account the need for individuals to readily access up-to-date and
accurate information from the CFA website.
Potential consequences included major:
V1.0
•
compromise of individuals personal safety and wellbeing if
incorrect or out-dated information were provided on the CFA
website during an emergency period (integrity concerns)
•
unrest or instability across the public sector and/or broader
community if people consume altered or falsified information
from the CFA website (integrity concerns)
•
members of the public unable to access critical fire warnings
or incident information from the website during an emergency
period, leading to the compromise of individuals personal safety
and wellbeing (availability concerns)
•
lack of capacity to operate and deliver essential and/or
emergency services, etc. (availability concerns)
•
reputational damage to the agency (CFA) if the corporate
website is unavailable (availability concerns)
25
Information Security Guide
EXAMPLE 2 – COUNTRY FIRE AUTHORITY (CFA)
Integrity and
Availability result:
In this example the secondary, layered assessment for integrity and
availability identified a BIL of 2.
As this BIL is higher than the BIL identified in the initial
‘confidentiality’ assessment, additional security measures need to be
considered by the CFA to protect the information on their website.
These heightened security measures need to be considered as the
controls for UNCLASSIFIED material do not offer suitable security
for the heightened integrity and availability needs associated with
the information.
Note: The secondary assessment does not alter the protective
marking.
EXAMPLE 2 – OVERALL VALUE
In this working example, the overall value of the information was
determined to be a BIL of 2. This is based on a selection of the
highest overall BIL from an assessment of the confidentiality,
integrity and availability of the material:
•
confidentiality assessed at a BIL of Zero (0)
•
integrity and availability assessed at a BIL of 2.
This means that the information does not require a protective
marking as it has been assessed as Unclassified.
As the information has no confidentiality restrictions, the publishing
team at CFA may seek internal authorisation to publicly release
this content (i.e. suitable for the Public Domain) on their corporate
website. They would also then work with their security team to
input appropriate controls to ensure the continued integrity and
availability of this content when published on the website.
This example highlights that a layered assessment is valuable in
helping identify where additional security measures (ICT, personnel
and physical security controls) may be required to further protect
the information. These security measures are beyond those
identified by the protective marking of the information.
26
V1.0
Information Security Guide
Part 8 – Continuous information assessment
Organisations should consciously consider the lifecycle of official information and the effect that this
may have on any initial value assessments. This may be due to changes to:
V1.0
•
the importance of the information
•
age of the information
•
currency of the information
•
amount of information contained in a particular information asset (i.e. if content is added to or
removed, the overall value of the information may change)
•
aggregation of information (e.g. when data is combined with other data sets)
•
information owners and owning organisations (e.g. internal organisational restructures or
machinery of government activities)
•
information usage (e.g. the purpose for the information collection, methods of use)
•
internal or external circumstances that may result in a requirement to upgrade or downgrade the
overall value of the information.
27
Information Security Guide
Chapter 1 Appendix – Understanding Information Value7
Appendix A – Visual representation of the information assessment process
STAGE 1
INFORMATION ASSESSMENT PROCESS
IDENTIFY
OFFICIAL
INFORMATION
CONSIDER
IMPACTS
START
Identify official information
Using the VPDSF BIL table7, assess the potential consequences resulting from a
compromise to the confidentiality, integrity and/or availability of the information
C
I
A
CONFIDENTIALITY
INTEGRITY
AVAILABILITY
Identify the highest consequences from the VPDSF BIL table, selecting the
impact levels relating to a compromise of the confidentiality, integrity and
availability of the information
STAGE 2
NEGLIGIBLE
LOW – MEDIUM
HIGH
VERY HIGH
EXTREME
COMPROMISE TO
CONFIDENTIALITY
UNCLASSIFIED
(No DLM)
UNCLASSIFIED
(Bearing a DLM)
PROTECTED
SECRET
CONFIDENTIAL
PUBLIC DOMAIN
(If authorised for
limited public release)
Organisations must also
consider if disclosure of this
information is limited or
prohibited by legislation, or
where special handling is
required and dissemination of
the information needs to be
controlled. If so, the relevant
DLM will need to be applied.
Determine if the information requires a protective marking
Security Classification | Dissemination Limiting Marker (DLM) | Caveats
COMPROMISE
TO INTEGRITY
& AVAILABLITY
If the secondary, layered assessment arrives at a higher impact level than the
one identified under the initial confidentiality assessment, additional security
measures may need to be applied.
The secondary assessment
(Integrity & Availability) does
not adjust the outcome of
the initial confidentiality
assessment. The protective
marking remains the same.
STAGE 3
Additional security measures can take the form of ICT, Personnel and/or
Physical security controls to further protect the information from a compromise
of its integrity and/or availability.
