Skip to main content

Information security

The Government-wide adoption of common policy, standards, guidelines and processes for information security, including data classification and management, enables the Victorian Government to reduce the risk of inappropriate information release or access.

Enterprise Solutions commissioned BAE Systems to develop risk assessments of the Microsoft, Google and AWS Cloud Services for the Victorian Government. If you are an employee or contractor within the Victorian Government and would like electronic copies of these documents, please get in touch via the ‘Contact’ function at the bottom of this page.



  • SEC STD 10 – WoVG Standard – Information Security – IP Address Management: This standard covers the management of publicly routable IPv4 addresses within the Whole of Victorian Government (WoVG). It also covers the transition from IPv4 to IPv6. This standard will assist with proper attribution of alerts from the Commonwealth Cyber Security Operations Centre (CSOC).
  • Download: PDF (333 KB) Word (54 KB)
  • FAQs have also been developed to assist with the implementation of this standard.
  • Download: PDF (364 KB) Word (258 KB)

The following standards have been withdrawn by Enterprise Solutions. Please refer to the Victorian Protective Data Security Standards for the relevant information.

  • SEC STD 01 Information Security Management Framework
  • SEC STD 02 Critical Information Infrastructure Risk Management
    SEC STD 03 Information security – Penetration testing


The following guidelines have been withdrawn by Enterprise Solutions. Please refer to the Victorian Protective Data Security Standards for the relevant information.

  • SEC GUIDE 01 ISMF Implementation Guide
  • SEC GUIDE 02 Business Impact Levels and Other Criteria
  • SEC GUIDE 03 Information security penetration testing
    SEC GUIDE 04 Safeguarding information while travelling 
  • SEC GUIDE 06 Information security cloud computing security considerations
  • SEC ADV 02 1 IB CII FAQs


Victorian Government departments and agencies may be entitled to receive the following services that DPC has subscribed to on their behalf, including:

AusCERT is a trusted source of information security advice. The organisation assists members with services that aid in the prevention and detection of information security incidents. Members receive updates on emerging threats and vulnerabilities, and recommendations on how to mitigate them.

To confirm whether a Victorian Government department or agency is entitled to receive this service, contact AusCERT by emailing membership[at]

Information Security Forum (ISF)
The ISF provides unique authoritative advice, guidance and resources on all aspects of information security management for the Victorian Government. This resource is available to all inner and outer budget departments and agencies. Learn more about ISF or create an account that will provide access to ISF services. Note that all new ISF accounts created for Victorian Government departments and agencies are approved by Enterprise Solutions.

Cyber security alerts
In accordance with the Australian Government, Enterprise Solutions acts as a central point of contact for the distribution of cyber security alerts for the Victorian Government.

We provide information security alerts to ensure CIOs, information security specialists and service providers are aware of current information security threats, issues and risks. Enterprise Solutions recommends that Victorian Government departments and agencies liaise with their IT service providers to identify information security threats, issues and risks, and confirm that adequate and timely remediation is undertaken.

Cyber security alerts relating to or based on IP addresses are validated by the Australian Government against the Asia Pacific Network Information Centre (APNIC) Whois Database . Departments and agencies are responsible for maintaining their correct IP address and contact information with APNIC.

How to report an incident

Please note if you are an AusCERT subscriber, you can also report an incident by emailing them at


The following templates have been withdrawn by Enterprise Solutions. Please refer to the Victorian Protective Data Security Standards for the relevant information.

  • SEC TEMP 01-1 Self Assessment VG Compliance Report Agency Input
  • SEC TEMP 01-2 ISMF Implementation Checklist
  • SEC TEMP 01-3 Inner Budget ISMF Summary Compliance Report Output
  • SEC TEMP 01-4 IB Self Assessment Compliance SUMMARY Report Output
  • SEC TEMP 02-1 IB CII Register Template Agency Input
  • SEC TEMP 02-2 IB CII Health Check Template Agency Input
  • SEC TEMP 02-3 IB CII Health Check Report SUMMARY Output