VICTORIAN PROTECTIVE DATA SECURITY FRAMEWORK (VPDSF) INFORMATION SECURITY GUIDE Information Security Guide This page is intentionally left blank. 2 V1.0 Information Security Guide VICTORIAN PROTECTIVE DATA SECURITY FRAMEWORK (VPDSF) INFORMATION SECURITY GUIDE V1.0 3 Information Security Guide Published by the Commissioner for Privacy and Data Protection PO Box 24014 Melbourne Victoria 3001 June 2016 Also published on: http://www.cpdp.vic.gov.au ISBN 978-0-9946370-1-7 4 V1.0 Information Security Guide VPDSF Information Security Guide Document Details VPDSF INFORMATION SECURITY GUIDE DOCUMENT DETAILS Protective Marking Unclassified Publication Date June 2016 Review Date June 2017 Document Status Final V1.0 Author Office of the Commissioner for Privacy and Data Protection For further information, please contact the Data Protection Branch on [email protected] V1.0 5 Information Security Guide This page is intentionally left blank. 6 V1.0 Information Security Guide Contents Background..............................................................................................................................................9 Purpose.....................................................................................................................................................9 Audience...................................................................................................................................................9 Scope......................................................................................................................................................10 Use of terms..........................................................................................................................................10 Chapter 1 – Understanding Information Value.......................................................................... 11 Part 1 – Purpose................................................................................................................................... 11 Part 2 – Information Assessment Process...................................................................................... 11 Part 3 – State versus Commonwealth scheme............................................................................. 15 Part 4 – Business Impact Levels (BILs)............................................................................................. 17 Part 5 – How to read the BIL table...................................................................................................18 Part 6 – Contextualising the VPDSF BIL table for your organisation........................................19 Part 7 – Working examples................................................................................................................22 Part 8 – Continuous information assessment...............................................................................27 Chapter 1 Appendix – Understanding Information Value........................................................... 28 Appendix A – Visual representation of the information assessment process................. 28 Appendix B – VPDSF Business Impact Level (BIL) Table...................................................... 29 Chapter 2 – Protective Markings.................................................................................................. 42 Part 1 – Purpose.................................................................................................................................. 42 Part 2 – Introduction ......................................................................................................................... 42 Part 3 – What are protective markings?......................................................................................... 43 Part 4 – Protective markings scheme (Victoria)........................................................................... 44 Part 5 – Protectively marked material from another organisation............................................ 51 Part 6 – Legacy classified information ...........................................................................................52 Chapter 2 Appendix – Protective Markings ...................................................................................53 Appendix C – Relationship between Protective Markings ..................................................53 Appendix D – Common protective markings employed by each State and Territory.... 54 V1.0 7 Information Security Guide This page is intentionally left blank. 8 V1.0 Information Security Guide Background The Commissioner for Privacy and Data Protection (CPDP) issues security guides to support the Victorian Protective Data Security Framework (VPDSF). All elements of the VPDSF are inter-linked and should not be read in isolation. The Information Security Guide forms part of a suite of supporting security guides provided in the Resources section of the VPDSF. Victorian Protective Data Security Framework Victorian Protective Data Security Standards Assurance Model Sec GO Security GOVERNAN Policies and CE ive Data Protect Victorian ork amew anag t Fr emen yM curit Se GOVE RNAN CE urity VERN Security ork Framew s n Prot Ob CE liga tion n Prot Secu ures and Proced Policies Security 3 GOVERNANCE t emenData Security Standards agProtect ive Man Victorian y Risk curitANCE res rk wo Se and procedu ork s me RN security policies ewrity Standardard ty Fra 2 GOVE Secu Stand m ent and maintain uri a , implem Data ve posture. . establish ta Sec es and riskrity risks tion must Da n Prot ntectiFr An organisa to their size, resourc age secu tive oriae Victm tec man Pro proportionate rk to e ewo ian tor ent fram nag Vic ent of agem of Objective sector data. agem rk man Ma ard of public man wo Statement s e a risk ctive protection Stand frame t utilis n for the and effe ndard mus urity CE ent directio Sta tion tion strategic em tifica urity organisa To set clear nag Sec AN iden 1 Victoria rk ewo rity Fram Data ective Victoria AN s Procedure 4 Information GOVERNAN Victorian CE Protective ective Victorian Protect ive Data Data Security Secu Framew rity Fram ork ewo rk Access 5 Secu Data Security Standard GOVE Standards Victoria n rity O RNAN CE Prot ective bligat 6 Data Secu ions Sec urity GO rity Stan An organisa VEdard Vic Stand RNs tor tion must ian ard establish public sector AN , implem Pro data. Vic CE ent and maintain tec tor An orga tive ian an access Da Pro management all pers nisation ta Sec tec regime Statement ons with must defin tive for access uri of Objec Data to ty Fra e, doc acce tive ss to St Sec ume me publican nt, urity To ensure wo Statem daorrd commun sect access to rk Sta public sector icate ent ndard data . An and data is authoris of Ob s regu org To ensu jec larly ed and controll ani and tive Protocol revie sation re all ed across aw w the pers 4.1 are the mu security ons with secu nes core st ens rity oblig There is domains. s. acce ation’s executiv Sec ma An the tive ure ation Pro ss organis St ta e ty sponsor VERN the to ugh incorporated at Da tocol s of all per pub ents in ship of security Objec securi d thro . 3.1 GO in the organis requirem tive 5.1 ents, emen lic sector ecte col requirem son security tec ent of intain a is protProto ains ation’sThe ship data s wit andof re is Pro access To and they t of dom e sponsor understa management exec cre ma or data security are h acc ian Statem rted sector it is they Ob is executiv utive ate re. tor po sect of regime. There are and nd res. ess jec spon Protocol Vic sec and their blic ent, and inco sup procedu entpublicpostuthe core to pu sors urithip ma rpor tive secu 4.2 policies and lated, s to pu lemre riskacross agem rk. ated y of inta ensu rity oblig blic man To ewo imp in the acr the secu risks in a Security s and articu rity ationsec ty risk ish, rcerity orga oss the requirem and ent fram stro Pro ed, secuuri tor s. secu rity abl rd policies nisa ents ou agem ish ng obli manage toc cor dat ation’s Prot tion’s e da st est e, res of sec abl hip of ment regime. are implemented ol 5.2 sec ons 3.2 a un ol 2.1 sec gati pers in the organis risk man estsorsProto mu in the organis ent ’s col ocol Secu der Stan onn uritel urity of all ir siz spon em tion arly implemented Protoc ation’s rity obli tak There access y do man culturpersons, sationto the utive cle orga ster. ents are nagnisa 6.1 e sec pers ani maagem e tha exec gations requirem e ma and is exe ons s are the risk regi and org ins ent t re is Security urity nat it tive Theem and entated inthe Protocol are An and regi tion’s it is ens cut refle res. trainin and jec portio 4.3 rpor ble the me. ure ive cted embedd procedu inc rk, organisa inco to ena pro ir ob s edorp spo in the g wo arrang of Ob Security ora me in the ce nso liga that all orga into and requirem Pro teddaily rsh tions nan nisationthe d in the t frarded ent per ion Prot ents are reco organisation’s in thefuncip of ’s reviewe appropr tocol 5.3 anden ts. 3.3 em to pro sons ed and ’s pers gover anisat ol 2.2 d em tionas ocol access manageSecu iately monitor monitor tifie nisation onnorg nag sec org Stat urity Protoencol tec under ed Th Protoc orga el man and ani anduri mentrity obli appropriately activ the are iden sec e reviewe 6.2 t pu stand ty ma angem sat ents are ty tra ities in the in the regime. agem oss gations org securi d in the ure blic ion ent rity riskssecuri ce arr Security requirem wed res. procedu acr orga ens and sec the imp ’s perregiininof all revie Secu Protocol nisation of allanisat ty tra To policies ted g and tor the and ’s nan inin sonme. ion mo ortanc 4.4 dat ’s pers persons organisation’sitored sation ip of gover nel aw ’sare pro a. perappg and rsh onn are ’s e ma y mon organi a. Security 2.3 sonropr aw ness Protoc nag iatel requirem Prot el managem dat and ol 1.1 sponsoanisationtocol the nel iatelare ropr ents em policies pro in manage oc ne are ma y mon Pro ive d ation’s ocol improved ol 5.4 ent ent regi ment. ment gra are app nag ss pro nte col 3.4 and Secu reg The m, Prot execut the org and the organissecurity risk environ me. em itore environment. regime is updated me Proto d and 6.3 rity risks rity obli the organis ime. risk is improved ’s riskevolving ation’s access sec ent gra d in Secu pers to respond ents are imple urity to the security reg m isrevie to rev wed onnel gations theiew nisation requirem There bedde register. rk is evolving respond ime. imple toorga ving tra Security of risk ed man risk security wo evol the me in the ining risk environm agem all pers is em res are updated nte ons d andd and to the procedu ent frame d in are org and aw Controls ent. 1.2 ore ond ent improvenit ani rove are Prot regime is upd imp the to resp em ts. tocol 2.4 sat ent is mo ated ocol guide nag en ated iond’sandnethe ocol Contr agem upd ely practice to respper ss pro man Policy rk is The Prot urity ma angem Pro riat ents. entAn organisa orga the better ols 6.4 gra ve Security ond son res with ernm Protecti nisa rity risk frameworop tion should arr em m tion sec procedu tone Gov the technol org securi app ols Secu ent Contr the ’s ang l ma ty tra orianres of ani The nance policies and An orga its access evol is app ogy -- Security align rk is ce arr agem procedu sat urity nagving rop evo man wo the Vict inin ent. , plans and nisa management control]. align its security ion techniq sec gover lvin em securiat Protectiv regime ues --tion s and ’s per g and ronm risk tices with tion should s. ent rityely the typolicies frame vernan Code shou ve security envi ISO/IEC aw ofldpractice g sec with standard e Secu mo 1.3 reg ent ’s go An organisa agency protectiand Principle Further uri prac Pers urity sonne 27002:2 nitore ent:against these ime. em onnel rity Guid align itsfor informa ved ion ents consideration Co g sec ent tion l ma arene013 Information ocol risk Developing agem nag secu assessm sat d and lvin agem ss pro eline man Man should also Security ntro Framework rity obligensecurity (PSPF). improrisk conducting Prot urity ma organi evo viro nagcontrols Protoco be and NIST This mat Frameworkts are rity ed when 09 Risk gra lsl s Agency Pers ation nm emen [Access s. erial given 0:20 m sec in the ols enitsl secu to thebe referenc dard Systems and Organis Special publicat An to relevant of provisio shou should the onnel s of en allt.pers