Search Shape
  1. iconnect
  2. Our structure
  3. Business Services
  4. Protective Security
  5. Protective Security Outcomes

Protective Security Outcomes

The TAS-PSPF has four outcomes:

Governance

State Growth identifies and manages security risks and supports a protective security culture while maintaining a cycle of continuous improvement.

Information

State Growth maintains the confidentiality, integrity, and availability of all official information.

People

State Growth ensures its people are suitable to access Tasmanian Government assets and align with departmental values and behaviours.

Physical

State Growth provides a safe and secure physical environment for its information, people, and assets.

Governance

State Growth works in a fast-changing environment. It will prioritise and support outcomes for the Tasmanian community. State Growth promotes sensible risk-taking to achieve organisational objectives and address community issues. It has a low risk tolerance for issues that affect its sensitive data and the safety of its people and assets.

State Growth has adopted five key protective security principles:

  1. Protective security is a responsibility of State Growth and its people.
  2. State Growth will manage its own protective security risks.
  3. State Growth’s protective security actions will be guided by a clear risk management approach.
  4. State Growth will consider protective security in all its decisions and activities.
  5. State Growth will continuously improve its protective security culture.

State Growth manages its security risks by:

  • Understanding the security environment in which it operates.
  • Identifying and understanding the most critical assets it must protect.
  • Identifying and understanding the most critical services it must provide.
  • Mitigating security vulnerabilities on a prioritised security-risk basis.
  • Preparing for new security trends that threaten its core business.
  • Ensuring business continuity capability during security incidents, disruptions, or emergencies.
  • Protecting its information, people, and assets.
  • Developing and fostering a positive security culture.

Governance framework:

The diagram below shows the TAS-PSPF governance framework within State Growth:

Governance Framework

Information security

Information security protects data from unauthorised access, sharing, changes, or destruction. It's crucial for the department's operations. State Growth relies on digital systems for data management. So, it must protect sensitive information from cyber threats, data breaches, and other security risks.

Effective information security requires a broad management approach. It must integrate policies, procedures, and technologies. This will manage risks, protect assets, and ensure compliance with laws and regulations. This approach is vital. It preserves trust, ensures business continuity, and secures data.

Access and management of official information

The Information Management Policy defines how to handle State Growth information. It must be created, captured, maintained, secured, and disposed of, regardless of format. This is to comply with legal, administrative, and operational requirements. All records and information in State Growth must follow the information management policy.

‘Need to know’ principle:

The ‘need to know’ principle refers to accessing information based on operational requirements. This principle applies to all information, no matter its classification or the requester's seniority.

Restricting access to a 'need to know' basis helps guard against unauthorised access, misuse, or compromise. Importantly, the 'need to know' principle should not block sharing positive info. If it helps operations, individuals or agencies should share it.

When sharing information, it's vital to follow this principle. Ask these questions:

  • Am I allowed to release the information?
  • Is the person requesting the information allowed to receive it?
  • Is there an operational benefit to sharing the information?
  • Does the information or data contain sensitive or security-classified information?
  • Are there any other reasons the information can't be shared? For example, is there a confidentiality agreement in place?

Information classification:

Information classification is a tool. It looks at how State Growth, its people, or the government could be harmed if compromised.

Classification tells you and others how to handle and protect official information.

Information Classification

People security

The people security outcome ensures the right individuals fill State Growth positions. So, our employees can be trusted to access Tasmania's government resources. This outcome is about selecting the best candidates for each role. It also includes managing their ongoing fit and handling staff separation.

Physical security

The outcome is to identify and implement physical security measures. They must protect Tasmanian Government resources, information, people, and assets. This outcome assists in identifying and minimising or removing security risks.