Australian Department of Home Affairs’ Post

New Directions have been issued today under the Protective Security Policy Framework (PSPF). These Directions support the Australian Government's commitment under the 2023-2030 Australian Cyber Security Strategy to strengthen the cyber maturity of Government departments and agencies.

🔒 𝗜𝗺𝗽𝗼𝗿𝘁𝗮𝗻𝘁 𝗨𝗽𝗱𝗮𝘁𝗲: 𝗣𝗦𝗣𝗙 𝗗𝗶𝗿𝗲𝗰𝘁𝗶𝗼𝗻 - 𝗝𝘂𝗹𝘆 𝟮𝟬𝟮𝟰 🔒 Stay informed and compliant with the latest Australian updates to the Protective Security Policy Framework (PSPF). 𝙏𝙝𝙚 𝙅𝙪𝙡𝙮 2024 𝙙𝙞𝙧𝙚𝙘𝙩𝙞𝙤𝙣 𝙪𝙥𝙙𝙖𝙩𝙚 𝙞𝙣𝙘𝙡𝙪𝙙𝙚𝙨 𝙘𝙧𝙞𝙩𝙞𝙘𝙖𝙡 𝙘𝙝𝙖𝙣𝙜𝙚𝙨 𝙖𝙣𝙙 𝙚𝙣𝙝𝙖𝙣𝙘𝙚𝙢𝙚𝙣𝙩𝙨 𝙩𝙤 𝙨𝙚𝙘𝙪𝙧𝙞𝙩𝙮 𝙢𝙚𝙖𝙨𝙪𝙧𝙚𝙨 𝙖𝙣𝙙 𝙥𝙧𝙤𝙩𝙤𝙘𝙤𝙡𝙨. All organizations need to review these updates to ensure they meet the current standards and maintain the highest levels of security. 🔹 𝗞𝗲𝘆 𝗛𝗶𝗴𝗵𝗹𝗶𝗴𝗵𝘁𝘀: - Enhanced security protocols - Updated compliance requirements - New guidelines for managing security risks Ensure your organization is up-to-date with the latest PSPF direction. Read more: PSPF Direction Update - July 2024 (https://lnkd.in/gipup3H8) #Security #PSPF #ProtectiveSecurity #Compliance #PolicyUpdate #StayInformed #SecurityMeasures #RiskManagement #OrganizationalSecurity

There are three new mandatory Directions under the PSPF issued on 5 July 2024: 001-2024. Managing Foreign Ownership, Control or Influence Risks in Technology Assets - to identify and manage risks related to the procurement and maintenance of technology assets 002-2024. Technology Assets Stocktake - for Internet-facing systems and services 003-2024. Supporting Visability of the Cyber Threat - compulsory participation in the ASD’s Cyber Security Partnership Program I can only find one other previous Direction (001-2023), on the TikTok application, issued in April 2023. Although Directions do not change PSPF policy, they are compulsory for a Government entities accountable authority to adhere to. #PSPF #ASD #Cybersecurity

Addional directions to better manage risks to AU govt entities and share threat intelligence.

The Essential Eight, a set of security strategies developed by the Australian Signals Directorate (ASD), serves as a comprehensive framework to mitigate cyber threats effectively. Compliance with the Essential Eight is a proactive step towards building a secure digital environment and upholding the trust and integrity of online operations. This article lists Airlock Digital compliance statements with the Essential Eight Security Model for #ApplicationControl

Vide newly released Cyber Security Strategy 2030 by Australian Government. The Australian Government will work with industry to reinforce six shields and build our national cyber resilience. 1. Strong businesses and citizens Our citizens and businesses are better protected from cyber threats, and can recover quickly following a cyber attack. 2. Safe technology Australians can trust that their digital products and services are safe, secure and fit for purpose. 3. World-class threat sharing and blocking Australia has access to real-time threat data, and we can block threats at scale. 4. Protected critical infrastructure Our critical infrastructure and essential government systems can withstand and bounce back from cyber-attacks. 5. Sovereign capabilities Australia has a flourishing cyber industry, enabled by a diverse and professional cyber workforce. 6. Resilient region and global leadership Australia’s region is more cyber resilient and will prosper from the digital economy. We will continue to uphold international law and norms and shape global rules and standards in line with our shared interests.

Very glad that our updated National Cyber Security Strategy is now officially out. I look forward to really getting into the detail of it over the coming days (64 pages is a dedicated but important read!). One of my immediate "likes" is the stated aspiration of establishing an industry code of practice for incident response providers (Shield 1 Initiative 6 on pages 25-26). In my career I have been called into a live scenario on many occasions where the "incident responder" is not that at all, and at best can be described as a systems administrator who perhaps dabbles in security or "knows and understands the environment". In my view, this isn't good enough. We need Australian businesses to easily identify the specialists in this field, and know why, how and when to call them. As the Strategy reiterates and I agree, "When a cyber incident occurs, every moment matters". I look forward to seeing how this aspect of the Strategy evolves and NSB Cyber looks forward to being a part of the Cyber Response & Recovery and Cyber Defence solution for Australian businesses. #NoStepsBackward

Clearly, the strategy is focusing on the relevant issues that need to be addressed now, with a timeframe and objectives that make sense for the next seven years.

Australian Government released the 2023-2030 Australian Cyber Security Strategy; however, more importantly, it released the Action Plan in which you can find concrete steps, timeline, and responsible entities. I can't wait to dig in. 

Things are starting to move quickly in cyber strategic defensive and regulatory measures in Oz. Looking forward to seeing how this will help small businesses and not-for-profits become better equipped to defend against cyber attacks, but also make them more cyber savvy and able to remain calm in a crisis - as we all know it is never if, but when, you will be targeted. With this, now we are only waiting on the changes to the Privacy Act to see how everything can work in collaboration towards a more cyber-aware Australia!