t regim is im em po ion 800-53 nd orgbe The MF). e stan ed ns within align ld ISO 3100 ations. Contr ldmateria This Secu anirefe , Security Protectiv guide the iew ons with e is proved Nationa 13 thes resrk (VGR shou nst This materia to the ent. arrangto sat rity Resp and Privacy e rev n renc l 20 up ewo e-Authe Secu agai tion ion ce l should ed whe the bett and trainin Protec dat controls nticatio ed Fram rity Polic be give managem onsibiliti sho nan ent be referenc n ed for Federal 1.4An organisa ssments01: the er to uld n conduc ld also ed when g] of tive updat risk asse C 270 prac y Fram Informa es and agem gover restice alig tion Sec ocol Risk’s Man Fur conducthe rk is ration shou 6 Security ting ewo ting assessm ducting ISO/IE s. guid n its the asse wo rk (PSP Australia pond Pro urity ents n con with 200 Prot anisation me conside sec these ssments Inform r co n Gov toe ndard Gu against tec F). rk the nsider uri ed whe ide HB 167: her ernm tive standard agai org ent fra wo se sta atio [Du ent s. nst thes Sec lines ty trainin referenc the atio The em t.Furt elines and n rin frame Ag urity ld be e stan nag inst en guid Privac g Em techn n sho g and ent shou ma Policyency aga nm dard olo plo uld em erial Per y s. nts aw viro gy ym co mat nag son Fra en are me ntrols ent -- Secalso be This This ma me nes nel ess ma wo ass for ] and NIS urity given urity V1.0 terial rk (PS Securi s progra ing V1.0 Fed sec 36 tec to T 33 uct era sho PF) ty Re m wit . n its l Inf Specia hniqu relevan . ls uld spo ent cond alig es orm em l en nsibili h the be uld ntro refere atio public -- Co t provis sho Manag bet d wh ties Co n Sys atio de ion V1.0 nce nce [Se ter pra sation urity tem n 80 of pra s wit cur d wh V1.0 ani ctic refere hin ity s and 0-5 ctic n Sec org be en e aw 3 An cond atio uld are for ISO/IE Organ [Aware e35 nes uct Inform terial sho 34 s isatio nes inform C 270 ing 02:20 atio ass ma ns. s and ess n Tra This me inin securi 13 nts ty co g], aga Sec inst urity ntrols the and se sta ndard V1.0 V1.0 s. VICTORIAN PROTECTIVE DATA SECURITY STANDARDS Tra inin ga nd Aw a ren ess November 2015 37 32 Resources Purpose The Information Security guide is designed to assist organisations to implement the VPDSS. It provides the following guidance: Chapter 1 Understanding Information Value This chapter provides a common vocabulary and a structured approach to enable Victorian public sector organisations to assess the value of their public sector data (referred to as official information) by identifying the business impacts if official information were compromised. Chapter 2 Protective Markings This chapter provides guidance to Victorian public sector organisations on protective markings (i.e. what protective markings are available under the VPDSF and the basis for these). Audience This guide is intended for Victorian public sector organisations (including employees, contractors and external parties) that are subject to the protective data security provisions under Part Four of Victoria’s Privacy and Data Protection Act (2014). V1.0 9 Information Security Guide Scope This security guide underpins the VPDSS Information security standards and supports the other security standards across Governance and the domains of ICT, Personnel and Physical security. Use of terms Please refer to the VPDSF Glossary of Protective Data Security Terms for an outline of terms and associated definitions. 10 V1.0 Information Security Guide Chapter 1 – Understanding Information Value Part 1 – Purpose Everyone who works with official information has an obligation to respect the information that they create, access and use, and are personally accountable for safeguarding information assets. In order to do this, all persons need to have an understanding of the value of official information, and the security measures designed to protect the confidentiality, integrity and availability of official information. Valuing official information is the fundamental starting point for the development of a positive security culture in the Victorian public sector. Proper valuation of official information means that the right security precautions can be taken to protect it. This chapter aims to assist organisations undertaking these activities by: • providing guidance about assessing official information using a consistent impact assessment tool (taking the form of Business Impact Levels - BILs) • determining the overall value of official information • identifying the appropriate protective marking • understanding if additional security measures are required to protect official information (beyond those informed by the protective marking) • contextualising the VPDSF BILs in line with the organisation’s specific operating requirements Part 2 – Information Assessment Process Who performs an information assessment? When official information is created, the originator of this material is required to assess potential business impacts if the information was compromised. The originator is the person, or organisation, responsible for preparing / creating official information or for actioning information generated outside the public sector (i.e. private industry). This person, or organisation, is also responsible for deciding whether, and at what level, to value information, by completing the information assessment process. What is the Information Assessment Process (IAP)? The IAP is a method to assess official information to determine the overall value of the content. The assessment process involves three core stages: 1. Identify official information 2. Consider potential impacts if the information was compromised 3. Understand the overall value of the information, in order to apply the appropriate security measures A visual representation of the full information assessment process is in Appendix A. V1.0 11 Information Security Guide INFORMATION ASSESSMENT PROCESS STAGES 1. Identify official information Official information means information (including personal information) obtained, generated, received or held by or for a Victorian public sector organisation for an official purpose or supporting official activities. This includes both hard and soft copy information, regardless of media or format. In contrast, unofficial information is any information that has no relation to official activities, such as a personal correspondence. Unofficial information does not need to undergo the assessment process. 2. Consider potential business impacts C CONFIDENTIALITY In order to assess the potential business impact(s) from a compromise to official information, consider the preservation of its confidentiality, integrity and availability. Confidentiality refers to the limiting of access to official information to authorised persons for approved purposes. The confidentiality requirement is determined by assessing the potential consequences of unauthorised disclosure of official information and the level of its sensitivity. INTEGRITY AVAILABILITY I A The level of sensitivity: 1. refers to the degree to which, and the extent or duration of, any impacts and related consequences to the confidentiality of the information 2. informs the appropriate label (protective marking(s)1) for the information 1 12 For more information on protective markings, refer to Chapter 2 of this security guide V1.0 Information Security Guide INFORMATION ASSESSMENT PROCESS STAGES C I A CONFIDENTIALITY INTEGRITY AVAILABILITY Integrity refers to the assurance that official information has been created, amended or deleted only by the intended authorised means and is correct and valid. Availability refers to allowing authorised persons to access official information for authorised purposes at the time they need to do so. The integrity and availability business impacts are determined by assessing the potential consequences of unauthorised modification or unavailability of the information and the level of its significance. The level of significance: 1. refers to the degree to which, and the extent or duration of, any impacts and related consequences to the integrity and/or availability of the information 2. identifies the need for additional security measures to further protect the information beyond those established by the protective marking. 3. Understand overall value and apply security measures The information assessment process delivers two equally important outcomes: • the identification of the appropriate label (protective marking(s)) for official information, and • an understanding of the overall value of the information and whether any additional security measures are needed to further protect it. These additional security measures act as layered protection for the information, beyond those established by the protective marking IAP Considerations When assessing official information, organisations keep in mind the following: Legislative requirements governing the information Some forms of official information are governed by legislation that restricts or prohibits disclosure of its content, imposes certain use and handling requirements or restricts dissemination of the material. Organisations should be aware of these obligations when assessing official information in order to determine what Dissemination Limiting Markers (DLMs) are appropriate for the content. V1.0 13 Information Security Guide Inappropriate use of protective markings Official information should only be protectively marked where there is a clear and justifiable need to do so. In no case should official information be protectively marked to: • hide violations of law, inefficiency or administrative error • prevent embarrassment to an individual, organisation or agency • restrain competition, or • prevent or delay the release of information that does not need protection The presence or absence of a protective marking does not affect a document’s status under Freedom of Information (FOI) Act. Prevent overclassification It is important that information not requiring increased protection be labelled as UNCLASSIFIED, or the appropriate DLMs. Security classifications should only be used when potential compromise of the confidentiality of the material warrants increased protection. Inappropriate over classification can result in: Consider the aggregated value of the information • access to official information being unnecessarily limited or delayed • overly onerous administration and procedural overheads, imposing additional costs on the organisation • protective markings being devalued or ignored by personnel and receiving parties. Where multiple pieces of official information are stored together, the overall value of this collective (aggregated) material should be considered. This may include storing multiple protectively marked records in a single file, or the storage of protectively marked material in a folder on a shared network drive or USB. The risks associated with this aggregated information may be higher than any single instance or individual record, and may result in additional security controls being needed to protect the combined information assets. Organisations should consider the aggregated value of their information when selecting equipment, systems, facilities or services for the protection of this information. 14 V1.0 Information Security Guide Part 3 – State versus Commonwealth scheme Different regulatory arrangements exist for the oversight and management of official information across jurisdictions (i.e. State/Territory versus Commonwealth). Under the VPDSF, Business Impact Levels (BILs) are used to assess official information. This approach is consistent with Commonwealth Protective Security Policy Framework (PSPF) who also employs this method. By adopting a consistent assessment tool, Victorian public sector organisations are positioned to effectively share information across jurisdictions without having to undergo complex mapping exercises. Prior to conducting an information assessment, organisations need to first consider which scheme they are to apply. Ask yourself; does this information have the potential to affect national interest2? A visual representation of this consideration is provided in Figure 2, along with a brief description of the two complementary schemes (VPDSF and PSPF). State vs Commonwealth scheme VICTORIAN PROTECTIVE DATA SECURITY FRAMEWORK Does the information have the potential to affect national interest? NO YES Protective security governance guidelines Business impact levels Approved November 2014 JUNE 2016 Amended April 2015 Refer to the Victorian Protective Data Security Framework (VPDSF) Refer to the Protective Security Policy Framework (PSPF) Version 2.1 Figure 2 – Does the information have the potential to affect National Interest? VPDSF (State) vs. PSPF (Commonwealth) BILs State The VPDSF BIL table has been developed to provide a basis for Victorian public sector organisations to assess official information that has the potential to affect State Government operations or interests, entities and persons within Victoria. The full VPDSF BIL table contained in Appendix B, provides organisations standardised impact categories and consequences levels to use to assess official information. 