User Manual
Introduction
The Information Security Regulation presents the minimum requirements for information security controls and is applicable to all Government Entities, including but not limited to employees, consultants, contractors and visitors who are not employed by the government but are engaged with it through various means. Furthermore the regulation applies to any government information regardless of its type and medium (e.g. Printed, Electronic and Non Electronic Verbal, Written, etc.), therefore, Government Entities are expected to implement this regulation in their entire entity and not to limit it to Information Technology (IT) divisions/departments only.
The scope of the government information assets must consider all the information processing facilities and components, which may include the following components or few of them:
Storage (electronics storage device; logical and physical, paper documents, etc.)
Infrastructure (hardware, applications, networks, etc.)
Organizational (processes, policies, etc.)
Personnel (administrators, employees, visitors, etc.)
Information Security Regulations (ISR)
We considers information, business process, and information systems among its most critical business assets, which require protection from unauthorized access, modification, disclosure or destruction.
The information Security Regulation is broken down into twelve domains. Each domain takes into
consideration one or more major classes of information security: Governance, Operation, and Assurance.
The Governance domains set high-level requirements for structuring and managing information security.
The Operation domains are technical or non-technical solutions an entity may use depending on the results of their risk assessment study. The Assurance domains act as the quality assurance for the entity,
ensuring that the implemented solution is working as intended. We are therefore committed to protect all our information assets against all threats, actual or potential, internal or external, deliberate or not.
In line with this, we also support and comply with the Information Security Regulation (ISR) pursuant to Executive Council about Government Information Security Regulation as stated earlier. The Information Security Steering Committee, in various capacities, responsible for maintaining the policies & procedures and providing support and advice during the implementation. All managers are also directly responsible for the implementation of the following Information Security
Domains policies and procedures. And ensuring mandatory compliance by employees concerned in their respective departments and external parties they deal with.
Information Security Regulation Structure
The information Security Regulation is broken down into twelve domains. Each domain takes into consideration one or more major classes of information security: Governance, Operation, and Assurance.
The Governance domains set high-level requirements for structuring and managing information security.
The Operation domains are technical and/or non-technical solutions an entity may use depending on the results of their risk. The Assurance domains act as the quality assurance for the entity, ensuring that the implemented solution is working as intended.
Thanks for Read,
Please "SHARE" our post that your friends can read and learn and "COMMENT" us so that we can make our blog beautiful.
Please Follow us.
Facebook Profile
Google+
facebook Page
Youtube
No comments:
Post a Comment