7
28
OVERALL
VALUE
Confidentiality
+
Integrity & Availability
=
Apply security measures based on
the overall value of the information
Refer to Chapter 1 (Understanding Information Value), Appendix B (VPDSF BIL table) of this security guide for more information
V1.0
V1.0
CONSEQUENCES
Non-public finances
CONSEQUENCES
Organisation’s
operating budget
(impact on public
finances)
SUB IMPACT CATEGORY
IMPACT CATEGORY
0
None
Resulting in
insignificant loss of
< 1% of organisation’s
annual operating
budget
Compromise of the
information could
be expected to
cause insignificant
harm/damage to
government operations,
organisations and
individuals
NEGLIGIBLE
Resulting in limited
financial hardship
to an individual or
business
Resulting in major
financial hardship
to an individual or
business
Resulting in significant
financial hardship
to an individual or
business
Resulting in serious
financial hardship
to an individual or
business
Resulting in serious
loss of ≥ 20% of
organisation’s annual
operating budget
4
Resulting in significant
loss of > 15% – 20% of
organisation’s annual
operating budget
EXTREME
Resulting in major
loss of > 10% – 15% of
organisation’s annual
operating budget
3
Resulting in limited
loss of > 1% – 10% of
organisation’s annual
operating budget
VERY HIGH
Compromise of the
information could be
expected to cause
serious harm/damage
to government
operations,
organisations and
individuals
2
Compromise of the
information could be
expected to cause
significant harm/
damage to government
operations,
organisations and
individuals
HIGH
Compromise of the
information could be
expected to cause
major harm/damage
to government
operations,
organisations and
individuals
1
Impact Levels
Compromise of the
information could
be expected to
cause limited harm/
damage government
operations,
organisations and
individuals
LOW–MEDIUM
ECONOMY AND FINANCE
Appendix B – VPDSF Business Impact Level (BIL) Table
Information Security Guide
29
30
CONSEQUENCES
E.g. Non-compliance
with legislation,
commercial
confidentiality and
legal privilege
Legal/compliance
(including applicable
legislation and
agreements or
contracts)
SUB IMPACT CATEGORY
IMPACT CATEGORY
0
No compliance issue
or breach
Compromise of the
information could
be expected to
cause insignificant
harm/damage to
government operations,
organisations and
individuals
NEGLIGIBLE
legal issues
•
•
•
•
•
legal issues
non-compliance
with contracts or
agreements
failure of statutory
duty
breaches
misconduct
investigation
managed
internally
•
•
•
•
•
misconduct
investigation
managed either
internally or
externally
breaches
failure of statutory
duty
non-compliance
with contracts or
agreements
Resulting in major:
2
Resulting in limited:
HIGH
Compromise of the
information could be
expected to cause
major harm/damage
to government
operations,
organisations and
individuals
1
Impact Levels
Compromise of the
information could
be expected to
cause limited harm/
damage government
operations,
organisations and
individuals
LOW–MEDIUM
LEGAL AND REGULATORY
Appendix B – VPDSF Business Impact Level (BIL) Table
3
legal issues
non-compliance
with contracts or
agreements
failure of statutory
duty
breaches
misconduct
investigation
managed either
internally or
externally
•
•
•
•
•
Resulting in
significant:
Compromise of the
information could be
expected to cause
significant harm/
damage to government
operations,
organisations and
individuals
VERY HIGH
4
•
•
•
•
•
misconduct
investigation
managed either
internally or
externally
breaches
failure of statutory
duty
non-compliance
with contracts or
agreements
legal issues
Resulting in serious:
Compromise of the
information could be
expected to cause
serious harm/damage
to government
operations,
organisations and
individuals
EXTREME
Information Security Guide
V1.0
V1.0
CONSEQUENCES
Injury
(impact on personal
safety, distress,
embarrassment,
identity, etc.)
SUB IMPACT CATEGORY
IMPACT CATEGORY
0
Resulting in
insignificant harm to
individual’s safety or
liberty
Compromise of the
information could
be expected to
cause insignificant
harm/damage to
government operations,
organisations and
individuals
NEGLIGIBLE
PERSONAL
Resulting in major
harm to individual’s
safety or liberty
involving:
compromise of
person
distress/
embarrassment of
high profile person
irreversible or life
threatening injury
direct threat to
life/loss of life/
fatality
•
•
•
•
compromise of
person
distress/
embarrassment
injury (non life
threatening)
•
•
•
2
Resulting in limited
harm to individual’s
safety or liberty
involving:
HIGH
Compromise of the
information could be
expected to cause
major harm/damage
to government
operations,
organisations and
individuals
1
Impact Levels
Compromise of the
information could
be expected to
cause limited harm/
damage government
operations,
organisations and
individuals
LOW–MEDIUM
Appendix B – VPDSF Business Impact Level (BIL) Table
3
a high profile
individual(s), or
mass gatherings of
individuals
‘High profile’ – i.e. VIPs,
undercover identities,
Ministers etc.
‘Mass gatherings’ – i.e.
major events, religious
congregations/assemblies,
forums, seminars
•
Resulting in significant
harm – loss of life/
fatality involving:
•
Resulting in significant
harm to individual’s
safety or liberty
involving:
Compromise of the
information could be
expected to cause
significant harm/
damage to government
operations,
organisations and
individuals
VERY HIGH
4
widespread loss of
life within Victoria
•
‘High profile’ – i.e.
VIPs, undercover
identities, Ministers
etc.
of a high profile
individual engaged
in critical activities
affecting the
operation of
Victoria
•
Resulting in serious
harm – loss of life/
fatality:
Compromise of the
information could be
expected to cause
serious harm/damage
to government
operations,
organisations and
individuals
EXTREME
Information Security Guide
31
32
CONSEQUENCES
Reputation,
confidence and
utilisation of services
(impact on party’s
standing or reputation
including confidence
in government)
SUB IMPACT CATEGORY
IMPACT CATEGORY
0
(no) public
concern
attention from a
stakeholder with
no publicity
routine internal
reporting
•
•
•
Resulting in
insignificant:
Compromise of the
information could
be expected to
cause insignificant
harm/damage to
government operations,
organisations and
individuals
NEGLIGIBLE
PUBLIC SERVICES
loss of public
confidence
and trust in
organisation
external inquiry
e.g. inquest,
Parliamentary
inquiry or Royal
Commission
mainstream media
reports/negative
publicity
intervention of
CEO/Secretary
•
•
•
•
embarrassment
loss of confidence
in internal
business unit/
group
localised media
interest/negative
publicity
specific internal
reporting
staff/executive
suspensions
•
•
•
•
•
•
reputational
damage
reputational
damage
reputational
damage
loss of public
confidence
and trust in
organisation
external inquiry
e.g. inquest,
Parliamentary
Inquiry or Royal
Commission
mainstream media
reports/negative
publicity
•
•
•
•
broad public
concern
•
•
broad public
concern
dissatisfaction
from public