2 V1.0 Refer to VPDSF Glossary of Protective Data Security Terms for National interest definition 15 Information Security Guide Commonwealth A limited number of Victorian organisations will create, use or receive information that could impact on Australia’s national interest. Where information is assessed as having the potential to impact national interest, organisations are to adhere to the requirements set out in the PSPF (Protective security governance guidelines – Business Impact Levels) for this material. The PSPF provides its own BIL table with its own set of definitions, consequences and impact categories. For more information of the PSPF, refer the PSPF website at www.protectivesecurity.gov.au 16 V1.0 Information Security Guide Part 4 – Business Impact Levels (BILs) In order to undertake the information assessment process, organisations are to use valuation criteria called Business Impact Levels (BILs) to determine the value of official information. What are Business Impact Levels (BILs)? BILs are numerical measures of scaled consequences, identifying the potential impact arising from a compromise to the confidentiality, integrity or availability of official information. A sample representation of the VPDSF BIL table is provided below. IMPACT CATEGORY Main impact category listed here… Impact Levels NEGLIGIBLE 0 LOW–MEDIUM 1 HIGH 2 VERY HIGH 3 EXTREME 4 BIL 0 impact descriptor listed here BIL 1 impact descriptor listed here BIL 2 impact descriptor listed here BIL 3 impact descriptor listed here BIL 4 impact descriptor listed here BIL 0 standardised consequence statement BIL 1 standardised consequence statement BIL 2 standardised consequence statement BIL 3 standardised consequence statement BIL 4 standardised consequence statement SUB IMPACT CATEGORY Sub impact category listed here CONSEQUENCES Why use BILs? BILs help organisations assess and communicate the consequence(s) of particular information impacts with linked agencies, business partners, external parties and providers. By assessing official information in a standardised manner, Victorian public sector organisations are able to consider and collaboratively manage information risks and provide a solid foundation for secure information sharing practices. The ability to share information using commonly understood terms allows for informed negotiation between organisations over the risk controls or mitigations that should be employed. Throughout the information lifecycle, organisations are to use the impact criteria in the BILs table to assess official information. What is the VPDSF BIL table? The VPDSF BIL table (Appendix B) provides: V1.0 • five scaled impact levels (starting at zero and scaling through to a maximum of four) • impact categories (grouped ‘like’ impact types listed down the table) • consequence statements across each of the levels. 17 Information Security Guide Part 5 – How to read the BIL table Impact levels An impact level refers to the severity of the potential consequences and the degree to which a compromise to the official information is likely to cause harm or render damage. As potential consequences increase in severity, the impact levels rise. NEGLIGIBLE LOW – MEDIUM HIGH VERY HIGH EXTREME Impacts categories In the VPDSF BIL table consequences bearing ‘like attributes’ are grouped into ‘impact categories’. Examples of impact categories include: Economy & Finance Legal & Regulatory Personal Public Services Public Order, Public Safety & Law Enforcement Consequences The VPDSF BIL table presents standardised consequence statements for State Government operations or interests, entities and persons within Victoria. These consequences include examples of adverse effects or results if official information were compromised or lost. 18 V1.0 Information Security Guide Part 6 – Contextualising the VPDSF BIL table for your organisation Victorian public sector organisations are expected to use the VPDSF BIL table (Appendix B) to assess the impacts resulting from a compromise to the confidentiality, integrity and availability of official information. The VPDSF BIL table does not require adjustment, as pre-defined consequence statements and impact levels provide a standardised model for Victorian public sector organisations to utilise. The fixed nature of these statements is critical to ensuring organisations use consistent valuation criteria when assessing official information, and in turn, communicating its sensitivities3 and significance4 in a standardised manner. Rather, Victorian organisations are required to consider the standardised consequence statements in the context of their specific operating requirements. This may be based on their functions, size, resources or information assets. By doing so, the BILs can assist organisations can properly identify the true impacts and implications to their business, should a compromise to the confidentiality, integrity or availability of official information occur. External parties with access (direct or indirect) to official information should also refer to the VPDSF BIL table of the engaging Victorian public sector organisation, to ensure consistency when conducting an information assessment. Example 1 – Economy and Finance impact category V1.0 Impact category of ‘Economy and Finance’ and sub impact category of ‘Organisations operating budget’: B – VPDSF Business Impact Level (BIL) Table Appendix IMPACT CATEGORY ECONOMY AND FINANCE Impact Levels NEGLIGIBLE SUB IMPACT CATEGORY Organisation’s operating budget (impact on public finances) 0 LOW–MEDIUM 1 HIGH 2 VERY HIGH 3 EXTREME 4 Compromise of the information could be expected to cause insignificant harm/damage to government operations, organisations and individuals Compromise of the information could be expected to cause limited harm/ damage government operations, organisations and individuals Compromise of the information could be expected to cause major harm/damage to government operations, organisations and individuals Compromise of the information could be expected to cause significant harm/ damage to government operations, organisations and individuals Compromise of the information could be expected to cause serious harm/damage to government operations, organisations and individuals Resulting in insignificant loss of < 1% of organisation’s annual operating budget Resulting in limited loss of > 1% – 10% of organisation’s annual operating budget Resulting in major loss of > 10% – 15% of organisation’s annual operating budget Resulting in significant loss of > 15% – 20% of organisation’s annual operating budget Resulting in serious loss of ≥ 20% of organisation’s annual operating budget CONSEQUENCES Non-public finances None Resulting in major financial hardship to an individual or consequence business Resulting in significant financial hardship to an individualscaling or statements, business Resulting in serious financial hardship to an individual or from business The VPDSF BIL table presents CONSEQUENCES ‘insignificant’ through to ‘serious’ loss. Each descriptor is accompanied by a percentage (%), quantifying scaled business impacts for a loss to the organisations annual operating budget. A certain percentage loss will have different implications for different organisations – i.e. losing >1% – 10% of a small organisations annual operating budget would have a very different effect to that of a larger organisation which may be able to absorb the impact better. 29 3 4 V1.0 Refer to VPDSF Glossary of Protective Data Security Terms for sensitivity definition Refer to VPDSF Glossary of Protective Data Security Terms for significance definition 19 Information Security Guide Resulting in limited financial hardship to an individual or standardised financial business Information Security Guide In order for an organisation to consider the standardised consequences in the context of their specific operating requirements, they need to first consider their overall operating budget. For example, the operating budget of agency X is $4,000,000. Using the VPDSF BIL table, agency X would interchange the VPDSF BIL percentages with their commensurate financial amount for that impact level, drawn from the organisations annual operating budget. The below statements have been contextualised, based on agency X’s $4,000,000 annual operating budget: Resulting in an insignificant loss of less than $40,000 of the organisations annual operating budget Resulting in a major loss of $400,000 – $600,0000 of the organisations annual operating budget Resulting in a limited loss of $40,000 – $400,000 of the organisations annual operating budget Resulting in a serious loss of more than $800,000 of the organisations annual operating budget Resulting in a significant loss of $600,000 – $800,000 of the organisations annual operating budget Example 2 – Legal and Regulatory impact category IMPACT CATEGORY LEGAL AND REGULATORY Impact Levels NEGLIGIBLE SUB IMPACT CATEGORY Legal/compliance (including applicable legislation and agreements or contracts) E.g. Non-compliance with legislation, commercial confidentiality and legal privilege CONSEQUENCES 0 LOW–MEDIUM 1 Compromise of the information could be expected to cause insignificant harm/damage to government operations, organisations and individuals Compromise of the information could be expected to cause limited harm/ damage government operations, organisations and individuals No compliance issue or breach Resulting in limited: HIGH 2 3 Compromise of the information could be expected to cause significant harm/ damage to government operations, organisations and individuals Resulting in major: Resulting in significant: • legal issues • legal issues • non-compliance with contracts or agreements • non-compliance with contracts or agreements failure of statutory duty • • breaches • breaches • misconduct investigation managed internally • misconduct investigation managed either internally or externally • VERY HIGH Compromise of the information could be expected to cause major harm/damage to government operations, organisations and individuals failure of statutory duty EXTREME 4 Compromise of the information could be expected to cause serious harm/damage to government operations, organisations and individuals Resulting in serious: • legal issues • legal issues • • non-compliance with contracts or agreements non-compliance with contracts or agreements • • failure of statutory duty failure of statutory duty • breaches • breaches • • misconduct investigation managed either internally or externally misconduct investigation managed either internally or externally V1.0 20 V1.0 Information Security Guide 30 Impact category of Business ‘Legal and Regulatory’ andTable sub impact category of ‘Legal/Compliance’: Appendix B – VPDSF Impact Level (BIL) Information Security Guide The VPDSF BIL table presents standardised legal and regulatory consequence statements, scaling from ‘insignificant’ through to ‘serious’. Under the Legal/Compliance sub impact category, the consequence statements represent standardised legal or compliance business impacts that may result from a compromise to the confidentiality, integrity and availability of official information. These consequences could include non-compliance with legislation, commercial confidentiality and legal professional privilege. The complex legal and regulatory landscape in which Victorian organisations operate, mean they are required to observe a range of compliance requirements. These