Skip to main content

You are here

Implementation progress dashboard

The first 12 to 18 months of the strategy will see a significant amount of work undertaken across three strategic themes. This initial period will form the foundation for the future deliverables and inform the first strategic plan review in early 2019.

Expand All
 
Action   Task Success criteria Status  
IL1.1  

Develop a South Australian Government Cyber Security Strategic Plan

 

An approved and published South Australian Government Cyber Security Strategic Plan on SA.GOV.AU

Completed

 

 

IL3.1   Establish an across government Cyber Security Governance Committee An across government Cyber Security Advisory Sub Committee of the ICT and Digital Governance Board established. Sub Committee established with industry representation. Completed  
IL3.2   Re-establish the across government IT Security Adviser Forum Regular ITSA Forums delivered with improvements to the structure and delivery based on industry and participant feedback. Completed  
BR1.6   Improve security and policy control measures for areas of high risk, including critical infrastructure Current security and policy control measures for high risk systems re-examined, with implementation of improvement measures commenced.  In Progress  
BR2.1   Enhance cyber security incident and crisis management arrangements to improve alignment with Commonwealth, State Crisis and Emergency Management arrangements DPC in conjunction with CERT Australia undertake cyber security exercises for SEMC, DPC Control Agency for ICT failure, and agency ITSAs. In Progress & Ongoing  
BR3.1   Document and share lessons learned from significant cyber security incidents to promote cross-sector collaboration Lessons learnt are shared as required and on a quarterly basis thereafter – with a process in place. Ongoing  
SR1.1   Deploy a Threat Intelligence Platform for use by all government agencies Cyber Threat Intelligence Sharing Toolkit deployed for agency use. Completed  
SR1.2   Continue to develop the Watch Desk facility as a respected and leading incident detection, response and advisory group for across government Watch Desk facility reviewed and improvement plan implemented. In Progress & Ongoing  
SR2.1   Support the establishment of the SA Node of AustCyber SA Node established. Completed  
 
Action   Task Success criteria Status  
IL2.2   Integrate cyber risks within enterprise risk management processes. Cyber and information security risks are included on operational and corporate risk registers and treated as enterprise level risks. Completed & Ongoing  
IL4.1   Create a Balance Scorecard for security outcomes Independent across government cyber security assessment undertaken.  In Progress  
      Baselines for cyber security metrics set. In Progress  
IL4.2   Support a risk-based prioritisation of government expenditure on cyber security. Current levels and patterns of expenditure in cyber security across SA Government assessed. In Progress  
BR1.1   Continue to develop the SA Government’s cyber resilience position. Independent Cyber Resilience  Review undertaken (refer to IL4.1).
 
In Progress  
 
Action   Task Success criteria Status  
IL3.3   Develop a cyber security profession career path for SA Government Defined role guidance for across government security personnel designed. In Progress  
BR1.6   Improve security and policy control measures for areas of high risk, including critical infrastructure State Government Critical ICT infrastructure program redeveloped. In Progress  
BR1.8   Undertake regular cyber crisis planning, preparedness and response exercises with government and industry partners

An annual training program delivered each year. Cyber Terrorism exercise (funded by Australia-New Zealand Counter Terrorism Committee) undertaken.

Completed and Ongoing  
SR2.2   Support the establishment of the Joint Cyber Security Centre in Adelaide by the Australian Government Joint Cyber Security Centre established and operating in SA  with support from SA Government personnel. Completed  
SR3.2   Establish a leading Cyber Security Operations Centre. Review the options available for a State Cyber Security Operations Centre and report to the ICT and Digital Governance Board. In Progress  
SR4.3   Include cyber security threats in the government’s emergency management public awareness campaigns Inclusion of cyber security incidents on the ‘emergencies and safety’ section of SA.GOV.AU. In Progress  
 
Action   Task Success criteria Status  
IL2.1   Deliver employee training and build awareness about information security An across government cyber and information security employee training and awareness package designed. In Progress  
IL3.3   Develop a cyber security profession career path for SA Government Partnerships with industry and academia established to deliver relevant and suitable training for cyber and information security. In Progress  
 
Action   Task Success criteria Status  
BR2.3   Create systems and processes for resource pooling for significant cyber security incident responses

Implementation of cyber security resources for the management of significant cyber security incident responses, taking into account all skillsets required (i.e. more than just cyber security experts).

SA Communications Sector Forum’s capability and capacity developed through awareness raising exercises.

