SlideShare a Scribd company logo

Information Security

Download as PPT, PDF
H
haneefvf1

This document provides an overview of an employee's responsibilities regarding information security as a government of Canada employee. It discusses classifying documents as protected or classified based on the potential harm if compromised. It also covers marking documents with security classifications, appropriate storage and handling of sensitive materials, distributing information on a need-to-know basis, removing classifications when no longer needed, and destroying materials securely. The document aims to ensure employees are aware of proper processes for managing sensitive information throughout its lifecycle within the government.

Business
1 of 38
Information Security
Your responsibilities as a Government of Canada employee
AT THE END OF THIS MODULE YOU WILL: • Be aware of your responsibilities with respect to information security. • Be able to decide what protection or classification is appropriate for your information. • Understand how to mark sensitive documents. • Be able to make appropriate choices for the storage of sensitive materials. • Know the appropriate methods of communication and destruction of sensitive materials. • Understand the importance of removing or changing the level of protection or classification of information.
GENERAL RESPONSIBILITIES • You must apply diligence and due care during the: – Creation or collection of sensitive information; – Use, distribution, storage and retention of sensitive information; – Declassification/change in classification or protection of sensitive information; – Disposal or destruction of sensitive information.
IN OTHER WORDS… You must apply diligence and due care during the entire life cycle of sensitive information. ChooseChooseChoose Use, distribute, share, store and retain Choose Choose disposal method appropriate to sensitive material Establish sensitivity at point of creation Remember to change classification / protection when appropriate
SPECIFIC RESPONSIBILITIES As the originator, or recipient, of sensitive documents you must: 1. Decide what level of protection or classification is appropriate; 2. Mark the document(s) from draft to completion; 3. Ensure documents are processed and stored according to the level of protection or classification assigned; 4. Distribute the information to others who are appropriately screened and on a need to know, need to access basis; 5. Remove or change the level of protection/classification of information when required; 6. Ensure the appropriate destruction of sensitive documents.
Responsibility #1 Deciding what level of protection or classification is appropriate
SECURITY CATEGORIES There are two main security categories that you would apply, based on a document’s content: Protected • Protected C • Protected B • Protected A Classified • Top Secret • Secret • Confidential
CLASSIFIED PROTECTED Classified refers to information that, if compromised, may cause injury to the national interest. Protected refers to information that is not related to the national interest, but if compromised, may cause injury to private or other non-national interests. This information could cause injury to the country. This information could cause injury to an individual or to a company.
CLASSIFIED PROTECTED Top Secret extremely sensitive information related to international affairs, law enforcement investigations and intelligence matters (cause exceptionally grave injury) Secret trade talks, minutes and memos to cabinet, enterprise planning, departmental input to national budget, draft legislation (cause serious injury) Confidential international affairs, administrative plans, audits, negotiations between departments and partners (cause injury) Protected C information about police agents and other informants (cause life threatening and/or extremely grave injury) Protected B law enforcement and medical records, personnel evaluations and investigations, financial records, solicitor-client confidence (particularly sensitive, cause serious injury) Protected A home addresses, dates of birth, SIN numbers, other personal information (low-sensitivity, could cause injury) This information could cause injury to the country. This information could cause injury to an individual or to a company.
Responsibility #2 Marking your sensitive documents from draft to completion.
MARKING SENSITIVE DOCUMENTS 1. You need to mark sensitive information at the time it is created or collected.
MARKING SENSITIVE DOCUMENTS 2. You need to mark all material used in preparing sensitive documents.
MARKING SENSITIVE DOCUMENTS 3. When marking you need to include, where appropriate: –The sensitivity level (CAPS); –The date of creation; and –The date or event when automatic removal of designation or change in the protection of information is to occur. Note: Top Secret documents require a copy number and an indication of the total number of copies (e.g. copy 1 of 6). All pages should be numbered and the total number of pages shown on all pages (e.g. 1 of 3). SECRET Created: Dec. 4, 1989 Declassify: Dec. 4, 2009
MARKING SENSITIVE DOCUMENTS 4. Indicate who may, or may not, have access to the document. Access should be on a need to know basis. 5. When you create cover letters or transmittal forms you must indicate the highest level of sensitivity of all of the attachments.
At the OIC, use annex B of the IM Manual: Managing Sensitive Records.
REVIEW: MARKING SENSITIVE DOCUMENTS 1. Mark sensitive information at the time it is created or collected. 2. Mark all material used in preparing sensitive documents. – Markings are to include, where appropriate: – The sensitivity level; – The date of creation; 3. The date or event when automatic removal of designation or change in the protection of information is to occur. 4. Indicate who may, or may not, have access to the document. 5. Cover letters or transmittal forms must indicate the highest level of sensitivity of the attachments.
Don’t forget to mark electronic media!
MARKING ELECTRONIC MEDIA You should clearly record on the surface of electronic media, the following information: – Name of the organization – Highest level of designation or protection – Subject of the documents – Team the documents belong to – Custodian’s name.
Responsibility #3 Ensuring that documents are processed and stored according to the level of classification or protection assigned
ELECTRONIC PROCESSING OF SENSITIVE MATERIALS Non-Sensitive Process, email, print • Network PC • Stand-alone PC • Laptop • Blackberry/cell Protected A Process, email, print • Network PC • Stand-alone PC • Laptop Protected B Process, email, print • Network PC • Email (PKI only) • Stand-alone PC • Laptop Protected C Process, print (no email) • Stand-alone PC or Laptop Confidential Process, print (no email) •Stand-alone PC or Laptop Secret Process, print (no email) •Stand-alone PC or Laptop Top Secret Process, print (no email) •Stand-alone PC or Laptop
STORING ELECTRONIC SENSITIVE MATERIALS Non-sensitive • RDIMS • Shared drive • Hard drive • Removable media, e.g., CD, jump drive Protected A • RDIMS • Shared drive (limit access) • Removable media, e.g., CD, jump drive (labeled and locked in an approved container, when not in use) Protected B • RDIMS • Shared drive (limit access) • Removable media, e.g., CD, jump drive (labeled and locked in an approved container, when not in use) Protected C Removable media, e.g., CD, jump drive (labeled and locked in an approved container, when not in use) Confidential Removable media, e.g., CD, jump drive (labeled and locked in an approved container, when not in use) Secret Removable media, e.g., CD, jump drive (labeled and locked in an approved container, when not in use) Top Secret Removable media, e.g., CD, jump drive (labeled and locked in an approved container, when not in use)
STORING NON-ELECTRONIC CLASSIFIED OR PROTECTED MATERIAL Protected A Approved security container, e.g., cabinet with an approved lock in an operational zone Protected B Approved security container, e.g., cabinet with an integrated lock in an operational zone Protected C Approved security container, e.g., cabinet with an integrated lock in an approved security zone (enclosed office or room with a door that can be locked) Confidential Approved security container, e.g., cabinet with an integrated lock in an operational zone Secret Dial safe in an approved security zone Top Secret Dial safe in an approved security zone
Responsibility #4 Distribute sensitive information to others on a need to know, need to access basis
DISTRIBUTION OF SENSITIVE DOCUMENTS Access Criteria: – Recipients have a requirement to know; – Recipients hold an appropriate security clearance. It is your responsibility to verify that the recipient of your sensitive document meets access criteria.
COMMUNICATION MODES FOR SENSITIVE DOCUMENTS Non-sensitive • Regular phone and fax • Email • Blackberry and cell phone Protected A • Regular phone and fax • Email Protected B • Regular phone and fax • Email (PKI only) Protected C • Regular phone • Secure fax (No email) Confidential • Secure phone • Secure fax (No email) Secret • Secure phone • Secure fax (No email) Top Secret • Secure phone • Secure fax (No email)
TRANSMITTAL OF SENSITIVE DOCUMENTS Paper documents that are sensitive should be handled with discretion and common sense applying such principles as: – Markings and caveats should be used to caution others about the sensitivity of the material; – Mail should be addressed “to be opened only by…”; – Double envelope with security markings on inner envelope only – for Secret, Top Secret and Protected C; – Phone ahead when sending sensitive faxes.
OIC NETWORK Information with a designation higher than Protected B should not be sent via email, saved on network shared drives or in RDIMS. Note: Protected B information can be sent over the network using PKI
Responsibility #5 Removing or changing the level of protection or classification of information when required
DECLASSIFICATION VERSUS DOWNGRADING Declassification: removal of sensitivity rating Downgrading: reducing level of sensitivity rating (e.g. from Secret to Confidential) Confidential
DECLASSIFICATION AND DOWNGRADING • Protected information will lose its sensitivity: – over time; or – with the occurrence of specific events (e.g. scientific data when published loses its protected status). • Declassification or downgrading can be effected through: – date or special event triggers; – an automatic expiry date; (Note: automatic expiry does not apply to Top Secret or Protected C) – originating authors; – managers (in originating office). • You should systematically review your sensitive materials with the intent of declassifying or downgrading them as appropriate.
Responsibility #6 Ensure the appropriate destruction of sensitive documents
DESTRUCTION OF SENSITIVE DOCUMENTS Paper Electronic Protected A Classified waste disposal or destroy in approved cross- cut shredder Delete from media Protected B Classified waste disposal or destroy in approved cross- cut shredder Delete from media and re-format drive Protected C Classified waste disposal or destroy in approved cross- cut shredder Degauss media Degauss: A process by which a computer hard drive is unformatted by randomly scrambling the bits on the drive Confidential, Secret, Top Secret Destroy in approved cross- cut shredder Degauss and physically destroy media
REVIEW: INFORMATION SECURITY As the originator of sensitive documents or the recipient of sensitive documents sent by the public, you must: 1. Decide what level of protection or classification is appropriate; 2. Mark the document(s) from draft to completion; 3. Ensure documents are processed and stored according to the level of protection or classification assigned; 4. Distribute the information to others who are appropriately screened and on a need to know, need to access basis; 5. Remove or change the level of protection and classification of information when required; 6. Ensure the appropriate destruction of sensitive documents.
In closing… Some guiding principles of information security
GUIDING PRINCIPLES OF INFORMATION SECURITY: • Security classification flows with the information: – Originator decides on level of security; – Receiver must accept the assigned classification. – Note: Information received from the public must be assessed and assigned either a protected or classified level where appropriate. • When incorporating information into existing classified/protected documents or other media – ensure that the new document is also classified at the level of the highest document in the file or storage device.
GUIDING PRINCIPLES OF INFORMATION SECURITY: • A package of information is “marked” based on the document with the highest classification. • Sensitive information should be reviewed periodically with the intent of “declassifying” or “downgrading” when appropriate. • Over-classification must be avoided – it is costly and it minimizes the potential uses of the information.
CONGRATULATIONS! • You have just completed Information Security – an IM self-study module. – You may now: – Test your knowledge with the following quiz. • Review other IM self-study modules in this series: • Information Management 101 • Managing Email Effectively • Records Management and You! • IM and the Departing Employee • Privacy and Personal Information – What Canadians Expect • Understanding IM Within the Federal Government

