Skip to main content

You are here

Action plan

Action plan

 

Expand All

IL1 - Plan and develop policy frameworks

  • 1.1 Develop a South Australian Government Cyber Security Strategic Plan.
  • 1.2 Review the appropriateness and currency of existing cyber security policies for SA Government.
  • 1.3 Implement acontinuous improvement program and report regularly to the Senior Management Council on cyber security progress.

IL2 - Lead people and change to improve the culture of cyber security

  • 2.1 Deliver employee training and build awareness about information security.
  • 2.2 Integrate cyber risks within enterprise risk management processes.
  • 2.3 Encourage trust and confidence in online and digital service delivery.
  • 2.4 Support government agencies to ensure employees in positions of trust are appropriately trained and vetted.

IL3 - Assign government responsibility

  • 3.1 Establish an across government Cyber  Security  Governance Committee.
  • 3.2 Re-establish the across government IT Security Adviser Forum.
  • 3.3 Develop a cyber security profession career path for SA Government.
  • 3.4Take an active role in leading and influencing national cyber security initiatives.

IL4 - Measure cyber security

  • IL4.1 Create a Balance Scorecard for security outcomes.
  • IL4.2 Support a risk-based prioritisation of government expenditure on cyber security.

Strengthening the role of government in providing sound governance and clear accountabilities for a whole of government approach to cyber security.

Expand All

BR1 - Prevent and prepare

  • 1.1 Continue to develop the SA Government’s cyber resilience position.
  • 1.2 Deliver the ongoing SA Government TopTen Cyber Resilience and Preparedness Objectives work program.
  • 1.3 Develop a whole of government approach for the management of contractual cyber security risks.
  • 1.4 Develop an external/internal vulnerability scanning and assessment capability.
  • 1.5 Consciously consider emerging cyber threats in the development of intelligence products.
  • 1.6 Improve security and policy control measures for areas of high risk, including critical infrastructure.
  • 1.7 Develop a cyber security‘Marketplace’ or‘Kiosk’.
  • 1.8 Undertake regular cyber crisis planning, preparedness and response exercises with government and industry partners.

BR2 - Respond and recover

  • 2.1 Enhance cyber security incident and crisis management arrangements to improve alignment with Commonwealth, State Crisis and Emergency Management arrangements.
  • 2.2 Review cyber insurance arrangements for government.
  • 2.3 Create systems and processes for resource pooling for significant cyber security incident responses.

BR3 - Grow

  • 3.1 Document and share lessons learned from significant cyber security incidents to promote cross-sector collaboration.
  • 3.2 Establish uniformity of cyber security resourcing across the public sector to ensure adequate resourcing.

Strengthen the approach to the prevention of, detection of , response to and recovery from cyber security threats and incidents.

Expand All

Cultivate a collaborative approach that brings together all levels of government with academia and the private sector to cyber security.

SR1 - Share knowledge and threat intelligence

  • 1.1 Deploy a Threat Intelligence Platform for use by all government agencies.
  • 1.2 Continue to develop the Watch Desk facility as a respected and leading incident detection, response and advisory group for across government.
  • 1.3 Develop a whole of government approach for the management of contractual cyber security risks.

SR2 - Develop partnerships

  • 2.1 Support the establishment of the SA node of AustCyber.
  • 2.2 Support the establishment of the Joint Cyber Security Centre in Adelaide by the Australian government.
  • 2.3 Establish strong and improved engagement programs and partnerships with industry.
  • 2.4 Establish partnerships with academia to ensure suitable education and training is available within SA for cyber security skills growth.

SR3 - Build capability

  • 3.1 Ensure an agile future resource capability by providing appropriate skills training.
  • 3.2 Establish a leading Cyber Security Operations Centre.
  • 3.3 Research and provide common services and tools for cyber security for use by government and non-government stakeholders.
  • 3.4 Facilitate growth and innovation in cyber security with other industries.

SR4 - Assess societal impacts

  • 4.1 Extend cyber security awareness to citizens via media and community engagement to create a valued cyber security conscious state.
  • 4.2 Support programs to raise awareness about the impact of emerging risks, vulnerabilities and developing resilience.
  • 4.3 Include cyber security threats in the government’s emergency management public awareness campaigns.

Last updated: 08 February 2018