•
•
Resulting in
significant:
3
Resulting in major:
VERY HIGH
Resulting in limited:
2
Compromise of the
information could be
expected to cause
significant harm/
damage to government
operations,
organisations and
individuals
HIGH
Compromise of the
information could be
expected to cause
major harm/damage
to government
operations,
organisations and
individuals
1
Impact Levels
Compromise of the
information could
be expected to
cause limited harm/
damage government
operations,
organisations and
individuals
LOW–MEDIUM
Appendix B – VPDSF Business Impact Level (BIL) Table
4
•
•
•
•
•
•
intervention of
CEO/Secretary
mainstream media
reports/negative
publicity
external inquiry
e.g. inquest,
Parliamentary
Inquiry or Royal
Commission
loss of public
confidence
and trust in
organisation
reputational
damage
broad public
concern
Resulting in serious:
Compromise of the
information could be
expected to cause
serious harm/damage
to government
operations,
organisations and
individuals
EXTREME
Information Security Guide
V1.0
V1.0
CONSEQUENCES
Impact on companies
operating in Victoria
CONSEQUENCES
Reputation,
confidence and
utilisation of services
continues…
SUB IMPACT CATEGORY
IMPACT CATEGORY
0
None
Compromise of the
information could
be expected to
cause insignificant
harm/damage to
government operations,
organisations and
individuals
NEGLIGIBLE
1
new internal
oversight
measures
Resulting in limited
damage to the
financial viability of,
or disadvantaging, a
Victorian operated
company
•
Compromise of the
information could
be expected to
cause limited harm/
damage government
operations,
organisations and
individuals
LOW–MEDIUM
PUBLIC SERVICES (CONTINUED…)
Appendix B – VPDSF Business Impact Level (BIL) Table
2
3
new external
oversight measures
•
Resulting in major
damage to the
financial viability of,
or disadvantaging,
Victorian operated
company(ies)
political
resignations
•
new external
oversight
measures
•
Resulting in significant
damage to the
financial viability of,
or disadvantaging,
Victorian operated
company(ies)
staff/executive
terminations
•
political
resignations
•
persistent
questions in
Parliament
•
staff/executive
terminations
•
intervention of
CEO/Secretary
•
persistent
questions in
Parliament
Compromise of the
information could be
expected to cause
significant harm/
damage to government
operations,
organisations and
individuals
VERY HIGH
•
Compromise of the
information could be
expected to cause
major harm/damage
to government
operations,
organisations and
individuals
HIGH
Impact Levels
4
new external
oversight
measures
political
resignations
staff/executive
terminations
persistent
questions in
Parliament
Resulting in serious
damage to the
financial viability of,
or disadvantaging,
Victorian operated
company(ies)
•
•
•
•
Compromise of the
information could be
expected to cause
serious harm/damage
to government
operations,
organisations and
individuals
EXTREME
Information Security Guide
33
34
CONSEQUENCES
Service delivery
(impact on capacity
to operate, deliver
services or programs,
cause inconvenience
or inability to
consume public
service)
CONSEQUENCES
Impact on an
organisation’s
material or physical
assets (beyond
financial impact)
SUB IMPACT CATEGORY
IMPACT CATEGORY
0
Resulting in no or
insignificant threat
to, or disruption of
business operations,
systems or service
delivery
Resulting in
insignificant damage
to an organisation’s
assets
Compromise of the
information could
be expected to
cause insignificant
harm/damage to
government operations,
organisations and
individuals
NEGLIGIBLE
Resulting in limited
degradation or
cessation of non-critical
(essential or important)
business operations,
systems or services,
to an extent that while
the organisation can
perform its primary
functions, the efficiency
and effectiveness of the
functions is noticeably
reduced or impeded
Resulting in major
degradation or
cessation of
critical (essential or
important) business
operations, systems or
services, to an extent
that the organisation
cannot perform one
or more of its primary
functions, impeding
operations
Resulting in significant
degradation or
cessation of
critical (essential or
important) business
operations, systems or
services, to an extent
that the organisation
cannot perform one
or more of its primary
functions, impeding
operations
Resulting in serious
degradation or
cessation of
critical (essential or
important) business
operations, systems or
services, to an extent
that the organisation
cannot perform one
or more of its primary
functions, impeding
operations
Resulting in serious
damage to an
organisation’s assets
4
Resulting in significant
damage to an
organisation’s assets
EXTREME
Resulting in major
damage to an
organisation’s assets
3
Resulting in limited
damage to an
organisation’s assets
VERY HIGH
Compromise of the
information could be
expected to cause
serious harm/damage
to government
operations,
organisations and
individuals
2
Compromise of the
information could be
expected to cause
significant harm/
damage to government
operations,
organisations and
individuals
HIGH
Compromise of the
information could be
expected to cause
major harm/damage
to government
operations,
organisations and
individuals
1
Impact Levels
Compromise of the
information could
be expected to
cause limited harm/
damage government
operations,
organisations and
individuals
LOW–MEDIUM
PUBLIC SERVICES (CONTINUED…)
Appendix B – VPDSF Business Impact Level (BIL) Table
Information Security Guide
V1.0
V1.0
CONSEQUENCES
Relationships with
other governments
(including
Commonwealth,
state or territory, or
international)
SUB IMPACT CATEGORY
IMPACT CATEGORY
0
Resulting in no
damage to relations
between the Victorian
Government and other
governments
Compromise of the
information could
be expected to
cause insignificant
harm/damage to
government operations,
organisations and
individuals
NEGLIGIBLE
Resulting in serious
damage to relations
between the Victorian
Government and
other governments
4
Resulting in significant
damage to relations
between the Victorian
Government and
other governments
EXTREME
Resulting in major
damage to relations
between the Victorian
Government and
other governments
3
Resulting in limited
damage to relations
between the Victorian
Government and
other governments
VERY HIGH
Compromise of the
information could be
expected to cause
serious harm/damage
to government
operations,
organisations and
individuals
2
Compromise of the
information could be
expected to cause
significant harm/
damage to government
operations,
organisations and
individuals
HIGH
Compromise of the
information could be
expected to cause
major harm/damage
to government
operations,
organisations and
individuals
1
Impact Levels
Compromise of the
information could
be expected to
cause limited harm/
damage government
operations,
organisations and
individuals
LOW–MEDIUM
PUBLIC SERVICES (CONTINUED…)
Appendix B – VPDSF Business Impact Level (BIL) Table
Information Security Guide
35
36
CONSEQUENCES
Provision of
emergency services