Recommended

Cyber Security Awareness
Cyber Security AwarenessCyber Security Awareness
Cyber Security Awareness
Ramiro Cid
 
Information Security Awareness Training
Information Security Awareness TrainingInformation Security Awareness Training
Information Security Awareness Training
Randy Bowman
 
Chapter 11: Information Security Incident Management
Chapter 11: Information Security Incident ManagementChapter 11: Information Security Incident Management
Chapter 11: Information Security Incident Management
Nada G.Youssef
 
Securityawareness
SecurityawarenessSecurityawareness
Securityawareness
JayfErika
 
The difference between Cybersecurity and Information Security
The difference between Cybersecurity and Information SecurityThe difference between Cybersecurity and Information Security
The difference between Cybersecurity and Information Security
PECB
 
Incident response
Incident responseIncident response
Incident response
Anshul Gupta
 
Physical security
Physical securityPhysical security
Physical security
Tariq Mahmood
 
Physical security.ppt
Physical security.pptPhysical security.ppt
Physical security.ppt
Faheem Ul Hasan
 

Recommended

Cyber Security Awareness
Cyber Security AwarenessCyber Security Awareness
Cyber Security Awareness
Ramiro Cid
 
Information Security Awareness Training
Information Security Awareness TrainingInformation Security Awareness Training
Information Security Awareness Training
Randy Bowman
 
Chapter 11: Information Security Incident Management
Chapter 11: Information Security Incident ManagementChapter 11: Information Security Incident Management
Chapter 11: Information Security Incident Management
Nada G.Youssef
 
Securityawareness
SecurityawarenessSecurityawareness
Securityawareness
JayfErika
 
The difference between Cybersecurity and Information Security
The difference between Cybersecurity and Information SecurityThe difference between Cybersecurity and Information Security
The difference between Cybersecurity and Information Security
PECB
 
Incident response
Incident responseIncident response
Incident response
Anshul Gupta
 
