Skip to main content

You are here

Action plan

The South Australian Cyber Security Strategic Plan 2018-2021 has three strategic themes.  The below outlines the action plan to implement the strategy.

Expand All

IL1 - Plan and develop policy frameworks

  • 1.1 Develop a South Australian Government Cyber Security Strategic Plan.
  • 1.2 Review the appropriateness and currency of existing cyber security policies for South Australian Government.
  • 1.3 Implement a continuous improvement program and report regularly to the Senior Management Council on cyber security progress.

IL2 - Lead people and change to improve the culture of cyber security

  • 2.1 Deliver employee training and build awareness about information security.
  • 2.2 Integrate cyber risks within enterprise risk management processes.
  • 2.3 Encourage trust and confidence in online and digital service delivery.
  • 2.4 Support government agencies to ensure employees in positions of trust are appropriately trained and vetted.

IL3 - Assign government responsibility

  • 3.1 Establish an across government Cyber Security Governance Committee.
  • 3.2 Re-establish the across government IT Security Adviser Forum.
  • 3.3 Develop a cyber security profession career path for South Australian Government.
  • 3.4Take an active role in leading and influencing national cyber security initiatives.

IL4 - Measure cyber security

  • IL4.1 Create a Balance Scorecard for security outcomes.
  • IL4.2 Support a risk-based prioritisation of government expenditure on cyber security.

Strengthening the role of government in providing sound governance and clear accountabilities for a whole of government approach to cyber security.

Expand All

BR1 - Prevent and prepare

  • 1.1 Continue to develop the South Australian Government’s cyber resilience position.
  • 1.2 Deliver the ongoing South Australian Government TopTen Cyber Resilience and Preparedness Objectives work program.
  • 1.3 Develop a whole of government approach for the management of contractual cyber security risks.
  • 1.4 Develop an external/internal vulnerability scanning and assessment capability.
  • 1.5 Consciously consider emerging cyber threats in the development of intelligence products.
  • 1.6 Improve security and policy control measures for areas of high risk, including critical infrastructure.
  • 1.7 Develop a cyber security ‘Marketplace’ or ‘Kiosk’.
  • 1.8 Undertake regular cyber crisis planning, preparedness and response exercises with government and industry partners.

BR2 - Respond and recover

  • 2.1 Enhance cyber security incident and crisis management arrangements to improve alignment with Commonwealth, State Crisis and Emergency Management arrangements.
  • 2.2 Review cyber insurance arrangements for government.
  • 2.3 Create systems and processes for resource pooling for significant cyber security incident responses.

BR3 - Grow

  • 3.1 Document and share lessons learned from significant cyber security incidents to promote cross-sector collaboration.
  • 3.2 Establish uniformity of cyber security resourcing across the public sector to ensure adequate resourcing.

Strengthen the approach to the prevention of, detection of, response to and recovery from cyber security threats and incidents.

Expand All

Cultivate a collaborative approach that brings together all levels of government with academia and the private sector to cyber security.

SR1 - Share knowledge and threat intelligence

  • 1.1 Deploy a Threat Intelligence Platform for use by all government agencies.
  • 1.2 Continue to develop the Watch Desk facility as a respected and leading incident detection, response and advisory group for across government.
  • 1.3 Develop a whole of government approach for the management of contractual cyber security risks.

SR2 - Develop partnerships

  • 2.1 Support the establishment of the SA node of AustCyber.
  • 2.2 Support the establishment of the Joint Cyber Security Centre in Adelaide by the Australian Government.
  • 2.3 Establish strong and improved engagement programs and partnerships with industry.
  • 2.4 Establish partnerships with academia to ensure suitable education and training is available within South Australia for cyber security skills growth.

SR3 - Build capability

  • 3.1 Ensure an agile future resource capability by providing appropriate skills training.
  • 3.2 Establish a leading Cyber Security Operations Centre.
  • 3.3 Research and provide common services and tools for cyber security for use by government and non-government stakeholders.
  • 3.4 Facilitate growth and innovation in cyber security with other industries.

SR4 - Assess societal impacts

  • 4.1 Extend cyber security awareness to citizens via media and community engagement to create a valued cyber security conscious state.
  • 4.2 Support programs to raise awareness about the impact of emerging risks, vulnerabilities and developing resilience.
  • 4.3 Include cyber security threats in the government’s emergency management public awareness campaigns.

Cultivate a collaborative approach that brings together all levels of government with academia and the private sector to cyber security.

Last updated: 08 February 2019