SUB IMPACT CATEGORY
IMPACT CATEGORY
0
None
Compromise of the
information could
be expected to
cause insignificant
harm/damage to
government operations,
organisations and
individuals
NEGLIGIBLE
1
Resulting in limited
disruption to
emergency service
activities requiring
reprioritisation at the
local levels to meet
expected levels of
service
Compromise of the
information could
be expected to
cause limited harm/
damage government
operations,
organisations and
individuals
LOW–MEDIUM
Resulting in serious
disruption to
emergency service
activities requiring
reprioritisation at the
State or national levels
to meet expected
levels of service
4
Resulting in significant
disruption to
emergency service
activities requiring
reprioritisation at the
State or national levels
to meet expected
levels of service
EXTREME
Resulting in major
disruption to
emergency service
activities requiring
reprioritisation at the
State level to meet
expected levels of
service
3
Compromise of the
information could be
expected to cause
serious harm/damage
to government
operations,
organisations and
individuals
VERY HIGH
Compromise of the
information could be
expected to cause
significant harm/
damage to government
operations,
organisations and
individuals
2
Compromise of the
information could be
expected to cause
major harm/damage
to government
operations,
organisations and
individuals
HIGH
Impact Levels
PUBLIC ORDER, PUBLIC SAFETY AND LAW ENFORCEMENT
Appendix B – VPDSF Business Impact Level (BIL) Table
Information Security Guide
V1.0
V1.0
CONSEQUENCES
Crime fighting
SUB IMPACT CATEGORY
IMPACT CATEGORY
0
Resulting in
insignificant damage
to crime fighting
Compromise of the
information could
be expected to
cause insignificant
harm/damage to
government operations,
organisations and
individuals
NEGLIGIBLE
•
•
•
hindering the
detection of,
impeding the
investigation, or
facilitating the
commission of a
summary offence
•
•
•
facilitating the
commission of an
indictable offence
impeding the
investigation, or
hindering the
detection of,
Resulting in major
damage to crime
fighting including:
2
Resulting in limited
damage to crime
fighting including:
HIGH
Compromise of the
information could be
expected to cause
major harm/damage
to government
operations,
organisations and
individuals
1
Compromise of the
information could
be expected to
cause limited harm/
damage government
operations,
organisations and
individuals
LOW–MEDIUM
Impact Levels
3
facilitating the
commission of a
serious indictable
offence
impeding the
investigation, or
hindering the
detection of,
* indictable offences
including but not
limited to ‘organised
crime’ offences
•
•
•
Resulting in significant
damage to crime
fighting including:
Compromise of the
information could be
expected to cause
significant harm/
damage to government
operations,
organisations and
individuals
VERY HIGH
PUBLIC ORDER, PUBLIC SAFETY AND LAW ENFORCEMENT (CONTINUED…)
Appendix B – VPDSF Business Impact Level (BIL) Table
4
facilitating the
commission of a
serious indictable
offence
impeding the
investigation, or
hindering the
detection of,
* indictable offences
including but not
limited to serious
‘organised crime’
offences across
jurisdictions, terrorist
activities, etc.
•
•
•
Resulting in serious
damage to crime
fighting including:
Compromise of the
information could be
expected to cause
serious harm/damage
to government
operations,
organisations and
individuals
EXTREME
Information Security Guide
37
38
CONSEQUENCES
None
Judicial proceedings
0
SUB IMPACT CATEGORY
NEGLIGIBLE
1
collapse of
a summary
prosecution
a conviction for a
summary offence
declared ‘unsafe’
or referred for
appeal
•
•
* Unsafe commonly
known as a miscarriage
of justice
impairment to
judicial operations
overseeing
summary offences
•
Resulting in limited
damage to judicial
proceedings including:
Compromise of the
information could
be expected to
cause limited harm/
damage government
operations,
organisations and
individuals
LOW–MEDIUM
2
collapse of
an indictable
prosecution
a conviction for an
indictable offence
declared ‘unsafe’
or referred for
appeal
•
•
* Unsafe commonly
known as a miscarriage
of justice
damage to the
State judicial
system overseeing
indictable
offences
•
Resulting in major
damage to judicial
proceedings
including:
Compromise of the
information could be
expected to cause
major harm/damage
to government
operations,
organisations and
individuals
HIGH
Impact Levels
3
a conviction for a
serious indictable
offence declared
‘unsafe’ or referred
for appeal
collapse of a
serious indictable
prosecution
damage to the
judicial system
overseeing
serious indictable
offences
* Unsafe commonly
known as a miscarriage
of justice
•
•
•
Resulting in significant
damage to judicial
proceedings
including:
Compromise of the
information could be
expected to cause
significant harm/
damage to government
operations,
organisations and
individuals
VERY HIGH
PUBLIC ORDER, PUBLIC SAFETY AND LAW ENFORCEMENT (CONTINUED…)
Compromise of the
information could
be expected to
cause insignificant
harm/damage to
government operations,
organisations and
individuals
IMPACT CATEGORY
Appendix B – VPDSF Business Impact Level (BIL) Table
4
a conviction for a
serious indictable
offence declared
‘unsafe’
collapse of a
serious indictable
prosecution
damage to the
judicial system
overseeing
serious indictable
offences
* Unsafe commonly
known as a miscarriage
of justice
•
•
•
Resulting in serious
damage to judicial
proceedings
including:
Compromise of the
information could be
expected to cause
serious harm/damage
to government
operations,
organisations and
individuals
EXTREME
Information Security Guide
V1.0
V1.0
Public unrest/order
SUB IMPACT CATEGORY
IMPACT CATEGORY
0
None/No disruption to
community
Compromise of the
information could
be expected to
cause insignificant
harm/damage to
government operations,
organisations and
individuals
NEGLIGIBLE
1
2
•
•
damage to public
order
disruption to
community
•
disruption to
community
damage to public
order
Resulting in major:
Compromise of the
information could be
expected to cause
major harm/damage
to government
operations,
organisations and
individuals
HIGH
•
Resulting in limited:
Compromise of the
information could
be expected to
cause limited harm/
damage government
operations,
organisations and
individuals
LOW–MEDIUM
Impact Levels
3
damage to public
order (e.g. riots)
disruption to
community
•
•
Resulting in
significant:
Compromise of the
information could be
expected to cause
significant harm/
damage to government
operations,
organisations and
individuals
VERY HIGH
PUBLIC ORDER, PUBLIC SAFETY AND LAW ENFORCEMENT (CONTINUED…)
Appendix B – VPDSF Business Impact Level (BIL) Table
4
•
•
disruption to
community
damage to public
order (e.g. riots)
Resulting in serious:
Compromise of the
information could be
expected to cause
serious harm/damage
to government
operations,
organisations and
individuals
EXTREME
Information Security Guide
39
40
Protective Marking
SUB IMPACT CATEGORY