Physical security
Physical securityPhysical security
Physical security
Tariq Mahmood
 
Physical security.ppt
Physical security.pptPhysical security.ppt
Physical security.ppt
Faheem Ul Hasan
 
Computer forensics ppt
Computer forensics pptComputer forensics ppt
Computer forensics ppt
Nikhil Mashruwala
 
Cyber Security Incident Response
Cyber Security Incident ResponseCyber Security Incident Response
Cyber Security Incident Response
PECB
 
Cyber security standards
Cyber security standardsCyber security standards
Cyber security standards
Vaughan Olufemi ACIB, AICEN, ANIM
 
A brief Intro to Digital Forensics
A brief Intro to Digital ForensicsA brief Intro to Digital Forensics
A brief Intro to Digital Forensics
Manik Bhola
 
Cyber security
Cyber securityCyber security
Cyber security
Komal Samdariya
 
Information Security
Information SecurityInformation Security
Information Security
Dhilsath Fathima
 
Computer forensics toolkit
Computer forensics toolkitComputer forensics toolkit
Computer forensics toolkit
Milap Oza
 
Introduction to information security
Introduction to information securityIntroduction to information security
Introduction to information security
jayashri kolekar
 
Cybersecurity Basics - Aravindr.com
Cybersecurity Basics - Aravindr.comCybersecurity Basics - Aravindr.com
Cybersecurity Basics - Aravindr.com
Aravind R
 
New Hire Information Security Awareness
New Hire Information Security AwarenessNew Hire Information Security Awareness
New Hire Information Security Awareness
hubbargf
 
Information security in todays world
Information security in todays worldInformation security in todays world
Information security in todays world
Sibghatullah Khattak
 
Cybersecurity in the Workplace is Everyone's Business
Cybersecurity in the Workplace is Everyone's Business Cybersecurity in the Workplace is Everyone's Business
Cybersecurity in the Workplace is Everyone's Business
Symantec
 
INFORMATION SECURITY
INFORMATION SECURITYINFORMATION SECURITY
INFORMATION SECURITY
Ahmed Moussa
 
Digital forensics
Digital forensicsDigital forensics
Digital forensics
Nicholas Davis
 
01 Computer Forensics Fundamentals - Notes
01 Computer Forensics Fundamentals - Notes01 Computer Forensics Fundamentals - Notes
01 Computer Forensics Fundamentals - Notes
Kranthi
 
Network security
Network securityNetwork security
Network security
Ujjwal 'Shanu'
 
Risks threats and vulnerabilities
Risks threats and vulnerabilitiesRisks threats and vulnerabilities
Risks threats and vulnerabilities
Manish Chaurasia
 
Security Management Practices
Security Management PracticesSecurity Management Practices
Security Management Practices
amiable_indian
 
Malware Analysis -an overview by PP Singh
Malware Analysis -an overview by PP SinghMalware Analysis -an overview by PP Singh
Malware Analysis -an overview by PP Singh
n|u - The Open Security Community
 
Digital forensics
Digital forensics Digital forensics
Digital forensics
vishnuv43
 
it-security.ppt
it-security.pptit-security.ppt
it-security.ppt
AmanSoni665879
 
Lecture Data Classification And Data Loss Prevention
Lecture Data Classification And Data Loss PreventionLecture Data Classification And Data Loss Prevention
Lecture Data Classification And Data Loss Prevention
Nicholas Davis
 

More Related Content

What's hot

Computer forensics ppt
Computer forensics pptComputer forensics ppt
Computer forensics ppt
Nikhil Mashruwala
 
Cyber Security Incident Response
Cyber Security Incident ResponseCyber Security Incident Response
Cyber Security Incident Response
PECB
 
Cyber security standards
Cyber security standardsCyber security standards
Cyber security standards
Vaughan Olufemi ACIB, AICEN, ANIM
 
A brief Intro to Digital Forensics
A brief Intro to Digital ForensicsA brief Intro to Digital Forensics
A brief Intro to Digital Forensics
Manik Bhola
 
Cyber security
Cyber securityCyber security
Cyber security
Komal Samdariya
 
Information Security
Information SecurityInformation Security
Information Security
Dhilsath Fathima
 
Computer forensics toolkit
Computer forensics toolkitComputer forensics toolkit
Computer forensics toolkit
Milap Oza
 
Introduction to information security
Introduction to information securityIntroduction to information security
Introduction to information security
jayashri kolekar
 
Cybersecurity Basics - Aravindr.com
Cybersecurity Basics - Aravindr.comCybersecurity Basics - Aravindr.com
Cybersecurity Basics - Aravindr.com
Aravind R
 
New Hire Information Security Awareness
New Hire Information Security AwarenessNew Hire Information Security Awareness
New Hire Information Security Awareness
hubbargf
 
Information security in todays world
Information security in todays worldInformation security in todays world
Information security in todays world
Sibghatullah Khattak
 
Cybersecurity in the Workplace is Everyone's Business
Cybersecurity in the Workplace is Everyone's Business Cybersecurity in the Workplace is Everyone's Business
Cybersecurity in the Workplace is Everyone's Business
Symantec
 
INFORMATION SECURITY
INFORMATION SECURITYINFORMATION SECURITY
INFORMATION SECURITY
Ahmed Moussa
 
Digital forensics
Digital forensicsDigital forensics
Digital forensics
Nicholas Davis
 
01 Computer Forensics Fundamentals - Notes
01 Computer Forensics Fundamentals - Notes01 Computer Forensics Fundamentals - Notes
01 Computer Forensics Fundamentals - Notes
Kranthi
 
Network security
Network securityNetwork security
Network security
Ujjwal 'Shanu'
 
Risks threats and vulnerabilities
Risks threats and vulnerabilitiesRisks threats and vulnerabilities
Risks threats and vulnerabilities
Manish Chaurasia
 
Security Management Practices
Security Management PracticesSecurity Management Practices
Security Management Practices
amiable_indian
 
Malware Analysis -an overview by PP Singh
Malware Analysis -an overview by PP SinghMalware Analysis -an overview by PP Singh
Malware Analysis -an overview by PP Singh
n|u - The Open Security Community
 
Digital forensics
Digital forensics Digital forensics
Digital forensics
vishnuv43
 

What's hot (20)

Computer forensics ppt
Computer forensics pptComputer forensics ppt
Computer forensics ppt
 
Cyber Security Incident Response
Cyber Security Incident ResponseCyber Security Incident Response
Cyber Security Incident Response
 
