Effective cybersecurity is as much about policy & governance as it is about tools and technology, however knowing where to start with these things can be challenging. In this post we have compiled a list of useful cybersecurity policy resources to help you build and enhance your cybersecurity governance.

Australian Cyber Security Centre

The Australian Cyber Security Centre (ACSC) is an initiative of the Australian government’s Australian Signals Directorate. The website contains a wealth of resources for both individuals and organisations, including alerts for new security threats, and the ability to report a cybercrime or security incident.

ACSC Homepage | Cyber.gov.au

Essential Eight Maturity Model

The Australian Cyber Security Centre (ACSC) has developed extensive strategies for the mitigation of cyber security incidents, with the most effective of these labelled The Essential Eight. Not only is the Essential Eight an excellent initiative for every business, Essential Eight compliance is also fast becoming a mandatory requirement for many tenders, contracts and cybersecurity policies.

Essential Eight Maturity Model | Cyber.gov.au

Key questions for an organisation’s board of directors

The Australian Securities & Investment Commission has compiled a list of key questions for board members to consider. Topics include Risk management framework, Identifying cyber risk and incident response awareness.

Key questions for an organisation’s board of directors | ASIC

Create a cybersecurity policy

The Australian government Business website provides an excellent quick-start guide to creating your own cybersecurity policy. Of course every policy will be unique to your own organisation, but this guide provides an excellent template to get you started, including sections such as:

  • Password requirements
  • Social media access
  • Incident response planning

Create a cyber security policy | business.gov.au

University of Queensland Cyber Security Policy

The University of Queensland has published its own Cyber Security Policy which provides an interesting real-world example of such a policy. Although of course uniquely crafted for the university’s own purpose, it does provide a useful example of how such a policy can be shaped.

Cyber Security – Policy – Policies and Procedures Library – The University of Queensland, Australia (uq.edu.au)