1. OCAU Merchandise is available! Check out our 20th Anniversary Mugs, Classic Logo Shirts and much more! Discussion in this thread.
    Dismiss Notice

Australian Government's Protective Markings in Emails

Discussion in 'Business & Enterprise Computing' started by tin, Mar 16, 2007.

  1. tin

    tin Member

    Joined:
    Jul 31, 2001
    Messages:
    6,422
    Location:
    Narrabri NSW
    Anyone else had to deal with this one?

    I support a small Government agency. One of those statutory corporations, but it's a tiny one with only 12 or so employees. I'm not an employee there... I'm more like a consultant. Anyway, they have forwarded a letter to me that they received on the 28th of Feb saying they have to do this Protective Markings thing by the end of March.

    I've never heard of it before now. On skimming over the docs, it seems like the rantings of a paranoid lawyer who has worked out what headers are in emails...

    I'm not sure what it's all about at this stage... Let alone how I'm supposed to implement it.
     
  2. Rezin

    Rezin Member

    Joined:
    Oct 27, 2002
    Messages:
    9,485
  3. OP
    OP
    tin

    tin Member

    Joined:
    Jul 31, 2001
    Messages:
    6,422
    Location:
    Narrabri NSW
    Yeah. That was one I found too. Doesn't really help at all.
     
  4. TaroT

    TaroT Member

    Joined:
    Jan 18, 2002
    Messages:
    8,727
    Location:
    Hazelbrook nsw 2779
  5. daveoverclock

    daveoverclock Member

    Joined:
    May 28, 2004
    Messages:
    77
    Location:
    Algester
    Looks like the simplest way to implement it is to get the users to type the classification into the subject line of the message.
    Dave
     
  6. OP
    OP
    tin

    tin Member

    Joined:
    Jul 31, 2001
    Messages:
    6,422
    Location:
    Narrabri NSW
    Yeah... that's what the docs seem to suggest. Although apparently the servers are supposed to reject messages of a higher classification or something. I don't really get the point of that, since misdirecting to a non government email would allow the message to go through no worries.
     
  7. OP
    OP
    tin

    tin Member

    Joined:
    Jul 31, 2001
    Messages:
    6,422
    Location:
    Narrabri NSW
    Sure, blame the guy that found out about it today while at work doing my normal job. I don't work at this place at all as such. I get called in as a consultant/support guru.

    Edit: I'm seriously not happy about this. I was about to tell them to just find someone else from now on today. I'm certainly not going to rush out and solve this one for them.
     
    Last edited: Mar 16, 2007
  8. OP
    OP
    tin

    tin Member

    Joined:
    Jul 31, 2001
    Messages:
    6,422
    Location:
    Narrabri NSW
    Umm. No results that seemed to be anything useful.

    I'm going to ignore the part where you just said I don't know what I'm doing.
    But on the other hand, buggering this off to someone else is what I want to do right now. I mean for starters it's already taken over an hour of my time just in getting a quick look at what it is... Fully reading the docs looks like a good days worth.

    Like I said, I only contract to them, so I don't "work for them" as such. My real job is elsewhere. Knowing how they are run is not a part of what I do for them... I recommend hardware, twiddle server settings and figure out why Windows or MSOffice has stopped working on one of their boxes. Total time in there is usually less than 2 hours a month.
     
  9. OP
    OP
    tin

    tin Member

    Joined:
    Jul 31, 2001
    Messages:
    6,422
    Location:
    Narrabri NSW
    I haven't been contracted to do anything as far as actual contracts go. It's only ever been a series of one off verbal contracts. Never paper.

    Yes. You already said that. Perhaps if you specified "about this", then I wouldn't have said anything.
    And why don't I know anything about this? Perhaps because I was never told about it until yesterday arvo. Maybe if I'd been told of it when it was being developed, then I would ahev had time to read about it and know what it was about. Since it's been shoved on me with a 2 week deadline and I'm left to figure it out on my own, I'm a little pissed off about it.

    As much as I like the money from doing a few hours at the place, I'm really ready to tell them to bugger off now.
     
  10. Smoke87

    Smoke87 Member

    Joined:
    Jun 17, 2005
    Messages:
    6,195
    Poor fool,

    you may enter into contracts verbally.
     
  11. OP
    OP
    tin

    tin Member

    Joined:
    Jul 31, 2001
    Messages:
    6,422
    Location:
    Narrabri NSW
    Does that part elude you?
    Never has there been anything long term or specifically about making sure they meet all their obligations to the Government. Only to fix the problems.