Cyber security standards
Cyber security standardsCyber security standards
Cyber security standards
 
A brief Intro to Digital Forensics
A brief Intro to Digital ForensicsA brief Intro to Digital Forensics
A brief Intro to Digital Forensics
 
Cyber security
Cyber securityCyber security
Cyber security
 
Information Security
Information SecurityInformation Security
Information Security
 
Computer forensics toolkit
Computer forensics toolkitComputer forensics toolkit
Computer forensics toolkit
 
Introduction to information security
Introduction to information securityIntroduction to information security
Introduction to information security
 
Cybersecurity Basics - Aravindr.com
Cybersecurity Basics - Aravindr.comCybersecurity Basics - Aravindr.com
Cybersecurity Basics - Aravindr.com
 
New Hire Information Security Awareness
New Hire Information Security AwarenessNew Hire Information Security Awareness
New Hire Information Security Awareness
 
Information security in todays world
Information security in todays worldInformation security in todays world
Information security in todays world
 
Cybersecurity in the Workplace is Everyone's Business
Cybersecurity in the Workplace is Everyone's Business Cybersecurity in the Workplace is Everyone's Business
Cybersecurity in the Workplace is Everyone's Business
 
INFORMATION SECURITY
INFORMATION SECURITYINFORMATION SECURITY
INFORMATION SECURITY
 
Digital forensics
Digital forensicsDigital forensics
Digital forensics
 
01 Computer Forensics Fundamentals - Notes
01 Computer Forensics Fundamentals - Notes01 Computer Forensics Fundamentals - Notes
01 Computer Forensics Fundamentals - Notes
 
Network security
Network securityNetwork security
Network security
 
Risks threats and vulnerabilities
Risks threats and vulnerabilitiesRisks threats and vulnerabilities
Risks threats and vulnerabilities
 
Security Management Practices
Security Management PracticesSecurity Management Practices
Security Management Practices
 
Malware Analysis -an overview by PP Singh
Malware Analysis -an overview by PP SinghMalware Analysis -an overview by PP Singh
Malware Analysis -an overview by PP Singh
 
Digital forensics
Digital forensics Digital forensics
Digital forensics
 

Similar to Information Security

it-security.ppt
it-security.pptit-security.ppt
it-security.ppt
AmanSoni665879
 
Lecture Data Classification And Data Loss Prevention
Lecture Data Classification And Data Loss PreventionLecture Data Classification And Data Loss Prevention
Lecture Data Classification And Data Loss Prevention
Nicholas Davis
 
Data Classification And Loss Prevention
Data Classification And Loss PreventionData Classification And Loss Prevention
Data Classification And Loss Prevention
Nicholas Davis
 
Lecture data classification_and_data_loss_prevention
Lecture data classification_and_data_loss_preventionLecture data classification_and_data_loss_prevention
Lecture data classification_and_data_loss_prevention
Nicholas Davis
 
cybersecurity
cybersecurity cybersecurity
cybersecurity
AkshaySajith3
 
E Bryan Information Security Management Protecting Your Assets
E Bryan Information Security Management Protecting Your AssetsE Bryan Information Security Management Protecting Your Assets
E Bryan Information Security Management Protecting Your Assets
Emerson Bryan
 
4 it-security.ppt
4 it-security.ppt4 it-security.ppt
4 it-security.ppt
DevenderDahiya9
 
Harshit security
Harshit securityHarshit security
Harshit security
HarshitGupta435
 
Recommending information security measures
Recommending information security measuresRecommending information security measures
Recommending information security measures
Manish Singh
 
Sensitive data - SQL Saturday Tampa
Sensitive data - SQL Saturday TampaSensitive data - SQL Saturday Tampa
Sensitive data - SQL Saturday Tampa
John Magnabosco
 
mobile forensic.pptx
mobile forensic.pptxmobile forensic.pptx
mobile forensic.pptx
Ambuj Kumar
 
Security and Safe Keeping of Official Information by DPO
Security and Safe Keeping of Official Information by DPOSecurity and Safe Keeping of Official Information by DPO
Security and Safe Keeping of Official Information by DPO
Atlantic Training, LLC.
 
MSH-REB-Privacy-and-Security-Fundamentals-for-Researchers.ppt
MSH-REB-Privacy-and-Security-Fundamentals-for-Researchers.pptMSH-REB-Privacy-and-Security-Fundamentals-for-Researchers.ppt
MSH-REB-Privacy-and-Security-Fundamentals-for-Researchers.ppt
PedroPiminchumo
 
Trust in a Digital World
Trust in a Digital WorldTrust in a Digital World
Trust in a Digital World
itnewsafrica
 
infosec_for_journalists_2016
infosec_for_journalists_2016infosec_for_journalists_2016
infosec_for_journalists_2016
Justin Giles
 
Data protection in Practice
Data protection in PracticeData protection in Practice
Data protection in Practice
Tomppa Järvinen
 
Presentation cyber forensics & ethical hacking
Presentation cyber forensics & ethical hackingPresentation cyber forensics & ethical hacking
Presentation cyber forensics & ethical hacking
Ambuj Kumar
 
Data security
Data securityData security
Data security
sbmiller87
 
Information security
Information securityInformation security
Information security
Vijayananda Mohire
 
Encryption: Who, What, When, Where, and Why It's Not a Panacea
Encryption: Who, What, When, Where, and Why It's Not a PanaceaEncryption: Who, What, When, Where, and Why It's Not a Panacea
Encryption: Who, What, When, Where, and Why It's Not a Panacea
Resilient Systems
 

Similar to Information Security (20)

it-security.ppt
it-security.pptit-security.ppt
it-security.ppt
 
Lecture Data Classification And Data Loss Prevention
Lecture Data Classification And Data Loss PreventionLecture Data Classification And Data Loss Prevention
Lecture Data Classification And Data Loss Prevention
 
Data Classification And Loss Prevention
Data Classification And Loss PreventionData Classification And Loss Prevention
Data Classification And Loss Prevention
 
Lecture data classification_and_data_loss_prevention
Lecture data classification_and_data_loss_preventionLecture data classification_and_data_loss_prevention
Lecture data classification_and_data_loss_prevention
 
cybersecurity
cybersecurity cybersecurity
cybersecurity
 
E Bryan Information Security Management Protecting Your Assets
E Bryan Information Security Management Protecting Your AssetsE Bryan Information Security Management Protecting Your Assets
E Bryan Information Security Management Protecting Your Assets
 
