NIST Cybersecurity Framework is a guidance on how both internal and external stakeholders of organizations can manage and reduce cybersecurity risk. It lists organization specific and customizable activities associated with managing cybersecurity risk and it is based on existing standards, guidelines and practices.
While no set of mitigation strategies are guaranteed to protect against all cyber threats, organisations are recommended to implement eight essential mitigation strategies from the ACSC’s Strategies to Mitigate Cyber Security Incidents as a baseline. This baseline, known as the Essential Eight, makes it much harder for adversaries to compromise systems.
SO/IEC 27001 is a standard for information security management systems (ISMS). Additional best practice in data protection and cyber resilience are covered by more than a dozen standards in the ISO/IEC 27000 family. Together, they enable organizations of all sectors and sizes to manage the security of assets such as financial information, intellectual property, employee data and information entrusted by third parties.
Company directors should beware that failure to adequately address cybersecurity risk or comply with relevant disclosure and reporting requirements, may be a breach of their directors’ duties.
Given the magnitude and prominence of cyber risk for most organisations, informed oversight of risk involves the board being satisfied that cyber risks are adequately addressed by the risk management framework of the organisation.
The ASIC good practices recommend, periodic review of cyber strategy by a board of directors, using cyber resilience as a management tool, for corporate governance to be responsive, collaboration and information sharing, third-party risk management and implementing continuous monitoring systems.
Australia’s Cyber Security Strategy 2020 (3MB PDF)
Through the Strategy, $1.67 billion has been invested over 10 years to achieve a more secure online world for Australians, their businesses and the essential services upon which we all depend.
Copyright © 2023 Crana Consulting - All Rights Reserved.
2023
We use cookies to analyze website traffic and optimize your website experience. By accepting our use of cookies, your data will be aggregated with all other user data.