Skip to main content

Information security

The Government-wide adoption of common policy, standards, guidelines and processes for information security, including data classification and management, enables the Victorian Government to reduce the risk of inappropriate information release or access.

How to report an incident

Please note if you are an AusCERT subscriber, you can also report an incident by emailing vicsoc@auscert.org.au

Services

Victorian Government departments and agencies may be entitled to receive the following services which DPC has subscribed to on their behalf, including:

AusCERT
AusCERT is a trusted source of information security advice. The organisation assists members with services that aid in the prevention and detection of information security incidents. Members receive updates on emerging threats and vulnerabilities, and recommendations on how to mitigate them.

To confirm whether a Victorian Government department or agency is entitled to receive this service, contact AusCERT.

Information Security Forum (ISF)
The ISF provides unique authoritative advice, guidance and resources on all aspects of information security management for the Victorian Government. This resource is available to all inner and outer budget departments and agencies. Visit the ISF Website to learn more and create your account.

Please note: approval from Enterprise Solutions is required for all new ISF accounts.

Cyber security alerts
In accordance with the Australian Government, Enterprise Solutions acts as a central point of contact for the distribution of cyber security alerts for the Victorian Government.

We provide information security alerts to ensure CIOs, information security specialists and service providers are aware of current information security threats, issues and risks. Enterprise Solutions recommends that Victorian Government departments and agencies liaise with their IT service providers to identify information security threats, issues and risks and confirm that adequate and timely remediation is undertaken.

Cyber security alerts relating to or based on IP addresses are validated by the Australian Government against the Asia Pacific Network Information Centre (APNIC) Whois Database. Departments and agencies are responsible for maintaining their IP address and contact information with APNIC.

Cloud Risk Assessments

Enterprise Solutions commissioned BAE Systems to develop risk assessments of the Microsoft, Google and AWS Cloud Services for the Victorian Government. If you are an employee or contractor within the Victorian Government and would like electronic copies of these documents, please contact us.

Policy, Standards and Guidelines

SEC STD 10 – WoVG Standard – Information Security – IP Address Management: This standard covers the management of publicly routable IPv4 addresses within the Whole of Victorian Government (WoVG). It also covers the transition from IPv4 to IPv6. This standard will assist with proper attribution of alerts from the Commonwealth Cyber Security Operations Centre (CSOC).  Download: PDF (333 KB) Word (54 KB)

FAQs have also been developed to assist with the implementation of this standard. Download: PDF (364 KB) Word (258 KB)

Further information

Please visit the Victorian Protective Data Security Standards (VPDSS) webpage for the latest Information Security policies, standards and guidelines.

Copies of superseded policies, standards and guidelines are also available in the archive.