IMPACT CATEGORY
0
Information assessed
at this level, requires
authorisation for
unlimited public
release and
confirmed as
PUBLIC DOMAIN
UNCLASSIFIED
Compromise of the
information could
be expected to
cause insignificant
harm/damage to
government operations,
organisations and
individuals
NEGLIGIBLE
For Official Use
Only
Sensitive
(including
legislative
reference)
Sensitive: Personal
Sensitive: Legal
Sensitive: VIC
Cabinet
•
•
•
•
•
•
Sensitive: Legal
•
Sensitive: VIC
Cabinet
•
Sensitive: Personal
•
•
Sensitive: VIC
Cabinet
Sensitive: Legal
Sensitive: Personal
Sensitive
(including
legislative
reference)
Dissemination Limiting
Marker (DLM) options
at this level include
CONFIDENTIAL
Sensitive
(including
legislative
reference)
•
3
Compromise of the
information could be
expected to cause
significant harm/
damage to government
operations,
organisations and
individuals
VERY HIGH
•
Dissemination Limiting
Marker (DLM) options
at this level include:
Dissemination Limiting
Marker (DLM) options
at this level include:
•
PROTECTED
2
UNCLASSIFIED
bearing a DLM
HIGH
Compromise of the
information could be
expected to cause
major harm/damage
to government
operations,
organisations and
individuals
1
Impact Levels
Compromise of the
information could
be expected to
cause limited harm/
damage government
operations,
organisations and
individuals
LOW–MEDIUM
PROTECTIVE MARKING
Appendix B – VPDSF Business Impact Level (BIL) Table
4
•
•
•
•
Sensitive: VIC
Cabinet
Sensitive: Legal
Sensitive: Personal
Sensitive
(including
legislative
reference)
Dissemination Limiting
Marker (DLM) options
at this level include:
SECRET
Compromise of the
information could be
expected to cause
serious harm/damage
to government
operations,
organisations and
individuals
EXTREME
Information Security Guide
V1.0
V1.0
Harm refers to an impact on a person whereas damage refer to an impact on an asset
For impacts of a ‘National Interest’ refer to the Australian Government Business Impact Levels outlined in the PSPF
Protective markings only relate to confidentiality, there is no equivalent set of ‘protective markings’ for integrity or availability, however the
business impact level table should be used to determine the impact to integrity and availability of information to support the required controls to
protect the information.
•
•
•
Please note:
Appendix B – VPDSF Business Impact Level (BIL) Table
Information Security Guide
41
Information Security Guide
Chapter 2 – Protective Markings
Part 1 – Purpose
This chapter aims to assist Victorian public sector organisations in understanding:
•
what information requires a protective marking
•
what protective markings are
•
the definitions that underpin each protective marking
•
the benefits of using protective markings.
Part 2 – Introduction
What information requires a Protective Marking?
Information falls into two broad informal categories:
OFFICIAL INFORMATION
Official information means any
information (including personal
information) obtained, generated, received
or held by or for a Victorian public sector
organisation for an official purpose or
supporting official activities.
This includes both hard and soft copy
information, regardless of media or
format.
UNOFFICIAL INFORMATION
In contrast, unofficial information is
any information that has no relation
to official activities, such as a personal
correspondence.
Unofficial information does not need
to undergo an information assessment
process and must not be labelled with a
protective marking.
Not all official information will require
a protective marking, however other
security measures may still be required to
protect the integrity and availability of this
material.
May require a
protective marking
42
Must not be labelled
with a protective marking
V1.0
Information Security Guide
What are the benefits of using protective markings?
Consistent use of protective markings, coupled with the adoption of appropriate security measures,
enhances Victorian Government’s ability to conduct business in a secure and effective manner.
Protective markings act as an important visual signal to anyone using or accessing the material, as to
the minimum security obligations that accompany that official information.
Part 3 – What are protective markings?
Protective markings are security labels assigned to official information. They signify the confidentiality
requirements of official information, determined via an information assessment using the VPDSF BIL
table8.
Protective markings inform the minimum level of protection to be provided throughout the
information lifecycle (e.g. during the use, storage, transmission/transfer and disposal).
VPDSF Protective Markings
Under the VPDSF, the following types of protective markings are recognised:
VPDSF PROTECTIVE MARKINGS
Dissemination Limiting
Markers (DLMs)
Security Classifications
Caveats
•
For Official Use Only
•
PROTECTED
•
Eyes Only
•
Sensitive: ‘XXX’ (refer
relevant secrecy
provisions or specific
provisions within
enactments)
•
CONFIDENTIAL
•
Releasable to
•
SECRET
•
Special handling
•
TOP SECRET
•
Accountable material
•
Organisation specific
caveats
•
Sensitive: Legal
•
Sensitive: Personal
•
Sensitive: VIC Cabinet
9
9
8
9
V1.0
Organisations should refer to Chapter 1 (Understanding Information Value) of this security guide, which provides instructions
around the information assessment process, and further guidance on determining what material requires a protective marking.
The security classification of TOP SECRET is not referenced as an available protective marking for use under the VPDSF.
Please refer to the Commonwealth Protective Security Policy Framework (PSPF) for more information.
43
Information Security Guide
Part 4 – Protective markings scheme (Victoria)
Dissemination Limiting Markers (DLMs)
DLMs are protective markings that indicate to users that access to that material should be limited.
DLMs are to be used where:
•
disclosure of official information is limited or prohibited by legislation
•
special handling of the information is required
•
dissemination of the information needs to be controlled.10
Depending on the content, some information may require multiple DLMs. In these instances,
organisations should stack each required DLM on the information. Certain DLMs can be used in
conjunction with security classifications, depending on the confidentiality requirements of the
information. A visual representation of the protective marking relationships is captured in Appendix C
of this security guide.
Within Victorian Government, the following DLMs are used. Some of these DLMs may vary from those
at the Commonwealth level11.
DLM
BASIS FOR MARKING
For Official Use
Only (FOUO)
To be applied to official information that requires some form of protection.
Sensitive ‘XXX’
(‘XXX’ - Refer to
relevant secrecy
provisions
or specific
provisions
within
enactments)
Sensitive: Legal
Compromise of this information may cause limited harm/damage to
government operations, organisations and individuals.