requirements will differ from organisation to organisation (e.g. ‘small and simple’ to ‘large and complex’), and are significantly influenced by the requirements of the legislation they administer. In order for an organisation to understand how to apply the standardised consequences from the VPDSF BIL table, they first need to consider the legal and regulatory environment in which they operate. For example, compliance obligations for a single entity may include: • Public Administration Act (2004) • Public Records Act (1973) • Financial Management Act (1994) • Privacy and Data Protection Act (2014) • Freedom of Information Act (1982) • Local operating agreements, arrangements or contracts Understanding these obligations, help an organisation to contextualise the consequence statements and define ‘insignificant, limited, major, significant and serious’ impacts in relation to their own operating environment. V1.0 21 Information Security Guide Part 7 – Working examples The following section sets out two working examples where organisations conduct an information assessment using the VPDSF BIL table to determine the overall value of official information. These are only sample representations of how to conduct an information assessment. Organisations should consider the legislative and regulatory environment in which they operate as this may also influence the assessment of any official information, and subsequent application of security measures needed to protect this material. EXAMPLE 1 – COMMISSIONER FOR PRIVACY AND DATA PROTECTION (CPDP) The Commissioner for Privacy and Data Protection (CPDP) conducts a security review on a potential breach of official information from a government agency. The team create a file note summarising the breach and need to determine: If the information requires a protective marking, and Whether any additional security measures are required to further protect this information, beyond those established by the protective marking. Information assessment process The team conducts an initial assessment to consider what are the potential impacts if the confidentiality of the information was compromised. This assessment will help determine the relevant impact level for this stage. C I A CONFIDENTIALITY INTEGRITY AVAILABILITY After assessing each of the consequence statements in the BIL table, multiple outcomes are identified. These outcomes determined that the information must remain confidential as unauthorised access could be expected to cause major harm/damage to government operations, organisations and individuals). Potential consequences included major: 22 • legal and compliance implications (non-compliance with secrecy provisions in legislation) • harm to an individuals safety or liberty resulting in compromise of person • reputational damage, including generating broad public concern, mainstream media reports and negative publicity • damage to crime fighting including impeding the investigation of an indictable offence V1.0 Information Security Guide EXAMPLE 1 – COMMISSIONER FOR PRIVACY AND DATA PROTECTION (CPDP) Confidentiality result: Using this example, a compromise to the confidentiality of the official information was assessed as a business impact level of 2. Confidentiality consequences at this level, correspond with a security classification of ‘PROTECTED’. Depending on the content, the information may also require Dissemination Limiting Markers (DLMs)5. C I A CONFIDENTIALITY INTEGRITY AVAILABILITY The team then conducts a secondary, layered assessment of the same information to consider what potential impacts could occur if the integrity or availability of the material was compromised. This secondary assessment will help determine the relevant impact level for this stage. After assessing each of the consequence statements in the BIL table, limited outcomes were identified. These outcomes were based on the need for the team to readily access accurate information. Potential consequences included limited: Integrity and Availability result: • damage to an organisation’s assets • degradation or cessation of non-critical (essential or important) business operations, systems or services, to an extent that while the organisation can perform its primary functions, the efficiency and effectiveness of the functions is noticeably reduced or impeded. In this example the secondary, layered assessment for integrity and availability identified an impact level (BIL of 1). As this BIL is lower than the level identified under the initial ‘confidentiality’ assessment, additional security measures do not need to be considered in this instance. Security controls that accompany a security classification of PROTECTED should be employed to secure this official information. Note: The secondary assessment does not alter the protective marking. 5 5 V1.0 Refer to Chapter 2 of this security guide for more information on Dissemination Limiting Markers (DLMs) and the legislative basis for particular markings 23 Information Security Guide 6 EXAMPLE 1 – OVERALL VALUE In this working example, the overall value of the information was determined to be a BIL of 2. This is based on the selection of the highest overall BIL from both stages of the assessment (confidentiality, integrity and availability): • confidentiality assessed at a BIL of 2 • integrity and availability assessed at a BIL of 1 This means that the information requires a security classification of PROTECTED with accompanying information, personnel, ICT and physical security controls being needed to protect the material. The team also need to be mindful of any legislative obligations surrounding the information, and the application of Dissemination Limiting Markers (DLMs)6 to signify this. EXAMPLE 2 – COUNTRY FIRE AUTHORITY (CFA) The Country Fire Authority (CFA) regularly publishes important information on their website notifying members of the community about fire warnings, incidents and planned burns. The CFA team are looking to publish updated material about a fire warning on their website, however prior to doing this they need to determine: 1. If the information requires a protective marking, and 2. Whether any additional security measures are required to further protect this information, beyond those established by the protective marking. Information assessment process The team conduct an initial assessment to consider what are the potential impacts, if the confidentiality of the information was compromised. This assessment will help determine the relevant impact level for this stage. A C I CONFIDENTIALITY INTEGRITY AVAILABILITY After assessing each of the consequence statements in the BIL table, limited outcomes were determined. These potential consequences identified that unauthorised release of the material could be expected to cause insignificant harm/ damage to government operations, organisations and individuals resulting in a BIL of 0. 6 24 Refer to Chapter 2 (Protective Markings) of this document for further information V1.0 Information Security Guide EXAMPLE 2 – COUNTRY FIRE AUTHORITY (CFA) Additional considerations include: Confidentiality result: • authorising environment of the agency, which had approved the content for public release (authorisation) • the information was initially created/designed for members of the public to consume (purpose), and • the agency (CFA) need to ensure all persons (public and VPS) have unrestricted access to the information presented on their corporate website (intent) In this example, a compromise to the confidentiality of the official information was assessed as a BIL of 0. Confidentiality consequences at this level, do not require a security classification. Information assessed at this level is considered ‘Unclassified’ and may be suitable as Public Domain if authorised by the CFA for unlimited public release. C I A CONFIDENTIALITY INTEGRITY AVAILABILITY The team then conduct a secondary, layered assessment to consider what potential impacts could occur if the integrity or availability of the same information was compromised. This assessment will help determine the relevant impact level for this stage. After assessing each of the consequence statements in the BIL table, multiple outcomes were identified. These outcomes took into account the need for individuals to readily access up-to-date and accurate information from the CFA website. Potential consequences included major: V1.0 • compromise of individuals personal safety and wellbeing if incorrect or out-dated information were provided on the CFA website during an emergency period (integrity concerns) • unrest or instability across the public sector and/or broader community if people consume altered or falsified information from the CFA website (integrity concerns) • members of the public unable to access critical fire warnings or incident information from the website during an emergency period, leading to the compromise of individuals personal safety and wellbeing (availability concerns) • lack of capacity to operate and deliver essential and/or emergency services, etc. (availability concerns) • reputational damage to the agency (CFA) if the corporate website is unavailable (availability concerns) 25 Information Security Guide EXAMPLE 2 – COUNTRY FIRE AUTHORITY (CFA) Integrity and Availability result: In this example the secondary, layered assessment for integrity and availability identified a BIL of 2. As this BIL is higher than the BIL identified in the initial ‘confidentiality’ assessment, additional security measures need to be considered by the CFA to protect the information on their website. These heightened security measures need to be considered as the controls for UNCLASSIFIED material do not offer suitable security for the heightened integrity and availability needs associated with the information. Note: The secondary assessment does not alter the protective marking. EXAMPLE 2 – OVERALL VALUE In this working example, the overall value of the information was determined to be a BIL of 2. This is based on a selection of the highest overall BIL from an assessment of the confidentiality, integrity and availability of the material: • confidentiality assessed at a BIL of Zero (0) • integrity and availability assessed at a BIL of 2. This means that the information does not require a protective marking as it has been assessed as Unclassified. As the information has no confidentiality restrictions, the publishing team at CFA may seek internal authorisation to publicly release this content (i.e. suitable for the Public Domain) on their corporate website. They would also then work with their security team to input appropriate controls to ensure the continued integrity and availability of this content when published on the website. This example highlights that a layered assessment is valuable in helping identify where additional security measures (ICT, personnel and physical security controls) may be required to further protect the information. These security measures are beyond those identified by the protective marking of the information. 26 V1.0 Information Security Guide Part 8 – Continuous information assessment Organisations should consciously consider the lifecycle of official information and the effect that this may have on any initial value assessments. This may be due to changes to: V1.0 • the importance of the information • age of the information • currency of the information • amount of information contained in a particular information asset (i.e. if content is added to or removed, the overall value of the information may change) • aggregation of information (e.g. when data is combined with other data sets) • information owners and owning organisations (e.g. internal organisational restructures or machinery of government activities) • information usage (e.g. the purpose for the information collection, methods of use) • internal or external circumstances that may result in a requirement to upgrade or downgrade the overall value of the information. 