In Progress  
 
Action   Task Success criteria Status  
IL1.2   Review the appropriateness and currency of existing cyber security policies for the South Australian Government Information Security Management Framework (ISMF) 3.3 to be replaced by a simplified ISMF 4.0, and all associated standards and guidelines reviewed and updated.  In Progress  
      Deliver Cloud Security standards and guidelines.  In Progress  
      Deliver an updated PC030 – Protective Security Management Framework.  In Progress  
      Deliver an updated StateNet Conditions of Connection 4.0. In Progress  
IL3.3   Develop a cyber security profession career path for SA Government An across government mentoring and secondment program established. In Progress  
IL4.1   Create a Balance Scorecard for security outcomes Desired state for Cyber Security maturity defined for government agencies. In Progress  
BR1.2   Deliver the ongoing SA Government Top Ten Cyber Resilience and Preparedness Objectives work program. Top 10 Cyber Resilience and Preparedness Objectives second report submitted to Cabinet. In Progress  
BR1.3   Develop a whole of government approach for the management of contractual cyber security risks. Whole of government approach developed, including standard contract clauses. In Progress  
BR2.1   Enhance cyber security incident and crisis management arrangements to improve alignment with Commonwealth, State Crisis and Emergency Management arrangements SA Government response arrangements aligned with the Australian Government cyber crisis management arrangements. Completed and   
BR2.2   Review cyber insurance arrangements for government Cyber Insurance arrangements reviewed. Completed  
SR1.1   Deploy a Threat Intelligence Platform for use by all government agencies Toolkit deployed for private sector partners. In Progress  
SR2.4   Establish partnerships with academia to ensure suitable education and training is available within SA for cyber security skills growth.

Partnerships and engagement programs established and continuously improved to achieve optimal outcomes for stakeholders.
Examine support for the Cyber Security Cooperative Research Centre, with potential opportunities identified.

In Progress  
SR4.1   Extend cyber security awareness to citizens via media and community engagement to create a valued cyber security conscious state Public media campaign established. In Progress  
 
Action   Task Success criteria Status  
BR1.7   Develop a cyber security ‘Marketplace’ or ‘Kiosk’. Economies of scale achieved through across government procurement of essential cyber security tools/services. In Progress  
 
Action   Task Success criteria Status  
IL2.4   Support government agencies to ensure employees in positions of trust are appropriately trained and vetted Policy for all SA Government staff employed in positions of trust or working in areas delivering critical services to the state.  In Progress  
      Mandatory personal vetting and security screening implemented at a level appropriate to role prior to employment.     
      Mandatory security training for staff employed in positions of trust.    
 
Action   Task Success criteria Status  
BR3.1    Document and share lessons learned from significant cyber security incidents to promote cross-sector collaboration Formal collaboration tools used by security community for inter-agency sharing of lessons are reviewed and agencies increase their utilisation. Completed  
BR3.2   Establish uniformity of cyber security resourcing across the public sector to ensure adequate resourcing Cyber Security Workforce Framework developed.    
SR3.1    Ensure an agile future resource capability by providing appropriate skills training Identify common security roles with appropriate salary streams as guidance for agencies to ensure a uniform approach to security resourcing across the public sector and to assist with the attraction and retention of skilled staff within the state’s Cyber Security workforce.    
 
Action   Task Success criteria Status  
IL1.3   Implement a continuous improvement program and report regularly to the Senior Management Council on cyber security progress Six monthly updates provided to Senior Management Council.
Strategic Plan reassessed and modified.
   
SR4.1   Extend cyber security awareness to citizens via media and community engagement to create a valued cyber security conscious state Multi-year media and public relations campaign considered for launch in 2019.    
SR4.2   Support community programs to raise awareness about the impact of emerging risks, vulnerabilities and developing  resilience Cyber security information regularly given to citizens via SA.GOV.AU.
Regular drop in sessions for the public to ask cyber-related questions provided.
   
 
Action   Task Success criteria Status  
SR3.2   Establish a leading Cyber Security Operations Centre State Cyber Security Operations Centre established.    
 
Action   Task Success criteria Status  
BR1.4   Develop an external/ internal vulnerability scanning and assessment capability Full program implementation and business process established.    
 
Action   Task Success criteria Status  
IL2.3   Encourage trust and confidence in online and digital service delivery A reporting template and guidance for security considerations delivered by June 2018.
A reduced number and impact of security incidents related to online and digital delivery of services by 2019.
Full mandatory integration of security considerations in design and implementation of online services.
In Progress  
IL3.4   Take an active role in leading and influencing national cyber security initiatives. Increased participation by the South Australian Government in membership of relevant boards, committees and bodies in SA, nationally, and internationally.
Support the Joint Cyber Security Centre program and launch of the centre.
Completed and Ongoing  
BR1.5   Consciously consider emerging cyber threats in the development of intelligence products Watch Desk continues to develop its holistic threat intelligence capability.
Watch Desk provides timely and accurate cyber threat and intelligence information with regular feedback sought from stakeholders.
Delivery of the threat intelligence sharing platforms (refer to SR1.1).
Completed and Ongoing  
SR2.3   Establish strong and improved engagement programs and partnerships with industry Partnerships and engagement programs established and continuously improved to achieve optimal outcomes for stakeholders.
Ongoing support for the work of the Australian Government Critical Infrastructure Centre.
Ongoing support for the Trusted Information Sharing Network model, including participation in appropriate governance groups and involvement in exercises and training.
   
SR3.3   Research and provide common services and tools for cyber security for use by government and non-government  stakeholders Appropriate across government Cyber Security services and tools developed and endorsed by stakeholders.    
SR3.4   Facilitate growth and innovation in cyber security with other industries Areas (e.g. automation, artificial intelligence, cognitive computing, robotics) in which the state can facilitate growth and innovation identified during 2018 to 2021.    

Last updated: 08 February 2018