B.2. Data Security and Privacy

Submitted by Anonymous (not verified) on

This section of the guidelines provides a high-level reference point for the management of information security and privacy in social security institutions. The eight guidelines which follow form a starting point from which institutions can develop their own policies and plans, and will assist in addressing the challenges of information security through a consistent and standards-based approach. They are also intended to raise awareness of the security risks to information assets and to indicate how to deal with them.

The specific guidelines in this section are:

  • Management framework for information security
  • Data privacy policies and regulations
  • Security measures for data privacy
  • Comprehensive access control system
  • Security in database systems
  • Security in networks and communication systems
  • Security in application development
  • Security in ICT operations

Guidance is based upon well-recognized principles and best practice related to planning, risk management and performance measurement. It has been drawn from several policy instruments, guidelines and reports from various jurisdictions, and input from private industry, professionals in social security institutions and standards bodies such as the International Organization for Standardization (ISO), National Institute of Standards and Technology (NIST) and Information Systems Audit and Control Association (ISACA).

These eight guidelines are oriented towards ICT staff, executives and managers responsible for the security of information assets, and staff responsible for initiating, implementing and/or monitoring risk management and information security within their organizations. They may also be useful for departmental corporate risk managers, strategic planners, coordinators and other specialists who play an important role in helping to integrate security into corporate risk management, planning and performance measurement.

These guidelines may be applied at any stage of an activity, function, project, product or asset involving information. While information security management is usually applied to complete information systems and facilities, it can also focus on individual system components or services where this is practicable and useful.

Guideline code
ICT_03500
Title HTML
B.2. Data Security and Privacy
Type
Heading_1
Weight
38