8: Security and Web 2.0
Provide guidance to agencies on the appropriate mitigation treatments that could be adopted to address concerns or exposures
identified in relation to the use of social networking and related tools.
Other Information:
The Defence Signals Directorate (DSD) should provide guidance to agencies on the appropriate mitigation treatments that could
be adopted to address concerns or exposures identified in relation to the use of social networking and related tools. This
guidance is to take into consideration the different environments that agencies operate in, the varying risk profiles that
exist and the range of tools that may be used. DSD should update the Information Security Manual (ISM) accordingly. The lead
agency, in conjunction with DSD, should develop a Better Practice Guide (or “how to guide”) to assist agencies in the effective,
efficient and secure use of Web 2.0 tools and how to undertake associated risk assessment. Sensitive and National Security
data requires special consideration in the context of PSI. To ensure consistency between PSI arrangements in the future and
the proposed changes to the FOI Act, the proposed new Office of the Information Commissioner should provide advice to agencies
in relation to the treatment of PSI to enable its broadest possible release. Consistent with good practice, and the requirements
of the Protective Security Manual (PSM), agencies must avoid the over classification of data so as to limit the need to review
or pre-process data to enable its release.
Objective(s):
|