•
‘For Official Use Only’ must not be applied to security classified
information.
•
‘For Official Use Only’ is only suitable for use on Unclassified material.
To be applied to official information where secrecy provisions or
enactments may apply to the content, or where disclosure of the material
may be limited or prohibited under legislation.
Organisations must identify the reason for the ‘Sensitive’ marking (this can
be captured in a footer or on the front cover of the information) as well as
any additional handling requirements resulting from the marking.
‘Sensitive’ can be used in conjunction with either security classified
information or Unclassified material.
To be applied to information that may be subject to legal professional
privilege.
‘Sensitive: Legal’ can be used in conjunction with either security classified
information or Unclassified material.
10 Refer Appendix C – Relationship between Protective Markings
11 For more information on the Commonwealth protective marking scheme, refer to the Protective Security Policy Framework
(PSPF) at https://www.protectivesecurity.gov.au
44
V1.0
Information Security Guide
DLM
BASIS FOR MARKING
Sensitive:
Personal
To be applied to information containing sensitive personal content. The
basis for this marking under the VPDSF, is drawn from the definition of
‘sensitive information’ under Schedule 1 of the Privacy and Data Protection
Act (2015) which states:
Sensitive information means information or an opinion about an
individual’s:
a) racial or ethnic origin; or
b) political opinions; or
c) membership of a political association; or
d) religious beliefs or affiliations; or
e) philosophical beliefs; or
f) membership of a professional or trade association; or
g) membership of a trade union; or
h) sexual preferences or practices; or
i) criminal record,
that is also personal information.
‘Sensitive: Personal’ can be used in conjunction with either security
classified or unclassified information.
Sensitive: VIC
Cabinet
All documents prepared for consideration by Victorian Cabinet, including
those in draft are, at a minimum, to be labelled with the DLM of ‘Sensitive:
VIC Cabinet’*
This protective marking is to be applied to all Victorian Cabinet information,
including but not limited to:
•
any document including but not limited to business lists, minutes,
submissions, memoranda
•
and matters without submission that is or has been:
•
•
submitted or proposed to be submitted to Victorian Cabinet, or
•
official records of Victorian Cabinet
any other information that would reveal:
•
the deliberations or decisions of Victorian Cabinet, or
•
matters submitted, or proposed to be submitted to Victorian
Cabinet.
* All official information must be assessed on its individual merits. Some Victorian
Cabinet information may require additional protective markings, in conjunction
with the minimum labelling of Sensitive: VIC Cabinet12.
12 Organisations should refer to Chapter 1 (Understanding Information Value) of this security guide for instructions of this
Security Guide for instruction on how to assess information on its individual merits
V1.0
45
Information Security Guide
Victorian Cabinet documentation
Information used by Victorian Cabinet to formulate policy and make decisions require special
protective security controls. This is because Cabinet material (unlike other official information)
belongs to the particular governments that create them. They are integral to the process by which
governments make decisions and they constitute the record of those decisions.
A new Victorian specific DLM has now been established to reflect Victorian Cabinet requirements,
and distinguish Cabinet material generated at the Commonwealth level. All documents prepared for
consideration by Victorian Cabinet, including those in draft are, at a minimum, to be labelled with the
DLM of ‘Sensitive: VIC Cabinet’.
Originators should still assess the contents of the document using the VPDSF BIL table to determine
the value of the information and whether additional protective markings (including security
classifications) are also required to further protect the information.
See the Victorian Government Cabinet Handbook for more information on this material.
Security classifications
A security classification identifies the confidentiality requirements of the information.
Information marked with a security classification has been through the information assessment
process and has achieved a BIL of 2 or above13.
There are three security classifications used within Victorian Government. They are:
PROTECTED
CONFIDENTIAL
SECRET
TOP SECRET
These security classifications reflect the operating requirements of Victorian Government and align
with the Commonwealth Protective Security Policy Framework (PSPF) classification scheme.
13
46
Refer to Chapter 1 (Understanding Information Value) of this security guide for more information
V1.0
Information Security Guide
SECURITY
CLASSIFICATION
NEGLIGIBLE
LOWPROTECTED
– MEDIUM
HIGH
BASIS FOR THE SECURITY CLASSIFICATION
The security classification of PROTECTED is used when the
compromise of the confidentiality of the information could be
expected to cause major harm/damage to government operations,
organisations
and
individuals. SECRET
VERY HIGH
EXTREME
CONFIDENTIAL
TOP SECRET
P
Information marked at PROTECTED has been through the
information assessment process and has achieved a BIL of 214.
LOW – MEDIUM
NEGLIGIBLE
PROTECTED
HIGH
VERY HIGH
CONFIDENTIAL
The security classification of CONFIDENTIAL is used when
compromise of the confidentiality of the information could be
expected to cause significant harm/damage to government
PUBLIC DOMAIN
(If authorised for
EXTREME
operations,
individuals.
SECRETorganisations and TOP
SECRET
unlimited public
the release)
UN
(B
Information marked at CONFIDENTIAL has been through
information assessment process and has achieved a BIL of 315.
HIGH
LOW
– MEDIUM
CONFIDENTIAL
VERY SECRET
HIGH
EXTREME
The security classification of SECRET is used when the compromise
of the confidentiality of the information could be expected to cause
serious harm/damage to government
operations, organisations and
PUBLIC DOMAIN
UNCLASSIFIED
(If authorised for
individuals.
TOP SECRET
(Bearing a DLM)
unlimited public
SECRET hasrelease)
been through
Information marked at
the information
assessment process and has achieved a BIL of 416.
PSPF
SECRET
TOP SECRET
The security classification of TOP SECRET is not referenced as an
available protective marking for use under the VPDSF.
PUBLIC
DOMAIN
TOP
SECRET
is reserved forUNCLASSIFIED
matters requiring the highest
degree
UNCLASSIFIED
(If authorised for
(Bearing
a
DLM)
(No DLM)
of protection
and
for
information
that
has
the
potential
to
impact
unlimited public
nationalrelease)
interest.
For more information on TOP SECRET material, refer to the
Commonwealth Protective Security Policy Framework (PSPF).
14 Refer to Chapter 1 (Understanding Information Value), Appendix B (VPDSF BIL table) of this security guide for more
information.