27 Information Security Guide Chapter 1 Appendix – Understanding Information Value7 Appendix A – Visual representation of the information assessment process STAGE 1 INFORMATION ASSESSMENT PROCESS IDENTIFY OFFICIAL INFORMATION CONSIDER IMPACTS START Identify official information Using the VPDSF BIL table7, assess the potential consequences resulting from a compromise to the confidentiality, integrity and/or availability of the information C I A CONFIDENTIALITY INTEGRITY AVAILABILITY Identify the highest consequences from the VPDSF BIL table, selecting the impact levels relating to a compromise of the confidentiality, integrity and availability of the information STAGE 2 NEGLIGIBLE LOW – MEDIUM HIGH VERY HIGH EXTREME COMPROMISE TO CONFIDENTIALITY UNCLASSIFIED (No DLM) UNCLASSIFIED (Bearing a DLM) PROTECTED SECRET CONFIDENTIAL PUBLIC DOMAIN (If authorised for limited public release) Organisations must also consider if disclosure of this information is limited or prohibited by legislation, or where special handling is required and dissemination of the information needs to be controlled. If so, the relevant DLM will need to be applied. Determine if the information requires a protective marking Security Classification | Dissemination Limiting Marker (DLM) | Caveats COMPROMISE TO INTEGRITY & AVAILABLITY If the secondary, layered assessment arrives at a higher impact level than the one identified under the initial confidentiality assessment, additional security measures may need to be applied. The secondary assessment (Integrity & Availability) does not adjust the outcome of the initial confidentiality assessment. The protective marking remains the same. STAGE 3 Additional security measures can take the form of ICT, Personnel and/or Physical security controls to further protect the information from a compromise of its integrity and/or availability. 7 28 OVERALL VALUE Confidentiality + Integrity & Availability = Apply security measures based on the overall value of the information Refer to Chapter 1 (Understanding Information Value), Appendix B (VPDSF BIL table) of this security guide for more information V1.0 V1.0 CONSEQUENCES Non-public finances CONSEQUENCES Organisation’s operating budget (impact on public finances) SUB IMPACT CATEGORY IMPACT CATEGORY 0 None Resulting in insignificant loss of < 1% of organisation’s annual operating budget Compromise of the information could be expected to cause insignificant harm/damage to government operations, organisations and individuals NEGLIGIBLE Resulting in limited financial hardship to an individual or business Resulting in major financial hardship to an individual or business Resulting in significant financial hardship to an individual or business Resulting in serious financial hardship to an individual or business Resulting in serious loss of ≥ 20% of organisation’s annual operating budget 4 Resulting in significant loss of > 15% – 20% of organisation’s annual operating budget EXTREME Resulting in major loss of > 10% – 15% of organisation’s annual operating budget 3 Resulting in limited loss of > 1% – 10% of organisation’s annual operating budget VERY HIGH Compromise of the information could be expected to cause serious harm/damage to government operations, organisations and individuals 2 Compromise of the information could be expected to cause significant harm/ damage to government operations, organisations and individuals HIGH Compromise of the information could be expected to cause major harm/damage to government operations, organisations and individuals 1 Impact Levels Compromise of the information could be expected to cause limited harm/ damage government operations, organisations and individuals LOW–MEDIUM ECONOMY AND FINANCE Appendix B – VPDSF Business Impact Level (BIL) Table Information Security Guide 29 30 CONSEQUENCES E.g. Non-compliance with legislation, commercial confidentiality and legal privilege Legal/compliance (including applicable legislation and agreements or contracts) SUB IMPACT CATEGORY IMPACT CATEGORY 0 No compliance issue or breach Compromise of the information could be expected to cause insignificant harm/damage to government operations, organisations and individuals NEGLIGIBLE legal issues • • • • • legal issues non-compliance with contracts or agreements failure of statutory duty breaches misconduct investigation managed internally • • • • • misconduct investigation managed either internally or externally breaches failure of statutory duty non-compliance with contracts or agreements Resulting in major: 2 Resulting in limited: HIGH Compromise of the information could be expected to cause major harm/damage to government operations, organisations and individuals 1 Impact Levels Compromise of the information could be expected to cause limited harm/ damage government operations, organisations and individuals LOW–MEDIUM LEGAL AND REGULATORY Appendix B – VPDSF Business Impact Level (BIL) Table 3 legal issues non-compliance with contracts or agreements failure of statutory duty breaches misconduct investigation managed either internally or externally • • • • • Resulting in significant: Compromise of the information could be expected to cause significant harm/ damage to government operations, organisations and individuals VERY HIGH 4 • • • • • misconduct investigation managed either internally or externally breaches failure of statutory duty non-compliance with contracts or agreements legal issues Resulting in serious: Compromise of the information could be expected to cause serious harm/damage to government operations, organisations and individuals EXTREME Information Security Guide V1.0 V1.0 CONSEQUENCES Injury (impact on personal safety, distress, embarrassment, identity, etc.) SUB IMPACT CATEGORY IMPACT CATEGORY 0 Resulting in insignificant harm to individual’s safety or liberty Compromise of the information could be expected to cause insignificant harm/damage to government operations, organisations and individuals NEGLIGIBLE PERSONAL Resulting in major harm to individual’s safety or liberty involving: compromise of person distress/ embarrassment of high profile person irreversible or life threatening injury direct threat to life/loss of life/ fatality • • • • compromise of person distress/ embarrassment injury (non life threatening) • • • 2 Resulting in limited harm to individual’s safety or liberty involving: HIGH Compromise of the information could be expected to cause major harm/damage to government operations, organisations and individuals 1 Impact Levels Compromise of the information could be expected to cause limited harm/ damage government operations, organisations and individuals LOW–MEDIUM Appendix B – VPDSF Business Impact Level (BIL) Table 3 a high profile individual(s), or mass gatherings of individuals ‘High profile’ – i.e. VIPs, undercover identities, Ministers etc. ‘Mass gatherings’ – i.e. major events, religious congregations/assemblies, forums, seminars • Resulting in significant harm – loss of life/ fatality involving: • Resulting in significant harm to individual’s safety or liberty involving: Compromise of the information could be expected to cause significant harm/ damage to government operations, organisations and individuals VERY HIGH 4 widespread loss of life within Victoria • ‘High profile’ – i.e. VIPs, undercover identities, Ministers etc. of a high profile individual engaged in critical activities affecting the operation of Victoria • Resulting in serious harm – loss of life/ fatality: Compromise of the information could be expected to cause serious harm/damage to government operations, organisations and individuals EXTREME Information Security Guide 31 32 CONSEQUENCES Reputation, confidence and utilisation of services (impact on party’s standing or reputation including confidence in government) SUB IMPACT CATEGORY IMPACT CATEGORY 0 (no) public concern attention from a stakeholder with no publicity routine internal reporting • • • Resulting in insignificant: Compromise of the information could be expected to cause insignificant harm/damage to government operations, organisations and individuals NEGLIGIBLE PUBLIC SERVICES loss of public confidence and trust in organisation external inquiry e.g. inquest, Parliamentary inquiry or Royal Commission mainstream media reports/negative publicity intervention of CEO/Secretary • • • • embarrassment loss of confidence in internal business unit/ group localised media interest/negative publicity specific internal reporting staff/executive suspensions • • • • • • reputational damage reputational damage reputational damage loss of public confidence and trust in organisation external inquiry e.g. inquest, Parliamentary Inquiry or Royal Commission mainstream media reports/negative publicity • • • • broad public concern • • broad public concern dissatisfaction from public • • Resulting in significant: 3 Resulting in major: VERY HIGH Resulting in limited: 2 Compromise of the information could be expected to cause significant harm/ damage to government operations, organisations and individuals HIGH Compromise of the information could be expected to cause major harm/damage to government operations, organisations and individuals 1 Impact Levels Compromise of the information could be expected to cause limited harm/ damage government operations, organisations and individuals LOW–MEDIUM Appendix B – VPDSF Business Impact Level (BIL) Table 4 • • • • • • intervention of CEO/Secretary mainstream media reports/negative publicity external inquiry e.g. inquest, Parliamentary Inquiry or Royal Commission loss of public confidence and trust in organisation reputational damage broad public concern Resulting in serious: Compromise of the information could be expected to cause serious harm/damage to government operations, organisations and individuals EXTREME Information Security Guide V1.0 V1.0 CONSEQUENCES Impact on companies operating in Victoria CONSEQUENCES Reputation, confidence and utilisation of services continues… SUB IMPACT CATEGORY IMPACT CATEGORY 0 None Compromise of the information could be expected to cause insignificant harm/damage to government operations, organisations and individuals NEGLIGIBLE 1 new internal oversight measures Resulting in limited damage to the financial viability of, or disadvantaging, a Victorian operated company • Compromise of the information could be expected to cause limited harm/ damage government operations, organisations and individuals LOW–MEDIUM PUBLIC SERVICES (CONTINUED…) Appendix B – VPDSF Business Impact Level (BIL) Table 2 3 new external oversight measures • Resulting in major damage to the financial viability of, or disadvantaging, Victorian operated company(ies) political resignations • new external oversight measures • Resulting in significant damage to the financial viability of, or disadvantaging, Victorian operated company(ies) staff/executive terminations • political resignations • persistent questions in Parliament • staff/executive terminations • intervention of CEO/Secretary • persistent questions in Parliament Compromise of the information could be expected to cause significant harm/ damage to government operations, organisations and individuals VERY HIGH • Compromise of the information could be expected to cause major harm/damage to government operations, organisations and individuals HIGH Impact Levels 4 new external oversight measures political resignations staff/executive terminations persistent questions in Parliament Resulting in serious damage to the financial viability of, or disadvantaging, Victorian operated company(ies) • • • • Compromise of the information could be expected to cause serious harm/damage to government operations, organisations and individuals EXTREME Information Security Guide 33 34 CONSEQUENCES Service delivery (impact on capacity to operate, deliver services or programs, cause inconvenience or inability to consume public service) CONSEQUENCES Impact on an organisation’s material or physical assets (beyond financial impact) SUB IMPACT CATEGORY IMPACT CATEGORY 0 Resulting in no or insignificant threat to, or disruption of business operations, systems or service delivery Resulting in insignificant damage to an organisation’s assets Compromise of the information could be expected to cause insignificant harm/damage to government operations, organisations and individuals NEGLIGIBLE Resulting in limited degradation or cessation of non-critical (essential or important) business operations, systems or services, to an extent that while the organisation can perform its primary functions, the efficiency and effectiveness of the functions is noticeably reduced or impeded Resulting