Information & Communication Technology: system security
Information and communication technology (ICT) security measures are necessary to protect confidential information from unauthorized use, modification, loss or release. Organizations install system security to ensure data privacy and confidentiality in an organization.
System Security
Organizations also need to implement security policies as a form of administrative control. In fact, these policies should really be a starting point in developing an overall system security. Additionally, good information-security policy lays out the guidelines for employee use of the information resources of the company. Consequently, it provides the company recourse in the case that an employee violates a policy.
The following three key elements of an effective Information Communication Technology security system include:
- Monitoring and controlling access to confidential information
- Safe transmission of data
- Secure storage and disposal of data
Monitoring and controlling access to confidential information
A fundamental principle of protective security system is to ensure access to information that the government holds in trust is on a need-to-know basis only. Australian Government Protective Security Policy Framework outlines a number of technical security measures. These measures monitor and control access to confidential information. In addition, the following Commonwealth data measures apply for all data integration projects that:
- Assignment of unique personal identification code and a secure means of authentication for system access.
- User accounts, access rights and security authorizations managed through an accountable system or records management process.
- Protocols that ensure access rights are not shared with or provided to others.
- Audit trails that include date and user identification to track and monitor access to systems and data and how they are used.
- Control mechanisms to prevent unauthorized access, deletion, modification, duplication, printing or transmission of files.
- Systems maintenance plans that provide adequate ongoing resources for security upgrades.
Safe transmission of data
The safe transmission of data, including source data, linkage keys, as well as that associated with remote or electronic access to integrated datasets, is a primary consideration for data integration projects. The following security system measures for the transmission of data are essential for all data linkage projects:
- A secure internet gateway. Australian Signals Directorate should annually review high risk projects gateway .
- Encryption of all electronic data transfer to restrict access to information to authorized users and prevent deciphering of intercepted information. In addition, Electronic data transfer should only occur where there is a secure internet gateway.
- Use of a courier, if there are technical, security or other reasons that restrict the transfer of data electronically. further, disc or other media medium information should be encrypted.
Secure storage and disposal of data
Australian government holds trust of integrated data security, storage and disposal. However, there are some additional considerations that apply for data integration projects in managing linkage keys and the confidentiality of the combined data. The integrating authority is responsible for the ongoing storage or destruction of the integrated dataset.