15 As above
16 As above
V1.0
47
UN
Information Security Guide
Unclassified information
Unclassified is not recognised as a protective marking and is not to be applied to security classified
information. Under the VPDSF, there are two types of Unclassified information.
•
Unclassified with a DLM (U/D), and
•
Unclassified material without a DLM (U).
•
PUBLIC DOMAIN
(If authorised for
unlimited public
release)
UNCLASSIFIED
(Bearing a DLM)
Unclassified /DLM (U/D) is a description given to information of
which compromise to the confidentiality of the material would be
expected to cause limited harm or damage
UNCLASSIFIED
• (No
Unclassified
material assessed at a BIL of 1 must be used in
DLM)
conjunction with a DLM or caveat.
•
•
UNCLASSIFIED
UNCLASSIFIED
(Bearing a DLM)
(No DLM)
Information assessed as this level requires a DLM or caveat to
be marked on the information
Unclassified without a DLM (U) is a description given to information
of which compromise to the confidentiality of the material would
not be expected to cause harm or damage.
•
Unclassified information has achieved a BIL of zero (0)17,
but has not been approved for unlimited public release.
•
Information assessed at this level may be labelled
UNCLASSIFIED or left unmarked, in accordance with the
organisation’s internal policies and procedures.18
Public Domain
PUBLIC DOMAIN
TOP SECRET
(If authorised for
unlimited public
release)
‘Public Domain’ is not a protective marking. It is a term used to describe
material has been approved for unlimited public release, in accordance
with the authorising environment of the originating organisation.
UNCLASSIFIED
UNCLASSIFIED
(Bearing a DLM)
DLM)
Information
assessed at this level(No
may
be labelled PUBLIC DOMAIN or
left unmarked, in accordance with the organisation’s internal policies
and procedures.
17 As above
18 It is recommended that organisations consider applying UNCLASSIFIED to their material once it has been formally assessed to
reduce confusion with information that is yet to be assessed or protectively marked.
48
V1.0
Information Security Guide
Non-standard markings
Protective markings outside those established under the VPDSF are considered ‘non-standard
markings’. These markings are prohibited for use within Victorian public sector organisations, as the
application of these markings undermine information-sharing and introduce unwarranted complexity
when determining what security controls are required to protect the material at a particular level.
Caveats
Caveats indicate that official information has special requirements in addition to those identified by a
DLM or security classification to further restrict access to the material. Caveats are used in conjunction
with the appropriate DLM or security classification and are not stand-alone protective markings.
Caveats cannot be applied to ‘Unclassified’ material.
Access to caveat material is only available to those who hold an appropriately screened and have been
briefed about the value of the particular information19.
There are three layers of caveats available:
•
Commonwealth level – most commonly found on material relating to information impacting the
national interest (national security)20
•
Whole of Victoria Government (WoVG) level – authorised caveats only (see table below)
•
Organisation specific – internal application and use only
Some organisations may need to use caveats when disseminating information across Victorian
Government. The following caveats have been authorised for use within Victorian Government:
VICTORIAN
CAVEATS
Eyes Only (EO)
BASIS FOR THE CAVEAT
The ‘Eyes Only’ marking indicates that access to information is restricted
to certain:
•
Roles (e.g. Ministers),
•
Entities (e.g. Independent Broad-based Anti-Corruption Commission),
or
•
where employees are engaged in sensitive interagency projects (e.g.
highly sensitive joint projects between Victoria Police and Corrections
Victoria personnel)
Any information marked ‘Eyes Only’ cannot be passed to or access by
those who are not listed in the marking.
Releasable to
The caveat ‘releasable to’ identifies information that has been released or
is releasable to the indicated body or group.
19 Material marked with a caveat is not subject to any policy exceptions. Prior agreement must be sought from the originator if
the caveat of the requires alteration or removal.
20 Refer to the Commonwealth Protective Security Policy Framework (PSPF) for more information on caveats for information
impacting the national interest (National Security)
V1.0
49
Information Security Guide
VICTORIAN
CAVEATS
BASIS FOR THE CAVEAT
Special handling
caveat
A special-handling caveat is a collection of various indicators such as
operation codewords, instructions to use particular communications
channels and EXCLUSIVE FOR (named person).
Accountable
material
If strict control over access to, and movement of, particularly sensitive
information is required, originators can make this information
‘Accountable Material’. What constitutes ‘Accountable Material’ will vary
from organisation to organisation, but could include Budget papers,
tender documents and sensitive ministerial briefing documents.
Accountable documents are subject to strict conditions including
labelling, individual reference and copy numbers, warnings relating to
copy restrictions, transfer, receipting and registration of the material.
Organisation specific caveats
Organisation specific caveats can only be used within the agency or body.
Official information bearing a caveat that has originated at the organisation level must be re-labelled
or appropriate procedures agreed before release, transmission or transfer outside the originating
agency and body.
50
V1.0
Information Security Guide
Part 5 – Protectively marked material from another
organisation
It is essential that users understand and respect the protective marking applied by the originator of the
information. This includes information generated by:
•
Local Council/Shire
•
State or Territory agency
•
Commonwealth department/agencies
•
Foreign Government
•
Private industry
If an organisation receives information labelled with an unfamiliar protective marking, they should
contact the originator of that material as they as there may be specific security obligations imposed
by that marking.
Commonwealth information
The PSPF includes additional protective markings available for use by Commonwealth departments/
agencies.
It is unlikely that these protective markings will be used by Victorian public sector organisations,
however on the rare occasion that this may be required, organisations should refer to the PSPF for
further information21.
State or Territory information
Where another State or Territory has generated information and applies a protective marking, the
marking and any accompanying security measures must be respected by the receiving organisation
in Victoria.
Appendix D of this security guide provides an outline of the most common protective markings
employed by each State and Territory.
Foreign Government information
Where security classified information is provided under a bilateral agreement, foreign government
information (FGI) is to be given the equivalent protective marking. For more information, refer to the
FGI instructions under the PSPF22.
Private industry
Information produced by a private sector organisation may not bear a protective marking, but it may
bear include a commercial label (e.g. Commercial in Confidence). Recipients of this material should
contact the originator of the information to help determine the appropriate protective marking (and
clarify if there are any additional security conditions) for the information, once it is transferred into the
custody of a Victorian public sector organisation.