in major degradation or cessation of critical (essential or important) business operations, systems or services, to an extent that the organisation cannot perform one or more of its primary functions, impeding operations Resulting in significant degradation or cessation of critical (essential or important) business operations, systems or services, to an extent that the organisation cannot perform one or more of its primary functions, impeding operations Resulting in serious degradation or cessation of critical (essential or important) business operations, systems or services, to an extent that the organisation cannot perform one or more of its primary functions, impeding operations Resulting in serious damage to an organisation’s assets 4 Resulting in significant damage to an organisation’s assets EXTREME Resulting in major damage to an organisation’s assets 3 Resulting in limited damage to an organisation’s assets VERY HIGH Compromise of the information could be expected to cause serious harm/damage to government operations, organisations and individuals 2 Compromise of the information could be expected to cause significant harm/ damage to government operations, organisations and individuals HIGH Compromise of the information could be expected to cause major harm/damage to government operations, organisations and individuals 1 Impact Levels Compromise of the information could be expected to cause limited harm/ damage government operations, organisations and individuals LOW–MEDIUM PUBLIC SERVICES (CONTINUED…) Appendix B – VPDSF Business Impact Level (BIL) Table Information Security Guide V1.0 V1.0 CONSEQUENCES Relationships with other governments (including Commonwealth, state or territory, or international) SUB IMPACT CATEGORY IMPACT CATEGORY 0 Resulting in no damage to relations between the Victorian Government and other governments Compromise of the information could be expected to cause insignificant harm/damage to government operations, organisations and individuals NEGLIGIBLE Resulting in serious damage to relations between the Victorian Government and other governments 4 Resulting in significant damage to relations between the Victorian Government and other governments EXTREME Resulting in major damage to relations between the Victorian Government and other governments 3 Resulting in limited damage to relations between the Victorian Government and other governments VERY HIGH Compromise of the information could be expected to cause serious harm/damage to government operations, organisations and individuals 2 Compromise of the information could be expected to cause significant harm/ damage to government operations, organisations and individuals HIGH Compromise of the information could be expected to cause major harm/damage to government operations, organisations and individuals 1 Impact Levels Compromise of the information could be expected to cause limited harm/ damage government operations, organisations and individuals LOW–MEDIUM PUBLIC SERVICES (CONTINUED…) Appendix B – VPDSF Business Impact Level (BIL) Table Information Security Guide 35 36 CONSEQUENCES Provision of emergency services SUB IMPACT CATEGORY IMPACT CATEGORY 0 None Compromise of the information could be expected to cause insignificant harm/damage to government operations, organisations and individuals NEGLIGIBLE 1 Resulting in limited disruption to emergency service activities requiring reprioritisation at the local levels to meet expected levels of service Compromise of the information could be expected to cause limited harm/ damage government operations, organisations and individuals LOW–MEDIUM Resulting in serious disruption to emergency service activities requiring reprioritisation at the State or national levels to meet expected levels of service 4 Resulting in significant disruption to emergency service activities requiring reprioritisation at the State or national levels to meet expected levels of service EXTREME Resulting in major disruption to emergency service activities requiring reprioritisation at the State level to meet expected levels of service 3 Compromise of the information could be expected to cause serious harm/damage to government operations, organisations and individuals VERY HIGH Compromise of the information could be expected to cause significant harm/ damage to government operations, organisations and individuals 2 Compromise of the information could be expected to cause major harm/damage to government operations, organisations and individuals HIGH Impact Levels PUBLIC ORDER, PUBLIC SAFETY AND LAW ENFORCEMENT Appendix B – VPDSF Business Impact Level (BIL) Table Information Security Guide V1.0 V1.0 CONSEQUENCES Crime fighting SUB IMPACT CATEGORY IMPACT CATEGORY 0 Resulting in insignificant damage to crime fighting Compromise of the information could be expected to cause insignificant harm/damage to government operations, organisations and individuals NEGLIGIBLE • • • hindering the detection of, impeding the investigation, or facilitating the commission of a summary offence • • • facilitating the commission of an indictable offence impeding the investigation, or hindering the detection of, Resulting in major damage to crime fighting including: 2 Resulting in limited damage to crime fighting including: HIGH Compromise of the information could be expected to cause major harm/damage to government operations, organisations and individuals 1 Compromise of the information could be expected to cause limited harm/ damage government operations, organisations and individuals LOW–MEDIUM Impact Levels 3 facilitating the commission of a serious indictable offence impeding the investigation, or hindering the detection of, * indictable offences including but not limited to ‘organised crime’ offences • • • Resulting in significant damage to crime fighting including: Compromise of the information could be expected to cause significant harm/ damage to government operations, organisations and individuals VERY HIGH PUBLIC ORDER, PUBLIC SAFETY AND LAW ENFORCEMENT (CONTINUED…) Appendix B – VPDSF Business Impact Level (BIL) Table 4 facilitating the commission of a serious indictable offence impeding the investigation, or hindering the detection of, * indictable offences including but not limited to serious ‘organised crime’ offences across jurisdictions, terrorist activities, etc. • • • Resulting in serious damage to crime fighting including: Compromise of the information could be expected to cause serious harm/damage to government operations, organisations and individuals EXTREME Information Security Guide 37 38 CONSEQUENCES None Judicial proceedings 0 SUB IMPACT CATEGORY NEGLIGIBLE 1 collapse of a summary prosecution a conviction for a summary offence declared ‘unsafe’ or referred for appeal • • * Unsafe commonly known as a miscarriage of justice impairment to judicial operations overseeing summary offences • Resulting in limited damage to judicial proceedings including: Compromise of the information could be expected to cause limited harm/ damage government operations, organisations and individuals LOW–MEDIUM 2 collapse of an indictable prosecution a conviction for an indictable offence declared ‘unsafe’ or referred for appeal • • * Unsafe commonly known as a miscarriage of justice damage to the State judicial system overseeing indictable offences • Resulting in major damage to judicial proceedings including: Compromise of the information could be expected to cause major harm/damage to government operations, organisations and individuals HIGH Impact Levels 3 a conviction for a serious indictable offence declared ‘unsafe’ or referred for appeal collapse of a serious indictable prosecution damage to the judicial system overseeing serious indictable offences * Unsafe commonly known as a miscarriage of justice • • • Resulting in significant damage to judicial proceedings including: Compromise of the information could be expected to cause significant harm/ damage to government operations, organisations and individuals VERY HIGH PUBLIC ORDER, PUBLIC SAFETY AND LAW ENFORCEMENT (CONTINUED…) Compromise of the information could be expected to cause insignificant harm/damage to government operations, organisations and individuals IMPACT CATEGORY Appendix B – VPDSF Business Impact Level (BIL) Table 4 a conviction for a serious indictable offence declared ‘unsafe’ collapse of a serious indictable prosecution damage to the judicial system overseeing serious indictable offences * Unsafe commonly known as a miscarriage of justice • • • Resulting in serious damage to judicial proceedings including: Compromise of the information could be expected to cause serious harm/damage to government operations, organisations and individuals EXTREME Information Security Guide V1.0 V1.0 Public unrest/order SUB IMPACT CATEGORY IMPACT CATEGORY 0 None/No disruption to community Compromise of the information could be expected to cause insignificant harm/damage to government operations, organisations and individuals NEGLIGIBLE 1 2 • • damage to public order disruption to community • disruption to community damage to public order Resulting in major: Compromise of the information could be expected to cause major harm/damage to government operations, organisations and individuals HIGH • Resulting in limited: Compromise of the information could be expected to cause limited harm/ damage government operations, organisations and individuals LOW–MEDIUM Impact Levels 3 damage to public order (e.g. riots) disruption to community • • Resulting in significant: Compromise of the information could be expected to cause significant harm/ damage to government operations, organisations and individuals VERY HIGH PUBLIC ORDER, PUBLIC SAFETY AND LAW ENFORCEMENT (CONTINUED…) Appendix B – VPDSF Business Impact Level (BIL) Table 4 • • disruption to community damage to public order (e.g. riots) Resulting in serious: Compromise of the information could be expected to cause serious harm/damage to government operations, organisations and individuals EXTREME Information Security Guide 39 40 Protective Marking SUB IMPACT CATEGORY IMPACT CATEGORY 0 Information assessed at this level, requires authorisation for unlimited public release and confirmed as PUBLIC DOMAIN UNCLASSIFIED Compromise of the information could be expected to cause insignificant harm/damage to government operations, organisations and individuals NEGLIGIBLE For Official Use Only Sensitive (including legislative reference) Sensitive: Personal Sensitive: Legal Sensitive: VIC Cabinet • • • • • • Sensitive: Legal • Sensitive: VIC Cabinet • Sensitive: Personal • • Sensitive: VIC Cabinet Sensitive: Legal Sensitive: Personal Sensitive (including legislative reference) Dissemination Limiting Marker (DLM) options at this level include CONFIDENTIAL Sensitive (including legislative reference) • 3 Compromise of the information could be expected to cause significant harm/ damage to government operations, organisations and individuals VERY HIGH • Dissemination Limiting Marker (DLM) options at this level include: Dissemination Limiting Marker (DLM) options at this level include: • PROTECTED 2 UNCLASSIFIED bearing a DLM HIGH Compromise of the information could be expected to cause major harm/damage to government operations, organisations and individuals 1 Impact Levels Compromise of the information could be expected to cause limited harm/ damage government operations, organisations and individuals LOW–MEDIUM PROTECTIVE MARKING Appendix B – VPDSF Business Impact Level (BIL) Table 4 • • • • Sensitive: VIC Cabinet Sensitive: Legal Sensitive: Personal Sensitive (including legislative reference) Dissemination Limiting Marker (DLM) options at this level include: SECRET Compromise of the information could be expected to cause serious harm/damage to government operations, organisations and individuals EXTREME Information Security Guide V1.0 V1.0 Harm refers to an impact on a person whereas damage refer to an impact on an asset For impacts of a ‘National Interest’ refer to the Australian Government Business Impact Levels outlined in the PSPF Protective markings only relate to confidentiality, there is no equivalent set of ‘protective markings’ for integrity or availability, however the business impact level table should be used to determine the impact to integrity and availability of