Vic Govt to release cyber security strategy

The Victorian government has announced it will soon begin developing a whole-of-government cyber security strategy, just days before the state’s auditor-general is due to release its assessment of the government’s IT security framework.

Victorian technology minister Gordon Rich-Phillips yesterday revealed work will soon start on the new strategy which will “strengthen alignment of cyber risk management” within the state government. 

The government has brought in Alastair MacGibbon, director at the Centre for Internet Safety, to help develop the strategy which will be released next year. 

The strategy will set out governance structures and lines of accountability for IT security operational capability; cyber security risk; management of cyber threats; cyber security emergency response; and cyber security workforce skills. 

The announcement comes just days before the Victorian Auditor-General’s planned release of his whole of Victorian government (WOVG) Information Security Management Framework Audit, scheduled to be tabled in parliament before the end of November.

The audit will assess the effectiveness of the state’s IT security standards and policies as well as the public sector’s approach to data and system protections. 

“The Victorian public sector is heavily reliant on [ICT] to deliver services and to effectively manage its internal business and activities. Emerging threats to information security pose an escalating risk for ICT systems in the Victorian public sector,” the audit blurb reads.

It will examine the appropriateness of IT security policy direction, standards and processes,the role of central agencies and the effectiveness current IT security controls. 

The Victorian Government’s new cyber security strategy will be its first in the area.

In February this year the state government released a 50-point plan to overhaul its approach to IT, in order to cut down on costs and move away from mismanaged projects commenced by the previous Labor government.