With Australian cybersecurity standards in their ‘infancy’, industry seeks clarity

There are more cybersecurity standards and resilience frameworks than people to implement them, pointing to a need for harmonisation and aggregation.

crying whining baby after tantrum
Thinkstock

Evoking the bon mot that “the great thing about standards is that there are so many to choose from,” Sydney-based consultancy InConsult has debuted a new cyberresilience framework—just weeks after a New South Wales government strategic report called for better alignment among cybersecurity standards covering various industry sectors.

Developed by reviewing a broad range of cybersecurity and risk-management frameworks, InConsult’s six-element Cyber Resilience Framework leans heavily on governance as its first and most fundamental element, calling for a “formal and proactive governance framework” that lays down the organisation’s “intent, commitment, practices, plans, and responsibilities for achieving cyberresilience”.

The Cyber Resilience Framework

The framework highlights the need for cyberresilience to be addressed as a board priority, not at the IT level, with clear delineation of roles and responsibilities fostering ongoing board engagement. Formal risk assessments must be used, incorporating a range of factors including the value of information, existing control layers, and their effectiveness.

The six stages are divided into pre-incident (detect, identity, protect) and post-incident (refine, respond, recover) stages—helping organisations formulate a consistent and all-encompassing response in the event of a cybersecurity incident.

To continue reading this article register now

Subscribe today! Get the best in cybersecurity, delivered to your inbox.