4 it-security.ppt
4 it-security.ppt4 it-security.ppt
4 it-security.ppt
 
Harshit security
Harshit securityHarshit security
Harshit security
 
Recommending information security measures
Recommending information security measuresRecommending information security measures
Recommending information security measures
 
Sensitive data - SQL Saturday Tampa
Sensitive data - SQL Saturday TampaSensitive data - SQL Saturday Tampa
Sensitive data - SQL Saturday Tampa
 
mobile forensic.pptx
mobile forensic.pptxmobile forensic.pptx
mobile forensic.pptx
 
Security and Safe Keeping of Official Information by DPO
Security and Safe Keeping of Official Information by DPOSecurity and Safe Keeping of Official Information by DPO
Security and Safe Keeping of Official Information by DPO
 
MSH-REB-Privacy-and-Security-Fundamentals-for-Researchers.ppt
MSH-REB-Privacy-and-Security-Fundamentals-for-Researchers.pptMSH-REB-Privacy-and-Security-Fundamentals-for-Researchers.ppt
MSH-REB-Privacy-and-Security-Fundamentals-for-Researchers.ppt
 
Trust in a Digital World
Trust in a Digital WorldTrust in a Digital World
Trust in a Digital World
 
infosec_for_journalists_2016
infosec_for_journalists_2016infosec_for_journalists_2016
infosec_for_journalists_2016
 
Data protection in Practice
Data protection in PracticeData protection in Practice
Data protection in Practice
 
Presentation cyber forensics & ethical hacking
Presentation cyber forensics & ethical hackingPresentation cyber forensics & ethical hacking
Presentation cyber forensics & ethical hacking
 
Data security
Data securityData security
Data security
 
Information security
Information securityInformation security
Information security
 
Encryption: Who, What, When, Where, and Why It's Not a Panacea
Encryption: Who, What, When, Where, and Why It's Not a PanaceaEncryption: Who, What, When, Where, and Why It's Not a Panacea
Encryption: Who, What, When, Where, and Why It's Not a Panacea
 

Recently uploaded

Income Tax exemption for Start up : Section 80 IAC
Income Tax exemption for Start up : Section 80 IACIncome Tax exemption for Start up : Section 80 IAC
Income Tax exemption for Start up : Section 80 IAC
CA Dr. Prithvi Ranjan Parhi
 
Zodiac Signs and Food Preferences_ What Your Sign Says About Your Taste
Zodiac Signs and Food Preferences_ What Your Sign Says About Your TasteZodiac Signs and Food Preferences_ What Your Sign Says About Your Taste
Zodiac Signs and Food Preferences_ What Your Sign Says About Your Taste
my Pandit
 
Innovation Management Frameworks: Your Guide to Creativity & Innovation
Innovation Management Frameworks: Your Guide to Creativity & InnovationInnovation Management Frameworks: Your Guide to Creativity & Innovation
Innovation Management Frameworks: Your Guide to Creativity & Innovation
Operational Excellence Consulting
 
TIMES BPO: Business Plan For Startup Industry
TIMES BPO: Business Plan For Startup IndustryTIMES BPO: Business Plan For Startup Industry
TIMES BPO: Business Plan For Startup Industry
timesbpobusiness
 
Ellen Burstyn: From Detroit Dreamer to Hollywood Legend | CIO Women Magazine
Ellen Burstyn: From Detroit Dreamer to Hollywood Legend | CIO Women MagazineEllen Burstyn: From Detroit Dreamer to Hollywood Legend | CIO Women Magazine
Ellen Burstyn: From Detroit Dreamer to Hollywood Legend | CIO Women Magazine
CIOWomenMagazine
 
Dpboss Matka Guessing Satta Matta Matka Kalyan Chart Satta Matka
Dpboss Matka Guessing Satta Matta Matka Kalyan Chart Satta MatkaDpboss Matka Guessing Satta Matta Matka Kalyan Chart Satta Matka
Dpboss Matka Guessing Satta Matta Matka Kalyan Chart Satta Matka
➒➌➎➏➑➐➋➑➐➐Dpboss Matka Guessing Satta Matka Kalyan Chart Indian Matka
 
Presentation by Herman Kienhuis (Curiosity VC) on Investing in AI for ABS Alu...
Presentation by Herman Kienhuis (Curiosity VC) on Investing in AI for ABS Alu...Presentation by Herman Kienhuis (Curiosity VC) on Investing in AI for ABS Alu...
Presentation by Herman Kienhuis (Curiosity VC) on Investing in AI for ABS Alu...
Herman Kienhuis
 
The Steadfast and Reliable Bull: Taurus Zodiac Sign
The Steadfast and Reliable Bull: Taurus Zodiac SignThe Steadfast and Reliable Bull: Taurus Zodiac Sign
The Steadfast and Reliable Bull: Taurus Zodiac Sign
my Pandit
 
list of states and organizations .pdf
list of states and organizations .pdflist of states and organizations .pdf
list of states and organizations .pdf
Rbc Rbcua
 
Chapter 7 Final business management sciences .ppt
Chapter 7 Final business management sciences .pptChapter 7 Final business management sciences .ppt
Chapter 7 Final business management sciences .ppt
ssuser567e2d
 
The APCO Geopolitical Radar - Q3 2024 The Global Operating Environment for Bu...
The APCO Geopolitical Radar - Q3 2024 The Global Operating Environment for Bu...The APCO Geopolitical Radar - Q3 2024 The Global Operating Environment for Bu...
The APCO Geopolitical Radar - Q3 2024 The Global Operating Environment for Bu...
APCO
 
Cover Story - China's Investment Leader - Dr. Alyce SU
Cover Story - China's Investment Leader - Dr. Alyce SUCover Story - China's Investment Leader - Dr. Alyce SU
Cover Story - China's Investment Leader - Dr. Alyce SU
msthrill
 
Dpboss Matka Guessing Satta Matta Matka Kalyan Chart Indian Matka
Dpboss Matka Guessing Satta Matta Matka Kalyan Chart Indian MatkaDpboss Matka Guessing Satta Matta Matka Kalyan Chart Indian Matka
Dpboss Matka Guessing Satta Matta Matka Kalyan Chart Indian Matka
➒➌➎➏➑➐➋➑➐➐Dpboss Matka Guessing Satta Matka Kalyan Chart Indian Matka
 