    Sorry I ever asked the question. Why did it become all about how I'm somehow responsible for these all important changes?
    Doesn't matter now anyway. I sent them an email today saying their on there own for this one and passed on the company names Eric mentioned. No longer my problem.
     
  12. SLi_dog

    SLi_dog Member

    Joined:
    Sep 7, 2005
    Messages:
    2,283
    Location:
    NT
    They're bringing that in at work.

    It's implementation date was April 1st so I just laughed it off as an April Fools Joke.........unfortunatley it's not :thumbdn: :mad:
     
  13. OP
    OP
    tin

    tin Member

    Joined:
    Jul 31, 2001
    Messages:
    6,422
    Location:
    Narrabri NSW
    I'm not alone then... The letter that got forwarded to me just said "end of March", but the thought of an April 1 announcment of "ha ha, fooled you" did cross my mind.
     
  14. jimmy

    jimmy Member

    Joined:
    Jun 27, 2001
    Messages:
    2,096
    Location:
    Toowoomba, QLD
    it's pretty typical gov scenario Tin, happens a lot in the education sector as well. They breath down on you, give you no funding and no training and expect it finished last year. :D If your not comfortable with it just tell them to contact there district tech if there is one to get the matter resolved. Good Luck.
     
  15. OP
    OP
    tin

    tin Member

    Joined:
    Jul 31, 2001
    Messages:
    6,422
    Location:
    Narrabri NSW
    I found out today that this isn't the only thing in the "security manual" that they haven't organised. They have 2 weeks to do everything else aswell (non computer stuff I mean).
    I was also told that they have decided to do a "risk assessment" on it, and if it's low risk, not do it at all. That kind of goes against the "You must do it" letter they got, but it's not my problem if their management decide to not do something.

    Also, I kind of expect the lack of funding in education... I went to a public school so I know what it's like. Moving into working at one I expected things like trying to run XP on old PCs, etc.
     
  16. jimmy

    jimmy Member

    Joined:
    Jun 27, 2001
    Messages:
    2,096
    Location:
    Toowoomba, QLD
    yeh but we shouldn't expect lack of funding for schools, it's our country's future. Arh yes the "risk assesments" and "audits" lovely people that tell you things you should have known but were never told about. ;)

    Anyhow ive never heard of this tumbleweed, is it good for filtering image spam? Should i suggest it to my hosting company or as read before it's a very costly system to implement? I am getting sick of the take the blue pill rabbit hole emails..
     
  17. OP
    OP
    tin

    tin Member

    Joined:
    Jul 31, 2001
    Messages:
    6,422
    Location:
    Narrabri NSW
    Aren't we all... At least that one was half funny.
    I've simply started dropping messages from servers listed by a few of the more reputable RBLs. It seems to have lowered the numbers dramatically. Previously I was tagging those emails, and for months nothing legit got tagged, so I started dropping them.
     
  18. aegan

    aegan Member

    Joined:
    Jun 21, 2002
    Messages:
    1,959
    Location:
    Under The Bridge
    we've implemented JanuSeal. Can't tell you much more than that.. apart from the fact that it's been in a test stage in prod for some time.. and was just this week rolled out to the production environment in it's entirity.
     
  19. stalin

    stalin (Taking a Break)

    Joined:
    Jun 26, 2001
    Messages:
    4,581
    Location:
    On the move
    Being a Government entity you should already comply with the Protective Security Manual (PSM) - http://www.ag.gov.au/www/agd/agd.nsf/Page/RWPE30AA68A4D5313EACA2571EE000AAF9F
    .

    To comply with the PSM you need to comply with Australian Government Information and Communications Technology Security Manual (ACSI 33)

    It sounds to me like they have NFI about what they are doing, and I would run for the hills.

    They have no hope of doing the processes required to implement the PSM requirements in 2 weeks. Even just the policies and the like.

    It seems odd to me.


    I think the option of your CEO/Director signing off on the risk of not doing it would be the easiest option for you. If your department only deals with low classification levels (PUBLIC DOMAIN,
    or UNCLASSIFIED) you may be able to mark all your communications at that level by default, no need for a sophisticated marking system.. Keeping in mind that you cant classify a document above your own classification.
     
  20. stalin

    stalin (Taking a Break)

    Joined:
    Jun 26, 2001
    Messages:
    4,581
    Location:
    On the move

    For your behinds sake, dump all the dropped emails someplace where they are retrivable.
     

Share This Page

Advertisement: