mast03.gif (14245 bytes)
A Publication Featuring The Information Services Technology of Maine State Government

Volume VII, Issue 6

June 2004

What Is All The Talk of Security?

In December 2002, the Information Services Policy Board adopted a uniform set of information technology security policies, standards and general guidelines for every state department, agency, board, bureau, commission, and authority. These policies are intended to raise awareness of potential risk associated with security breaches.

Although the first thought is that the policy only pertains to technology systems, this is not necessarily the policy’s intent. The State of Maine’s policy was based upon the ISO17799 security standards (International Security Standards). This document is a "comprehensive set of controls comprising best practices in information security". "The ISO 17799 was developed to serve as a single reference point for identifying a range of controls needed for most situations where information systems are used in industry and commerce"

Each State of Maine agency will be responsible for developing a detailed policy plan to meet the security policies and standards. The plan will be a guide for agencies to perform and be measured against. Most agencies have identified an individual or group to work on the final plan, which is due to the Chief Information Officer by September 2004.

As a reminder of how important information security is and what it really encompasses, a few items are listed below:

E-mail Security is significant to any organization and having firewalls and anti-virus programs in place are a must. Employees should not:

transmit confidential or sensitive information or
open e-mails or attached files without ensuring the content is genuine.

Employees should also be aware of their agencies policies and practices with regard to saving, storing, and archiving of e-mail.

Information Security Coordination Each agency will have an appointed Information Security Officer, who is responsible for formulation, review, and approval of security procedures, oversight into investigations of computer security related incidents, development and testing of Business Continuity and Disaster Recovery planning, and oversight of business issues regarding information technology security initiatives.

Risk is the possibility of suffering harm or loss. With regards to information, risk includes the possibility of suffering a loss of any kind, due to disclosure, destruction, modification, or denial of access. A risk that occurs can violate the confidentiality, integrity, or availability of information.

Please look for more Customer Service articles regarding Information Security over the next few months. Ginnie Ricker has been tasked as Project Manager for the Department of Administrative and Financial Services’ Information Technology Security Policy Project. She may be reached with questions by e-mailing ginnie.ricker@maine.gov.

[ Up ] [ 3-D Graphic Imagery Increases Success of Public Involvement Process ] [ A Leaf on the Branch of a Tree… ] [ Audio and Web Conferencing Less Travel, More Productivity ] [ Challenge for June ] [ Distance Delivery and Learning – How Might It Be Used? ] [ From Our Readers ] [ From the Editor ] [ GIS Common Editing Environment ] [ How to Make Better Decisions ] [ june2004/JUNE04_MIST.pdf ] [ NexTalk ] [ Volunteer Service Sites Update Their Look and Accessibility ] [ WebCams in Maine ] [ What Is All The Talk of Security? ]