❼❷⓿❺❻❷❽❷❼❽ Dpboss Matka Result Satta Matka Guessing Satta Fix jodi Kalyan Fin...
❼❷⓿❺❻❷❽❷❼❽ Dpboss Matka Result Satta Matka Guessing Satta Fix jodi Kalyan Fin...❼❷⓿❺❻❷❽❷❼❽ Dpboss Matka Result Satta Matka Guessing Satta Fix jodi Kalyan Fin...
❼❷⓿❺❻❷❽❷❼❽ Dpboss Matka Result Satta Matka Guessing Satta Fix jodi Kalyan Fin...
❼❷⓿❺❻❷❽❷❼❽ Dpboss Kalyan Satta Matka Guessing Matka Result Main Bazar chart
 
Best practices for project execution and delivery
Best practices for project execution and deliveryBest practices for project execution and delivery
Best practices for project execution and delivery
CLIVE MINCHIN
 
Pitch Deck Teardown: Kinnect's $250k Angel deck
Pitch Deck Teardown: Kinnect's $250k Angel deckPitch Deck Teardown: Kinnect's $250k Angel deck
Pitch Deck Teardown: Kinnect's $250k Angel deck
HajeJanKamps
 
Unveiling the Dynamic Personalities, Key Dates, and Horoscope Insights: Gemin...
Unveiling the Dynamic Personalities, Key Dates, and Horoscope Insights: Gemin...Unveiling the Dynamic Personalities, Key Dates, and Horoscope Insights: Gemin...
Unveiling the Dynamic Personalities, Key Dates, and Horoscope Insights: Gemin...
my Pandit
 
Garments ERP Software in Bangladesh _ Pridesys IT Ltd.pdf
Garments ERP Software in Bangladesh _ Pridesys IT Ltd.pdfGarments ERP Software in Bangladesh _ Pridesys IT Ltd.pdf
Garments ERP Software in Bangladesh _ Pridesys IT Ltd.pdf
Pridesys IT Ltd.
 
The Genesis of BriansClub.cm Famous Dark WEb Platform
The Genesis of BriansClub.cm Famous Dark WEb PlatformThe Genesis of BriansClub.cm Famous Dark WEb Platform
The Genesis of BriansClub.cm Famous Dark WEb Platform
SabaaSudozai
 
Best Competitive Marble Pricing in Dubai - ☎ 9928909666
Best Competitive Marble Pricing in Dubai - ☎ 9928909666Best Competitive Marble Pricing in Dubai - ☎ 9928909666
Best Competitive Marble Pricing in Dubai - ☎ 9928909666
Stone Art Hub
 

Recently uploaded (20)

Income Tax exemption for Start up : Section 80 IAC
Income Tax exemption for Start up : Section 80 IACIncome Tax exemption for Start up : Section 80 IAC
Income Tax exemption for Start up : Section 80 IAC
 
Zodiac Signs and Food Preferences_ What Your Sign Says About Your Taste
Zodiac Signs and Food Preferences_ What Your Sign Says About Your TasteZodiac Signs and Food Preferences_ What Your Sign Says About Your Taste
Zodiac Signs and Food Preferences_ What Your Sign Says About Your Taste
 
Innovation Management Frameworks: Your Guide to Creativity & Innovation
Innovation Management Frameworks: Your Guide to Creativity & InnovationInnovation Management Frameworks: Your Guide to Creativity & Innovation
Innovation Management Frameworks: Your Guide to Creativity & Innovation
 
TIMES BPO: Business Plan For Startup Industry
TIMES BPO: Business Plan For Startup IndustryTIMES BPO: Business Plan For Startup Industry
TIMES BPO: Business Plan For Startup Industry
 
Ellen Burstyn: From Detroit Dreamer to Hollywood Legend | CIO Women Magazine
Ellen Burstyn: From Detroit Dreamer to Hollywood Legend | CIO Women MagazineEllen Burstyn: From Detroit Dreamer to Hollywood Legend | CIO Women Magazine
Ellen Burstyn: From Detroit Dreamer to Hollywood Legend | CIO Women Magazine
 
Dpboss Matka Guessing Satta Matta Matka Kalyan Chart Satta Matka
Dpboss Matka Guessing Satta Matta Matka Kalyan Chart Satta MatkaDpboss Matka Guessing Satta Matta Matka Kalyan Chart Satta Matka
Dpboss Matka Guessing Satta Matta Matka Kalyan Chart Satta Matka
 
Presentation by Herman Kienhuis (Curiosity VC) on Investing in AI for ABS Alu...
Presentation by Herman Kienhuis (Curiosity VC) on Investing in AI for ABS Alu...Presentation by Herman Kienhuis (Curiosity VC) on Investing in AI for ABS Alu...
Presentation by Herman Kienhuis (Curiosity VC) on Investing in AI for ABS Alu...
 
The Steadfast and Reliable Bull: Taurus Zodiac Sign
The Steadfast and Reliable Bull: Taurus Zodiac SignThe Steadfast and Reliable Bull: Taurus Zodiac Sign
The Steadfast and Reliable Bull: Taurus Zodiac Sign
 
list of states and organizations .pdf
list of states and organizations .pdflist of states and organizations .pdf
list of states and organizations .pdf
 
Chapter 7 Final business management sciences .ppt
Chapter 7 Final business management sciences .pptChapter 7 Final business management sciences .ppt
Chapter 7 Final business management sciences .ppt
 
The APCO Geopolitical Radar - Q3 2024 The Global Operating Environment for Bu...
The APCO Geopolitical Radar - Q3 2024 The Global Operating Environment for Bu...The APCO Geopolitical Radar - Q3 2024 The Global Operating Environment for Bu...
The APCO Geopolitical Radar - Q3 2024 The Global Operating Environment for Bu...
 
Cover Story - China's Investment Leader - Dr. Alyce SU
Cover Story - China's Investment Leader - Dr. Alyce SUCover Story - China's Investment Leader - Dr. Alyce SU
Cover Story - China's Investment Leader - Dr. Alyce SU
 
Dpboss Matka Guessing Satta Matta Matka Kalyan Chart Indian Matka
Dpboss Matka Guessing Satta Matta Matka Kalyan Chart Indian MatkaDpboss Matka Guessing Satta Matta Matka Kalyan Chart Indian Matka
Dpboss Matka Guessing Satta Matta Matka Kalyan Chart Indian Matka
 
❼❷⓿❺❻❷❽❷❼❽ Dpboss Matka Result Satta Matka Guessing Satta Fix jodi Kalyan Fin...
❼❷⓿❺❻❷❽❷❼❽ Dpboss Matka Result Satta Matka Guessing Satta Fix jodi Kalyan Fin...❼❷⓿❺❻❷❽❷❼❽ Dpboss Matka Result Satta Matka Guessing Satta Fix jodi Kalyan Fin...
❼❷⓿❺❻❷❽❷❼❽ Dpboss Matka Result Satta Matka Guessing Satta Fix jodi Kalyan Fin...
 