information to support the required controls to protect the information. • • • Please note: Appendix B – VPDSF Business Impact Level (BIL) Table Information Security Guide 41 Information Security Guide Chapter 2 – Protective Markings Part 1 – Purpose This chapter aims to assist Victorian public sector organisations in understanding: • what information requires a protective marking • what protective markings are • the definitions that underpin each protective marking • the benefits of using protective markings. Part 2 – Introduction What information requires a Protective Marking? Information falls into two broad informal categories: OFFICIAL INFORMATION Official information means any information (including personal information) obtained, generated, received or held by or for a Victorian public sector organisation for an official purpose or supporting official activities. This includes both hard and soft copy information, regardless of media or format. UNOFFICIAL INFORMATION In contrast, unofficial information is any information that has no relation to official activities, such as a personal correspondence. Unofficial information does not need to undergo an information assessment process and must not be labelled with a protective marking. Not all official information will require a protective marking, however other security measures may still be required to protect the integrity and availability of this material. May require a protective marking 42 Must not be labelled with a protective marking V1.0 Information Security Guide What are the benefits of using protective markings? Consistent use of protective markings, coupled with the adoption of appropriate security measures, enhances Victorian Government’s ability to conduct business in a secure and effective manner. Protective markings act as an important visual signal to anyone using or accessing the material, as to the minimum security obligations that accompany that official information. Part 3 – What are protective markings? Protective markings are security labels assigned to official information. They signify the confidentiality requirements of official information, determined via an information assessment using the VPDSF BIL table8. Protective markings inform the minimum level of protection to be provided throughout the information lifecycle (e.g. during the use, storage, transmission/transfer and disposal). VPDSF Protective Markings Under the VPDSF, the following types of protective markings are recognised: VPDSF PROTECTIVE MARKINGS Dissemination Limiting Markers (DLMs) Security Classifications Caveats • For Official Use Only • PROTECTED • Eyes Only • Sensitive: ‘XXX’ (refer relevant secrecy provisions or specific provisions within enactments) • CONFIDENTIAL • Releasable to • SECRET • Special handling • TOP SECRET • Accountable material • Organisation specific caveats • Sensitive: Legal • Sensitive: Personal • Sensitive: VIC Cabinet 9 9 8 9 V1.0 Organisations should refer to Chapter 1 (Understanding Information Value) of this security guide, which provides instructions around the information assessment process, and further guidance on determining what material requires a protective marking. The security classification of TOP SECRET is not referenced as an available protective marking for use under the VPDSF. Please refer to the Commonwealth Protective Security Policy Framework (PSPF) for more information. 43 Information Security Guide Part 4 – Protective markings scheme (Victoria) Dissemination Limiting Markers (DLMs) DLMs are protective markings that indicate to users that access to that material should be limited. DLMs are to be used where: • disclosure of official information is limited or prohibited by legislation • special handling of the information is required • dissemination of the information needs to be controlled.10 Depending on the content, some information may require multiple DLMs. In these instances, organisations should stack each required DLM on the information. Certain DLMs can be used in conjunction with security classifications, depending on the confidentiality requirements of the information. A visual representation of the protective marking relationships is captured in Appendix C of this security guide. Within Victorian Government, the following DLMs are used. Some of these DLMs may vary from those at the Commonwealth level11. DLM BASIS FOR MARKING For Official Use Only (FOUO) To be applied to official information that requires some form of protection. Sensitive ‘XXX’ (‘XXX’ - Refer to relevant secrecy provisions or specific provisions within enactments) Sensitive: Legal Compromise of this information may cause limited harm/damage to government operations, organisations and individuals. • ‘For Official Use Only’ must not be applied to security classified information. • ‘For Official Use Only’ is only suitable for use on Unclassified material. To be applied to official information where secrecy provisions or enactments may apply to the content, or where disclosure of the material may be limited or prohibited under legislation. Organisations must identify the reason for the ‘Sensitive’ marking (this can be captured in a footer or on the front cover of the information) as well as any additional handling requirements resulting from the marking. ‘Sensitive’ can be used in conjunction with either security classified information or Unclassified material. To be applied to information that may be subject to legal professional privilege. ‘Sensitive: Legal’ can be used in conjunction with either security classified information or Unclassified material. 10 Refer Appendix C – Relationship between Protective Markings 11 For more information on the Commonwealth protective marking scheme, refer to the Protective Security Policy Framework (PSPF) at https://www.protectivesecurity.gov.au 44 V1.0 Information Security Guide DLM BASIS FOR MARKING Sensitive: Personal To be applied to information containing sensitive personal content. The basis for this marking under the VPDSF, is drawn from the definition of ‘sensitive information’ under Schedule 1 of the Privacy and Data Protection Act (2015) which states: Sensitive information means information or an opinion about an individual’s: a) racial or ethnic origin; or b) political opinions; or c) membership of a political association; or d) religious beliefs or affiliations; or e) philosophical beliefs; or f) membership of a professional or trade association; or g) membership of a trade union; or h) sexual preferences or practices; or i) criminal record, that is also personal information. ‘Sensitive: Personal’ can be used in conjunction with either security classified or unclassified information. Sensitive: VIC Cabinet All documents prepared for consideration by Victorian Cabinet, including those in draft are, at a minimum, to be labelled with the DLM of ‘Sensitive: VIC Cabinet’* This protective marking is to be applied to all Victorian Cabinet information, including but not limited to: • any document including but not limited to business lists, minutes, submissions, memoranda • and matters without submission that is or has been: • • submitted or proposed to be submitted to Victorian Cabinet, or • official records of Victorian Cabinet any other information that would reveal: • the deliberations or decisions of Victorian Cabinet, or • matters submitted, or proposed to be submitted to Victorian Cabinet. * All official information must be assessed on its individual merits. Some Victorian Cabinet information may require additional protective markings, in conjunction with the minimum labelling of Sensitive: VIC Cabinet12. 12 Organisations should refer to Chapter 1 (Understanding Information Value) of this security guide for instructions of this Security Guide for instruction on how to assess information on its individual merits V1.0 45 Information Security Guide Victorian Cabinet documentation Information used by Victorian Cabinet to formulate policy and make decisions require special protective security controls. This is because Cabinet material (unlike other official information) belongs to the particular governments that create them. They are integral to the process by which governments make decisions and they constitute the record of those decisions. A new Victorian specific DLM has now been established to reflect Victorian Cabinet requirements, and distinguish Cabinet material generated at the Commonwealth level. All documents prepared for consideration by Victorian Cabinet, including those in draft are, at a minimum, to be labelled with the DLM of ‘Sensitive: VIC Cabinet’. Originators should still assess the contents of the document using the VPDSF BIL table to determine the value of the information and whether additional protective markings (including security classifications) are also required to further protect the information. See the Victorian Government Cabinet Handbook for more information on this material. Security classifications A security classification identifies the confidentiality requirements of the information. Information marked with a security classification has been through the information assessment process and has achieved a BIL of 2 or above13. There are three security classifications used within Victorian Government. They are: PROTECTED CONFIDENTIAL SECRET TOP SECRET These security classifications reflect the operating requirements of Victorian Government and align with the Commonwealth Protective Security Policy Framework (PSPF) classification scheme. 13 46 Refer to Chapter 1 (Understanding Information Value) of this security guide for more information V1.0 Information Security Guide SECURITY CLASSIFICATION NEGLIGIBLE LOWPROTECTED – MEDIUM HIGH BASIS FOR THE SECURITY CLASSIFICATION The security classification of PROTECTED is used when the compromise of the confidentiality of the information could be expected to cause major harm/damage to government operations, organisations and individuals. SECRET VERY HIGH EXTREME CONFIDENTIAL TOP SECRET P Information marked at PROTECTED has been through the information assessment process and has achieved a BIL of 214. LOW – MEDIUM NEGLIGIBLE PROTECTED HIGH VERY HIGH CONFIDENTIAL The security classification of CONFIDENTIAL is used when compromise of the confidentiality of the information could be expected to cause significant harm/damage to government PUBLIC DOMAIN (If authorised for EXTREME operations, individuals. SECRETorganisations and TOP SECRET unlimited public the release) UN (B Information marked at CONFIDENTIAL has been through information assessment process and has achieved a BIL of 315. HIGH LOW – MEDIUM CONFIDENTIAL VERY SECRET HIGH EXTREME The security classification of SECRET is used when the compromise of the confidentiality of the information could be expected to cause serious harm/damage to government operations, organisations and PUBLIC DOMAIN UNCLASSIFIED (If authorised for individuals. TOP SECRET (Bearing a DLM) unlimited public SECRET hasrelease) been through Information marked at the information assessment process and has achieved a BIL of 416. PSPF SECRET TOP SECRET The security classification of TOP SECRET is not referenced as an available protective marking for use under the VPDSF. PUBLIC DOMAIN TOP SECRET is reserved forUNCLASSIFIED matters requiring the highest degree UNCLASSIFIED (If authorised for (Bearing a DLM) (No DLM) of protection and for information that has the potential to impact unlimited public nationalrelease) interest. For more information on TOP SECRET material, refer to the Commonwealth Protective Security Policy Framework (PSPF). 14 Refer to Chapter 1 (Understanding Information Value), Appendix B (VPDSF BIL table) of this security guide for more information. 