- SERVICE MATURITY
Establish Cyber Security Strategy Group to facilitate a cross-industry strategic approach and an intelligence sharing mechanism.
Establish formal channels and mechanisms to engage with Australian Government cyber security services and strategic planning.
Establish and maintain a Victorian Government information sharing and incident response service comprising of contract arrangements and appropriate onsite service providers.
Appoint a Victorian Government Chief Information Security Officer and establish a cyber security office.
Develop and present a quarterly cyber security briefing and status report to the Victorian Secretaries Board and the State Crisis and Resilience Committee.
Establish an ICS/SCADA cyber security working group reporting ultimately to the State Crisis and Resilience Council that will develop and implement a three year multi-agency cyber security exercising program to build resilience, readiness and capability.
Describe cyber security desired target state.
Determine and establish whole-of-government subscriptions for internet security and information security services.
Finalise implementation of cyber emergency governance arrangements, including the creation of a cyber security group reporting ultimately to the State Crisis and Resilience Committee.
Work with CERT to align with the National Cyber Security Exercise Program initiative stemming from Australia’s Cyber Security Strategy.
Establish an initial baseline of cyber security status, including identifying high value information assets and infrastructure, followed by an annual cyber resilience benchmark report and status of progress against strategy delivery.
Undertake an assessment and issue guidance in relation to the Government’s obligations as a customer when consuming cloud services in a shared security model.
- Develop and operate a communication and engagement program for cyber security awareness within the government
Identify high inherent risk in small and medium sized entities (in conjunction with VMIA) so that services can be targeted.
Develop an integrated and federated Security Operations Centre model and implementation plan.
Identify and promote common cyber security services that can be accessed and shared.
Establish (with VMIA) a cyber capability uplift program including cyber security training, educational events, programs, and seminars.
Commence implementation of the cyber security capability recommendations released as part of the IT Capability Uplift Plan and developed under the Victorian Government IT Strategy.
Develop a workforce plan to attract, develop and retain specialist cyber security skills.
Develop and pilot a small and medium organisation cyber security operational model.
Undertake cyber security operational health check.
Establish a procurement panel to access private sector cyber services.
Undertake desktop target state review (timing meshes with Action 8).
Every 18 months.