Security Awareness Week: Focus on Protecting Information

Tags:

Information is the lifeblood of Defence, and it must be managed and protected appropriately, as we are reminded of during Security Awareness Week, February 8-12.

The nature of the work at DND/CAF is heavily document-dependent. It involves the creation, use and re-use, storage, and management of large amounts of information. We rely on information that is available to those who need it up-to-date, accurate, and protected from unauthorized access. It is the foundation on which we make decisions and take actions to do the business of Defence.

Security Awareness Week 2016, highlights that, “without adequate safeguarding, the confidentiality, integrity and availability of this information could be compromised, which in turn could impact the ability of DND and the CAF to deliver and conduct activities and operations”.

The loss of information – whether through negligence or malicious intent – can damage our ability as a department to conduct analysis, make decisions, and provide advice to the Government of Canada. Every Defence Team member has a role to play in safeguarding information and protecting our collective interest, and it starts with sound information management practices.

1. Know What Information Must be Protected
All information is not created equal. The Government of Canada categorizes information into: records of business value, transitory, and enduring. Know what type of information you are dealing with and manage it appropriately.

To learn more, contact your organization’s Information Management Officer (IMO), consult the Guide to Recordkeeping in DND/CAF for guidance on business-value records, or the National Defence Security Orders and Directives (Chapter 6: Security of Information) on sensitivity classification rules.

2. Save Business Value Information in an Appropriate Corporate Repository
The first step in protecting information is to ensure that it is captured. Records of business value must be saved in an appropriate corporate repository as directed by your IMO, whether in paper or electronic format, classified or unclassified and on the DWAN or another departmental network. Authorized electronic corporate repositories include:

A)For Unclassified information:
• GCDOCS – the Government of Canada’s enterprise-wide solution for the standardized management of electronic records and documents, currently at various stages of implementation across the DND.
•RDIMS-Records, Documents and Information Management System.
•Interim corporate repositories until your organization implements GCDOCS or RDIMS:
•Shared drives organized in accordance with your group’s file plan;
•DMCS (Document Management and Control System); or
•SharePoint with appropriate recordkeeping metadata.

B)For Classified information:
-Interim corporate repositories (until your organization adopts an official records and document management system on a secure network):
-Shared drives, organized in accordance with your Group’s file plan, at the appropriate level of security, such as on the CSNI (Consolidated Secret Network Infrastructure).

3. Destroy Transitory Information
Protecting information also means destroying transitory information when it is no longer in use. Draft documents, duplicate copies and stale-dated information can be sources of confusion and misleading information, which can have disastrous results. You have the responsibility to dispose of transitory information in a timely manner to avoid information overload and information-related risk.

4. Open by Default and Authority to Release
The Government of Canada’s new directive on Open Government sets “Responsibility to share” and “Open by default” practices for sharing unclassified information as broadly as possible throughout DND/CAF, while respecting document security and privacy guidelines.

As we adopt these new practices, we must pay particular attention to continuing to protect the information that warrants protection by ensuring it has the appropriate designation, and providing access to information deemed unclassified. When sharing information, consider who might be able to see it and how it could be used. Could the information be misconstrued or misinterpreted? If in doubt, talk with your IMO or chain of command to ensure that you have the appropriate approvals to release the information.

When You Have Questions
To learn more, speak with your organization’s IMO (find a list at img.mil.ca/nls-snn/rki-ltd/cl-lc-eng.asp), consult the Information Management Services’ intranet page by clicking on the featured link “I am IM” at img.mil.ca, or consult the DAOD 6001-1, Recordkeeping at intranet.mil.ca/en/defence-admin-orders-directives/index.page

Date modified: