1 / 10

ISfL Protective Marking methodology

ISfL Protective Marking methodology. July 2010. Local Government Data Handling Guidelines. Ensure all staff are trained, updated and aware of their responsibilities Undertake regular risk reviews of all processes and procedures

penha
Download Presentation

ISfL Protective Marking methodology

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. ISfL Protective Marking methodology July 2010

  2. Local Government Data Handling Guidelines Ensure all staff are trained, updated and aware of their responsibilities Undertake regular risk reviews of all processes and procedures Ensure all key information assets are classified and are resilient

  3. Code of Connection 3.2: Employees of the organisation who handle information carrying a protective marking of RESTRICTED MUST be made of aware of the impact of loss of such material and the actions to take in the event of any loss. 4.1: The mail client or user adds security labels to each email that carries a protective marking of PROTECT or higher

  4. The problem • Requires specialist knowledge • Tendency to over classify • Perceived as an onerous task by the business • Divorced from handling • Impact assessment – scale too large

  5. HMG Infosec Standard No. 1 - Business Impact Table • Impact on life and safety  • Impact on political stability • Impact on military operations • Impact on foreign relations • Impact on intelligence operations

  6. ISfL methodology • Based on content • Platinum, Gold and Silver • Threshold scores • Allows scaling in PROTECT [P1, P2] • Flexibility to review • Does not require specialist knowledge

  7. ISfL methodology – Gold = 3 points • Name • Address • DOB • National identifier e.g. NI number, NHS number, Passport number, Driving licence • Individual bank or financial details • Police record or Community Safety client • Record of benefits [DWP or LA] • Case event e.g. referral, assessment, investigation, planning or review of services • Corporate financial details that will not form part of public documents or records

  8. ISfL methodology – Silver = 2 points • S1 Photograph of person • S2 Employment details • S3 In receipt of specific personal council services e.g. home care • S4 Legal documents including tenancy agreements, commercial contract or property details • S5 Trading standards investigations and reports • S6 Telephone number and/or email address • S7 Corporate financial details prior to them forming part of public documents or records • S8 Marital status or sexual orientation if not recorded in G8

  9. Current status • Discussions with CESG • Internal ISfL discussions • Bromley undertaking PoC with version 2 • Data handling guide being produced

  10. Issues • One system as long as it is mine • Threshold score • All starting from a different point • What is the difference in handling? • Purist v Pragmatist

More Related