AUSTRALIA’S
1Szhz8e
1Szhz8e
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
RAISE THE BAR<br />
While detecting and responding to cyber<br />
intrusions is important, even more important<br />
is to harden our networks and systems and<br />
make them less vulnerable to intrusions. In<br />
this case, prevention is definitely better than<br />
the cure.<br />
Although some organisations may be<br />
implementing international cyber security<br />
standards that all organisations can<br />
achieve, others are not doing so. In our<br />
interconnected world, a solid baseline of<br />
cyber security practice is critical to achieving<br />
confidence online.<br />
Self-regulation and a national set of simple,<br />
voluntary guidelines co-designed with the<br />
private sector will help organisations improve<br />
their cyber security resilience. As suggested<br />
by the private sector, these guidelines will be<br />
based on the Australian Signals Directorate’s<br />
Strategies to Mitigate Targeted Cyber<br />
Intrusions. These strategies will continue<br />
to be updated to keep pace with evolving<br />
technologies and innovative responses to<br />
cyber security challenges.<br />
While in its infancy in Australia, the rapidly<br />
growing cyber insurance market may help<br />
enforce improved cyber security performance.<br />
ASX 100 listed businesses will have the<br />
opportunity to improve their cyber security<br />
governance by participating in voluntary<br />
governance ‘health checks’. The governance<br />
‘health checks’ will enable boards and senior<br />
management to better understand their<br />
cyber security status and how they compare<br />
to similar organisations. In time, these health<br />
checks (similar to the United Kingdom’s<br />
FTSE 350 governance health checks) will be<br />
available for public and private organisations,<br />
tailored to size and sector.<br />
Small businesses often find it challenging to<br />
allocate resources to do cyber security well.<br />
Without adequate cyber security they can<br />
become the soft underbelly or back door into<br />
connected organisations. The Government<br />
will provide support for small businesses<br />
to have their cyber security tested by<br />
certified practitioners.<br />
The Government will also support the<br />
Council of Registered Ethical Security Testers<br />
(CREST) Australia and New Zealand to<br />
expand its certification of information security<br />
testing services.<br />
CREST AUSTRALIA AND NEW ZEALAND<br />
The Council of Registered Ethical Security Testers (CREST) Australia New Zealand is a<br />
not-for-profit cyber security standards organisation where member companies become<br />
CREST Approved if they meet appropriate governance standards. CREST Australia New<br />
Zealand then provides accreditation and certification for employees and contractors of<br />
CREST Approved Member Companies through practical exams in penetration testing<br />
and soon other in-demand areas of cyber security. CREST certified practitioners, while<br />
being attached to CREST Approved Companies with good governance, give businesses in<br />
Australia and the region the confidence that testing of the cyber security of their networks<br />
and systems is done by skilled cyber security professionals.<br />
<strong>AUSTRALIA’S</strong> CYBER SECURITY STRATEGY | 35