15 As above 16 As above V1.0 47 UN Information Security Guide Unclassified information Unclassified is not recognised as a protective marking and is not to be applied to security classified information. Under the VPDSF, there are two types of Unclassified information. • Unclassified with a DLM (U/D), and • Unclassified material without a DLM (U). • PUBLIC DOMAIN (If authorised for unlimited public release) UNCLASSIFIED (Bearing a DLM) Unclassified /DLM (U/D) is a description given to information of which compromise to the confidentiality of the material would be expected to cause limited harm or damage UNCLASSIFIED • (No Unclassified material assessed at a BIL of 1 must be used in DLM) conjunction with a DLM or caveat. • • UNCLASSIFIED UNCLASSIFIED (Bearing a DLM) (No DLM) Information assessed as this level requires a DLM or caveat to be marked on the information Unclassified without a DLM (U) is a description given to information of which compromise to the confidentiality of the material would not be expected to cause harm or damage. • Unclassified information has achieved a BIL of zero (0)17, but has not been approved for unlimited public release. • Information assessed at this level may be labelled UNCLASSIFIED or left unmarked, in accordance with the organisation’s internal policies and procedures.18 Public Domain PUBLIC DOMAIN TOP SECRET (If authorised for unlimited public release) ‘Public Domain’ is not a protective marking. It is a term used to describe material has been approved for unlimited public release, in accordance with the authorising environment of the originating organisation. UNCLASSIFIED UNCLASSIFIED (Bearing a DLM) DLM) Information assessed at this level(No may be labelled PUBLIC DOMAIN or left unmarked, in accordance with the organisation’s internal policies and procedures. 17 As above 18 It is recommended that organisations consider applying UNCLASSIFIED to their material once it has been formally assessed to reduce confusion with information that is yet to be assessed or protectively marked. 48 V1.0 Information Security Guide Non-standard markings Protective markings outside those established under the VPDSF are considered ‘non-standard markings’. These markings are prohibited for use within Victorian public sector organisations, as the application of these markings undermine information-sharing and introduce unwarranted complexity when determining what security controls are required to protect the material at a particular level. Caveats Caveats indicate that official information has special requirements in addition to those identified by a DLM or security classification to further restrict access to the material. Caveats are used in conjunction with the appropriate DLM or security classification and are not stand-alone protective markings. Caveats cannot be applied to ‘Unclassified’ material. Access to caveat material is only available to those who hold an appropriately screened and have been briefed about the value of the particular information19. There are three layers of caveats available: • Commonwealth level – most commonly found on material relating to information impacting the national interest (national security)20 • Whole of Victoria Government (WoVG) level – authorised caveats only (see table below) • Organisation specific – internal application and use only Some organisations may need to use caveats when disseminating information across Victorian Government. The following caveats have been authorised for use within Victorian Government: VICTORIAN CAVEATS Eyes Only (EO) BASIS FOR THE CAVEAT The ‘Eyes Only’ marking indicates that access to information is restricted to certain: • Roles (e.g. Ministers), • Entities (e.g. Independent Broad-based Anti-Corruption Commission), or • where employees are engaged in sensitive interagency projects (e.g. highly sensitive joint projects between Victoria Police and Corrections Victoria personnel) Any information marked ‘Eyes Only’ cannot be passed to or access by those who are not listed in the marking. Releasable to The caveat ‘releasable to’ identifies information that has been released or is releasable to the indicated body or group. 19 Material marked with a caveat is not subject to any policy exceptions. Prior agreement must be sought from the originator if the caveat of the requires alteration or removal. 20 Refer to the Commonwealth Protective Security Policy Framework (PSPF) for more information on caveats for information impacting the national interest (National Security) V1.0 49 Information Security Guide VICTORIAN CAVEATS BASIS FOR THE CAVEAT Special handling caveat A special-handling caveat is a collection of various indicators such as operation codewords, instructions to use particular communications channels and EXCLUSIVE FOR (named person). Accountable material If strict control over access to, and movement of, particularly sensitive information is required, originators can make this information ‘Accountable Material’. What constitutes ‘Accountable Material’ will vary from organisation to organisation, but could include Budget papers, tender documents and sensitive ministerial briefing documents. Accountable documents are subject to strict conditions including labelling, individual reference and copy numbers, warnings relating to copy restrictions, transfer, receipting and registration of the material. Organisation specific caveats Organisation specific caveats can only be used within the agency or body. Official information bearing a caveat that has originated at the organisation level must be re-labelled or appropriate procedures agreed before release, transmission or transfer outside the originating agency and body. 50 V1.0 Information Security Guide Part 5 – Protectively marked material from another organisation It is essential that users understand and respect the protective marking applied by the originator of the information. This includes information generated by: • Local Council/Shire • State or Territory agency • Commonwealth department/agencies • Foreign Government • Private industry If an organisation receives information labelled with an unfamiliar protective marking, they should contact the originator of that material as they as there may be specific security obligations imposed by that marking. Commonwealth information The PSPF includes additional protective markings available for use by Commonwealth departments/ agencies. It is unlikely that these protective markings will be used by Victorian public sector organisations, however on the rare occasion that this may be required, organisations should refer to the PSPF for further information21. State or Territory information Where another State or Territory has generated information and applies a protective marking, the marking and any accompanying security measures must be respected by the receiving organisation in Victoria. Appendix D of this security guide provides an outline of the most common protective markings employed by each State and Territory. Foreign Government information Where security classified information is provided under a bilateral agreement, foreign government information (FGI) is to be given the equivalent protective marking. For more information, refer to the FGI instructions under the PSPF22. Private industry Information produced by a private sector organisation may not bear a protective marking, but it may bear include a commercial label (e.g. Commercial in Confidence). Recipients of this material should contact the originator of the information to help determine the appropriate protective marking (and clarify if there are any additional security conditions) for the information, once it is transferred into the custody of a Victorian public sector organisation. 21 Examples may include where a Victorian public sector organisation may be dealing with information with the potential to impact the national interest. In these instances, organisations should refer to the requirements set out in the Commonwealth Protective Security Policy Framework (PSPF) – https://www.protectivesecurity.gov.au/ 22 As above V1.0 51 Information Security Guide Where private industry generates information for a Victorian public sector organisation, they are to refer to the engaging organisation’s protective marking requirements. Part 6 – Legacy classified information Official information that has been protectively marked under a former security classification or protective marking scheme23 is now referred to as ‘legacy’ information or ‘legacy classified information’. Only official information that is being actively used by a Victorian public sector organisation needs to undergo an updated information assessment. This updated assessment will help organisations reclassify the information under the new protective marking scheme of the VPDSF. Chapter 1 – Understanding Information Value of this security guide, outlines the information assessment process that organisations are expected to use, to determine the likely impact arising from a compromise to the confidentiality, integrity and availability of official information. Any information not being actively used or has been archived, does not require a re-assessment under the new protective marking scheme. This information can retain its former security classification or protective marking. Sample legacy markings may include: 52 • In-Confidence or X-In-Confidence (including Cabinet-In-Confidence) • Restricted • Highly Protected 23 Examples include the Protective Security Manual [PSM], Whole of Victorian Government [WoVG] Security Standards V1.0 CONFIDENTIAL TOP SECRET UNCLASSIFIED TOP SECRET (Bearing a DLM) PUBLIC DOMAIN CAVEATS (To be used where disclosure is limited or prohibited under legislation. Replace ‘XXX’ with relevant secrecy provision or enactment.) Sensitive ‘XXX’ Sensitive: VIC Cabinet Sensitive: Legal Sensitive: Personal For Official Use Only (FOUO) unlimited public release) PUBLIC DOMAIN (IfSECRET authorised for (PUBLIC DOMAIN only once the information is authorised for unlimited public release) (No DLM) public unlimited release) PUBLIC DOMAIN UNCLASSIFIED (If authorised for (Information must be first declassified) (Bearing a DLM) UNCLASSIFIED Appendix C – Relationship between Protective Markings DLM DLM WITH A LEGISLATIVE BASIS V1.0 (Information must be first declassified) UNCLASSIFIED PROTECTED PROTECTED PROTECTED (No DLM) (Information must be first declassified) CONFIDENTIAL CONFIDENTIAL CONFIDENTIAL Security Classifications (Information must be first declassified) SECRET SECRET SECRET TOP TOP TOP SECRET SECRET SECRET (If(Ifauthorised (Ifauthorised authorised fof unlimited unlimited unlimited publi publ pu release) release) release) PUBLIC PUBLIC PUBLIC DOMA DOM DO Information Security Guide Chapter 2 Appendix – Protective Markings 53 Information Security Guide Appendix D – Common protective markings employed by each State and Territory JURISDICTIONAL PROTECTIVE MARKINGS OTHER MARKINGS TOP SECRET SECRET CONFIDENTIAL PROTECTED UNCLASSIFIED bearing a DLM of: UNCLASSIFIED (bearing no DLM) Sensitive Sensitive: Legal Sensitive: Personal Sensitive: Cabinet For Official Use Only CAVEATS (Refer to PSPF for a full list of available Caveats) SECRET CONFIDENTIAL PROTECTED UNCLASSIFIED bearing a DLM of: CAVEATS (Refer to PSPF for a full list of available Caveats) CLASSIFICATIONS Commonwealth (Cmth) New South Wales (NSW) South Australia (SA) 54 DISSEMINATION LIMITING MARKERS (DLMS) JURISDICTION Victoria (VIC) REFERENCE TABLE Sensitive Sensitive: Legal Sensitive: Personal Sensitive: VIC Cabinet For Official Use Only TOP SECRET SECRET CONFIDENTIAL PROTECTED UNCLASSIFIED bearing a DLM of: TOP SECRET SECRET CONFIDENTIAL PROTECTED UNCLASSIFIED bearing a DLM of: UNCLASSIFIED (bearing no DLM) Public Domain* (*If approved for unlimited public release) Sensitive Sensitive: Legal Sensitive: Personal Sensitive: NSW Cabinet For Official Use Only PUBLIC Sensitive Sensitive: Legal Sensitive: Personal Sensitive: SA Cabinet For Official Use Only V1.0 Information Security Guide JURISDICTIONAL PROTECTIVE MARKINGS DISSEMINATION LIMITING MARKERS (DLMS) OTHER MARKINGS JURISDICTION CLASSIFICATIONS Northern Territory (NT) HIGHLY PROTECTED PROTECTED Western Australia (WA) TOP SECRET SECRET CONFIDENTIAL HIGHLY PROTECTED PROTECTED Queensland (QLD) TOP SECRET SECRET CONFIDENTIAL HIGHLY PROTECTED PROTECTED UNCLASSIFIED bearing a DLM of: TOP SECRET SECRET CONFIDENTIAL PROTECTED UNCLASSIFIED bearing a DLM of: UNCLASSIFIED (bearing no DLM) Sensitive Sensitive: Legal Sensitive: Personal Sensitive: Cabinet For Official Use Only CAVEATS (Refer to PSPF for a full list of available Caveats) HIGHLY PROTECTED PROTECTED X-In-Confidence UNCLASSIFIED (bearing no DLM) PUBLIC Australian Capital Territory (ACT) Tasmania (TAS) V1.0 REFERENCE TABLE In-Confidence Sensitive Sensitive: Legal Sensitive: Personal Sensitive: Cabinet For Official Use Only 55
© Copyright 2024 Paperzz