Protecting online information from unauthorised access and alteration
Online government transactions are subject to the same legislative and regulatory requirements, and community expectations, as business information created by any other means. Your agency needs to safeguard the confidentiality, integrity and availability of the online business information so that information cannot be inappropriately altered, deleted, misplaced or accessed by unauthorised personnel.
Measures to protect your online business information include:
- assessing the security and privacy risks related to the management of online business information
- identifying records that should be created and captured as a result of your agency's online activities
- assigning and documenting responsibilities for capturing records of online activities into your agency's business systems
- online security solutions such as data encryption, use of digital certificates and passwords or passphrases for the authentication of external clients
- maintaining and updating relevant encryption keys
- preserving relevant records in a usable and accessible form for long term storage
- declassifying or downgrading records when protection is no longer needed
- ensuring business systems capturing records of online activities comply with the international standard for software systems designed to manage records, 'ISO 16175:2011
- Cyber Security Strategy provides the framework to ensure that personal and business information provided online to government is protected and that online government services are available when needed.
- Guide to securing personal information details the steps agencies are required to take under the Privacy Act 1988 to protect the holdings of personal information from misuse, interference and loss, and from unauthorised access, modification or disclosure.
- National e-Authentication Framework (NeAF) assists agencies with the authentication of external clients to a desired level of assurance or confidence. The NeAF encompasses the electronic authentication (e‑authentication) of the identity of individuals and businesses dealing with the government, on one side of the transaction, as well as the authentication of government websites on the other side.
- ISO 16175:2011 Principles and Functional Requirements for Records in Electronic Office Environments provides internationally agreed principles and functional requirements for software used to create and manage digital information in office environments.