21 Examples may include where a Victorian public sector organisation may be dealing with information with the potential to
impact the national interest. In these instances, organisations should refer to the requirements set out in the Commonwealth
Protective Security Policy Framework (PSPF) – https://www.protectivesecurity.gov.au/
22 As above
V1.0
51
Information Security Guide
Where private industry generates information for a Victorian public sector organisation, they are to
refer to the engaging organisation’s protective marking requirements.
Part 6 – Legacy classified information
Official information that has been protectively marked under a former security classification
or protective marking scheme23 is now referred to as ‘legacy’ information or ‘legacy classified
information’.
Only official information that is being actively used by a Victorian public sector organisation needs
to undergo an updated information assessment. This updated assessment will help organisations
reclassify the information under the new protective marking scheme of the VPDSF.
Chapter 1 – Understanding Information Value of this security guide, outlines the information
assessment process that organisations are expected to use, to determine the likely impact arising from
a compromise to the confidentiality, integrity and availability of official information.
Any information not being actively used or has been archived, does not require a re-assessment under
the new protective marking scheme. This information can retain its former security classification or
protective marking.
Sample legacy markings may include:
52
•
In-Confidence or X-In-Confidence (including Cabinet-In-Confidence)
•
Restricted
•
Highly Protected
23
Examples include the Protective Security Manual [PSM], Whole of Victorian Government [WoVG] Security Standards
V1.0
CONFIDENTIAL
TOP SECRET
UNCLASSIFIED
TOP SECRET
(Bearing
a DLM)
PUBLIC DOMAIN
CAVEATS
(To be used where disclosure
is limited or prohibited under
legislation. Replace ‘XXX’ with
relevant secrecy provision or
enactment.)
Sensitive ‘XXX’
Sensitive: VIC Cabinet
Sensitive: Legal
Sensitive: Personal
For Official Use Only
(FOUO)
unlimited public
release)
PUBLIC DOMAIN
(IfSECRET
authorised for
(PUBLIC DOMAIN only
once the information is
authorised for unlimited
public release)
(No
DLM) public
unlimited
release)
PUBLIC DOMAIN
UNCLASSIFIED
(If authorised for
(Information must be
first declassified)
(Bearing a DLM)
UNCLASSIFIED
Appendix C – Relationship between Protective Markings
DLM
DLM WITH A LEGISLATIVE BASIS
V1.0
(Information must be
first declassified)
UNCLASSIFIED
PROTECTED
PROTECTED
PROTECTED
(No DLM)
(Information must be
first declassified)
CONFIDENTIAL
CONFIDENTIAL
CONFIDENTIAL
Security Classifications
(Information must be
first declassified)
SECRET
SECRET
SECRET
TOP
TOP
TOP
SECRET
SECRET
SECRET
(If(Ifauthorised
(Ifauthorised
authorised
fof
unlimited
unlimited
unlimited
publi
publ
pu
release)
release)
release)
PUBLIC
PUBLIC
PUBLIC
DOMA
DOM
DO
Information Security Guide
Chapter 2 Appendix – Protective Markings
53
Information Security Guide
Appendix D – Common protective markings employed by each State
and Territory
JURISDICTIONAL PROTECTIVE MARKINGS OTHER
MARKINGS
TOP SECRET
SECRET
CONFIDENTIAL
PROTECTED
UNCLASSIFIED
bearing a DLM of:
UNCLASSIFIED
(bearing no DLM)
Sensitive
Sensitive: Legal
Sensitive: Personal
Sensitive: Cabinet
For Official Use Only
CAVEATS (Refer to
PSPF for a full list of
available Caveats)
SECRET
CONFIDENTIAL
PROTECTED
UNCLASSIFIED
bearing a DLM of:
CAVEATS (Refer to
PSPF for a full list of
available Caveats)
CLASSIFICATIONS
Commonwealth
(Cmth)
New South Wales
(NSW)
South Australia
(SA)
54
DISSEMINATION
LIMITING
MARKERS (DLMS)
JURISDICTION
Victoria
(VIC)
REFERENCE TABLE
Sensitive
Sensitive: Legal
Sensitive: Personal
Sensitive: VIC Cabinet
For Official Use Only
TOP SECRET
SECRET
CONFIDENTIAL
PROTECTED
UNCLASSIFIED
bearing a DLM of:
TOP SECRET
SECRET
CONFIDENTIAL
PROTECTED
UNCLASSIFIED
bearing a DLM of:
UNCLASSIFIED
(bearing no DLM)
Public Domain*
(*If approved for
unlimited public
release)
Sensitive
Sensitive: Legal
Sensitive: Personal
Sensitive: NSW
Cabinet
For Official Use Only
PUBLIC
Sensitive
Sensitive: Legal
Sensitive: Personal
Sensitive: SA Cabinet
For Official Use Only
V1.0
Information Security Guide
JURISDICTIONAL PROTECTIVE MARKINGS DISSEMINATION
LIMITING
MARKERS (DLMS)
OTHER
MARKINGS
JURISDICTION
CLASSIFICATIONS
Northern Territory
(NT)
HIGHLY
PROTECTED
PROTECTED
Western Australia
(WA)
TOP SECRET
SECRET
CONFIDENTIAL
HIGHLY
PROTECTED
PROTECTED
Queensland
(QLD)
TOP SECRET
SECRET
CONFIDENTIAL
HIGHLY
PROTECTED
PROTECTED
UNCLASSIFIED
bearing a DLM of:
TOP SECRET
SECRET
CONFIDENTIAL
PROTECTED
UNCLASSIFIED
bearing a DLM of:
UNCLASSIFIED
(bearing no DLM)
Sensitive
Sensitive: Legal
Sensitive: Personal
Sensitive: Cabinet
For Official Use Only
CAVEATS (Refer to
PSPF for a full list of
available Caveats)
HIGHLY
PROTECTED
PROTECTED
X-In-Confidence
UNCLASSIFIED
(bearing no DLM)
PUBLIC
Australian Capital
Territory (ACT)
Tasmania
(TAS)
V1.0
REFERENCE TABLE
In-Confidence
Sensitive
Sensitive: Legal
Sensitive: Personal
Sensitive: Cabinet
For Official Use Only
55