Best practices for project execution and delivery
Best practices for project execution and deliveryBest practices for project execution and delivery
Best practices for project execution and delivery
 
Pitch Deck Teardown: Kinnect's $250k Angel deck
Pitch Deck Teardown: Kinnect's $250k Angel deckPitch Deck Teardown: Kinnect's $250k Angel deck
Pitch Deck Teardown: Kinnect's $250k Angel deck
 
Unveiling the Dynamic Personalities, Key Dates, and Horoscope Insights: Gemin...
Unveiling the Dynamic Personalities, Key Dates, and Horoscope Insights: Gemin...Unveiling the Dynamic Personalities, Key Dates, and Horoscope Insights: Gemin...
Unveiling the Dynamic Personalities, Key Dates, and Horoscope Insights: Gemin...
 
Garments ERP Software in Bangladesh _ Pridesys IT Ltd.pdf
Garments ERP Software in Bangladesh _ Pridesys IT Ltd.pdfGarments ERP Software in Bangladesh _ Pridesys IT Ltd.pdf
Garments ERP Software in Bangladesh _ Pridesys IT Ltd.pdf
 
The Genesis of BriansClub.cm Famous Dark WEb Platform
The Genesis of BriansClub.cm Famous Dark WEb PlatformThe Genesis of BriansClub.cm Famous Dark WEb Platform
The Genesis of BriansClub.cm Famous Dark WEb Platform
 
Best Competitive Marble Pricing in Dubai - ☎ 9928909666
Best Competitive Marble Pricing in Dubai - ☎ 9928909666Best Competitive Marble Pricing in Dubai - ☎ 9928909666
Best Competitive Marble Pricing in Dubai - ☎ 9928909666
 

