Victoria unveils new cyber incident management plan

By

Details public sector response to incidents.

The Victorian Department of Premier and Cabinet has released a new cyber incident management plan (CIMP) to coordinate the public service’s response to the 1900 cyber attacks it faces each day.

Victoria unveils new cyber incident management plan

Chief information security officer, John O’Driscoll, said these attacks come from a mix of state actors, cyber criminals, political ‘hacktivists’, and “online vandals” at a rate of about one attempted attack every 45 seconds.

The new CIMP, as part of the state’s broader cyber incident management framework, supports government agencies’ existing response plans and connects them with Victoria’s inter-jurisdictional emergency management arrangements, O'Driscoll said.

The plan defines four categories of cyber event based on severity:

  • Cyber Event – suspected or unsuccessful attempt to compromise with no business impact
  • Cyber Incident – compromise with minor impact
  • Significant Cyber Incident – compromise with limited or major impact
  • Cyber Emergency – serious or exceptional compromise with community consequences.

It also outlines organisations’ obligations in response to an incident and defines protocols for intelligence and information sharing.

However, the department said the CIMP does not replace an organisation’s existing infosec plans, policies or procedures.

“Rather, you should update existing documents to align with the CIMP,” the department said.

It applies to all of the state’s public sector bodies, however, local governments are exempt (although strongly encouraged to apply the plan anyway).

Under the plan, organisations are required to prepare for a cyber attack by:

  • Creating their own cyber incident response plans
  • Establishing a cyber incident management team
  • Practicing responses to cyber incidents with the incident management team.

Whole-of-government responses to cyber incidents will be managed by the by the Cyber Incident Response Service (CIRS) with the Department of Premier and Cabinet, which is also available to help out other organisations manage their own cyber incidents.

The department said 90 percent of government organisations experienced a cyber incident between 2017 and 2018, most of which centred around phishing attempts and malware.

Three quarters of the Victorian public service also reported some level of system or service disruption from cyber incidents during the same period.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © iTnews.com.au . All rights reserved.
Tags:
cisogovernmentsecuritystate governmentstrategyvictoria

Sponsored Whitepapers

Leverage Technologies: Industry-Tailored ERP Implementation for Growth and Compliance
Leverage Technologies: Industry-Tailored ERP Implementation for Growth and Compliance
Service Over Signatures: The Truth About No Lock-In IT
Service Over Signatures: The Truth About No Lock-In IT
Wasabi Reveals Hidden Costs and Cloud Storage Shifts in ANZ for 2025
Wasabi Reveals Hidden Costs and Cloud Storage Shifts in ANZ for 2025
Datacom + Microsoft Azure: Turn Ideas Into Impact in Just 4 Weeks
Datacom + Microsoft Azure: Turn Ideas Into Impact in Just 4 Weeks
Protect APIs. Protect Your Business.
Protect APIs. Protect Your Business.

Events

Most Read Articles

Victoria Police renews decade-long IT support deal for another three years

Victoria Police renews decade-long IT support deal for another three years
Google offers new proposal to stave off EU antitrust fine

Google offers new proposal to stave off EU antitrust fine
Qld tables $1 billion for major whole-of-government tech overhaul

Qld tables $1 billion for major whole-of-government tech overhaul
NSW seeks to build unhackable netbook network

NSW seeks to build unhackable netbook network
techpartner.news logo
Dave Stevens on Brennan's evolution and the need for Aussie tech unity
Dave Stevens on Brennan's evolution and the need for Aussie tech unity
Sydney's ITKnocks on contact centre AI and the slow death of the IVR
Sydney's ITKnocks on contact centre AI and the slow death of the IVR
"It's an exciting time to be part of the health and aged care sector"
"It's an exciting time to be part of the health and aged care sector"
Insicon founder Matt Miller on the coming 'tsunami' of compliance and educating boards about cyber security
Insicon founder Matt Miller on the coming 'tsunami' of compliance and educating boards about cyber security
Orro claims Australia first with managed digital asset discovery service
Orro claims Australia first with managed digital asset discovery service

Log In

  |  Forgot your password?