Information Security

  • 2. Your responsibilities as a Government of Canada employee
  • 3. AT THE END OF THIS MODULE YOU WILL: • Be aware of your responsibilities with respect to information security. • Be able to decide what protection or classification is appropriate for your information. • Understand how to mark sensitive documents. • Be able to make appropriate choices for the storage of sensitive materials. • Know the appropriate methods of communication and destruction of sensitive materials. • Understand the importance of removing or changing the level of protection or classification of information.
  • 4. GENERAL RESPONSIBILITIES • You must apply diligence and due care during the: – Creation or collection of sensitive information; – Use, distribution, storage and retention of sensitive information; – Declassification/change in classification or protection of sensitive information; – Disposal or destruction of sensitive information.
  • 5. IN OTHER WORDS… You must apply diligence and due care during the entire life cycle of sensitive information. ChooseChooseChoose Use, distribute, share, store and retain Choose Choose disposal method appropriate to sensitive material Establish sensitivity at point of creation Remember to change classification / protection when appropriate
  • 6. SPECIFIC RESPONSIBILITIES As the originator, or recipient, of sensitive documents you must: 1. Decide what level of protection or classification is appropriate; 2. Mark the document(s) from draft to completion; 3. Ensure documents are processed and stored according to the level of protection or classification assigned; 4. Distribute the information to others who are appropriately screened and on a need to know, need to access basis; 5. Remove or change the level of protection/classification of information when required; 6. Ensure the appropriate destruction of sensitive documents.
  • 7. Responsibility #1 Deciding what level of protection or classification is appropriate
  • 8. SECURITY CATEGORIES There are two main security categories that you would apply, based on a document’s content: Protected • Protected C • Protected B • Protected A Classified • Top Secret • Secret • Confidential
  • 9. CLASSIFIED PROTECTED Classified refers to information that, if compromised, may cause injury to the national interest. Protected refers to information that is not related to the national interest, but if compromised, may cause injury to private or other non-national interests. This information could cause injury to the country. This information could cause injury to an individual or to a company.
  • 10. CLASSIFIED PROTECTED Top Secret extremely sensitive information related to international affairs, law enforcement investigations and intelligence matters (cause exceptionally grave injury) Secret trade talks, minutes and memos to cabinet, enterprise planning, departmental input to national budget, draft legislation (cause serious injury) Confidential international affairs, administrative plans, audits, negotiations between departments and partners (cause injury) Protected C information about police agents and other informants (cause life threatening and/or extremely grave injury) Protected B law enforcement and medical records, personnel evaluations and investigations, financial records, solicitor-client confidence (particularly sensitive, cause serious injury) Protected A home addresses, dates of birth, SIN numbers, other personal information (low-sensitivity, could cause injury) This information could cause injury to the country. This information could cause injury to an individual or to a company.
  • 11. Responsibility #2 Marking your sensitive documents from draft to completion.
  • 12. MARKING SENSITIVE DOCUMENTS 1. You need to mark sensitive information at the time it is created or collected.
  • 13. MARKING SENSITIVE DOCUMENTS 2. You need to mark all material used in preparing sensitive documents.
  • 14. MARKING SENSITIVE DOCUMENTS 3. When marking you need to include, where appropriate: –The sensitivity level (CAPS); –The date of creation; and –The date or event when automatic removal of designation or change in the protection of information is to occur. Note: Top Secret documents require a copy number and an indication of the total number of copies (e.g. copy 1 of 6). All pages should be numbered and the total number of pages shown on all pages (e.g. 1 of 3). SECRET Created: Dec. 4, 1989 Declassify: Dec. 4, 2009
  • 15. MARKING SENSITIVE DOCUMENTS 4. Indicate who may, or may not, have access to the document. Access should be on a need to know basis. 5. When you create cover letters or transmittal forms you must indicate the highest level of sensitivity of all of the attachments.
  • 16. At the OIC, use annex B of the IM Manual: Managing Sensitive Records.
  • 17. REVIEW: MARKING SENSITIVE DOCUMENTS 1. Mark sensitive information at the time it is created or collected. 2. Mark all material used in preparing sensitive documents. – Markings are to include, where appropriate: – The sensitivity level; – The date of creation; 3. The date or event when automatic removal of designation or change in the protection of information is to occur. 4. Indicate who may, or may not, have access to the document. 5. Cover letters or transmittal forms must indicate the highest level of sensitivity of the attachments.
  • 18. Don’t forget to mark electronic media!
  • 19. MARKING ELECTRONIC MEDIA You should clearly record on the surface of electronic media, the following information: – Name of the organization – Highest level of designation or protection – Subject of the documents – Team the documents belong to – Custodian’s name.
  • 20. Responsibility #3 Ensuring that documents are processed and stored according to the level of classification or protection assigned
  • 21. ELECTRONIC PROCESSING OF SENSITIVE MATERIALS Non-Sensitive Process, email, print • Network PC • Stand-alone PC • Laptop • Blackberry/cell Protected A Process, email, print • Network PC • Stand-alone PC • Laptop Protected B Process, email, print • Network PC • Email (PKI only) • Stand-alone PC • Laptop Protected C Process, print (no email) • Stand-alone PC or Laptop Confidential Process, print (no email) •Stand-alone PC or Laptop Secret Process, print (no email) •Stand-alone PC or Laptop Top Secret Process, print (no email) •Stand-alone PC or Laptop
  • 22. STORING ELECTRONIC SENSITIVE MATERIALS Non-sensitive • RDIMS • Shared drive • Hard drive • Removable media, e.g., CD, jump drive Protected A • RDIMS • Shared drive (limit access) • Removable media, e.g., CD, jump drive (labeled and locked in an approved container, when not in use) Protected B • RDIMS • Shared drive (limit access) • Removable media, e.g., CD, jump drive (labeled and locked in an approved container, when not in use) Protected C Removable media, e.g., CD, jump drive (labeled and locked in an approved container, when not in use) Confidential Removable media, e.g., CD, jump drive (labeled and locked in an approved container, when not in use) Secret Removable media, e.g., CD, jump drive (labeled and locked in an approved container, when not in use) Top Secret Removable media, e.g., CD, jump drive (labeled and locked in an approved container, when not in use)
  • 23. STORING NON-ELECTRONIC CLASSIFIED OR PROTECTED MATERIAL Protected A Approved security container, e.g., cabinet with an approved lock in an operational zone Protected B Approved security container, e.g., cabinet with an integrated lock in an operational zone Protected C Approved security container, e.g., cabinet with an integrated lock in an approved security zone (enclosed office or room with a door that can be locked) Confidential Approved security container, e.g., cabinet with an integrated lock in an operational zone Secret Dial safe in an approved security zone Top Secret Dial safe in an approved security zone
  • 24. Responsibility #4 Distribute sensitive information to others on a need to know, need to access basis
  • 25. DISTRIBUTION OF SENSITIVE DOCUMENTS Access Criteria: – Recipients have a requirement to know; – Recipients hold an appropriate security clearance. It is your responsibility to verify that the recipient of your sensitive document meets access criteria.
  • 26. COMMUNICATION MODES FOR SENSITIVE DOCUMENTS Non-sensitive • Regular phone and fax • Email • Blackberry and cell phone Protected A • Regular phone and fax • Email Protected B • Regular phone and fax • Email (PKI only) Protected C • Regular phone • Secure fax (No email) Confidential • Secure phone • Secure fax (No email) Secret • Secure phone • Secure fax (No email) Top Secret • Secure phone • Secure fax (No email)
  • 27. TRANSMITTAL OF SENSITIVE DOCUMENTS Paper documents that are sensitive should be handled with discretion and common sense applying such principles as: – Markings and caveats should be used to caution others about the sensitivity of the material; – Mail should be addressed “to be opened only by…”; – Double envelope with security markings on inner envelope only – for Secret, Top Secret and Protected C; – Phone ahead when sending sensitive faxes.
  • 28. OIC NETWORK Information with a designation higher than Protected B should not be sent via email, saved on network shared drives or in RDIMS. Note: Protected B information can be sent over the network using PKI
  • 29. Responsibility #5 Removing or changing the level of protection or classification of information when required
  • 30. DECLASSIFICATION VERSUS DOWNGRADING Declassification: removal of sensitivity rating Downgrading: reducing level of sensitivity rating (e.g. from Secret to Confidential) Confidential
  • 31. DECLASSIFICATION AND DOWNGRADING • Protected information will lose its sensitivity: – over time; or – with the occurrence of specific events (e.g. scientific data when published loses its protected status). • Declassification or downgrading can be effected through: – date or special event triggers; – an automatic expiry date; (Note: automatic expiry does not apply to Top Secret or Protected C) – originating authors; – managers (in originating office). • You should systematically review your sensitive materials with the intent of declassifying or downgrading them as appropriate.
  • 32. Responsibility #6 Ensure the appropriate destruction of sensitive documents
  • 33. DESTRUCTION OF SENSITIVE DOCUMENTS Paper Electronic Protected A Classified waste disposal or destroy in approved cross- cut shredder Delete from media Protected B Classified waste disposal or destroy in approved cross- cut shredder Delete from media and re-format drive Protected C Classified waste disposal or destroy in approved cross- cut shredder Degauss media Degauss: A process by which a computer hard drive is unformatted by randomly scrambling the bits on the drive Confidential, Secret, Top Secret Destroy in approved cross- cut shredder Degauss and physically destroy media
  • 34. REVIEW: INFORMATION SECURITY As the originator of sensitive documents or the recipient of sensitive documents sent by the public, you must: 1. Decide what level of protection or classification is appropriate; 2. Mark the document(s) from draft to completion; 3. Ensure documents are processed and stored according to the level of protection or classification assigned; 4. Distribute the information to others who are appropriately screened and on a need to know, need to access basis; 5. Remove or change the level of protection and classification of information when required; 6. Ensure the appropriate destruction of sensitive documents.
  • 35. In closing… Some guiding principles of information security
  • 36. GUIDING PRINCIPLES OF INFORMATION SECURITY: • Security classification flows with the information: – Originator decides on level of security; – Receiver must accept the assigned classification. – Note: Information received from the public must be assessed and assigned either a protected or classified level where appropriate. • When incorporating information into existing classified/protected documents or other media – ensure that the new document is also classified at the level of the highest document in the file or storage device.
  • 37. GUIDING PRINCIPLES OF INFORMATION SECURITY: • A package of information is “marked” based on the document with the highest classification. • Sensitive information should be reviewed periodically with the intent of “declassifying” or “downgrading” when appropriate. • Over-classification must be avoided – it is costly and it minimizes the potential uses of the information.
  • 38. CONGRATULATIONS! • You have just completed Information Security – an IM self-study module. – You may now: – Test your knowledge with the following quiz. • Review other IM self-study modules in this series: • Information Management 101 • Managing Email Effectively • Records Management and You! • IM and the Departing Employee • Privacy and Personal Information – What Canadians Expect • Understanding IM Within the Federal Government