08 Feb Department of Finance, Services & Innovation implements new cyber security policy

Strong cyber security is an important component of the NSW Digital Government Strategy.

The NSW Department of Finance, Services and Innovation (DFSI) has implemented a Cyber Security Policy to replace the NSW Digital Information Security Policy 2015.

The NSW Cyber Security Policy (the policy) replaces the NSW Digital Information Security Policy 2015 and is part of the action plan outlined in the 2018 NSW Cyber Security Strategy. Key improvements include strengthening cyber security governance, identifying an Agency’s most valuable or operationally vital systems or information (also called the “crown jewels”), strengthening cyber security controls, developing a cyber security culture across all staff, working across government to share security and threat intelligence and a whole of government approach to cyber incident response.

Agencies must establish effective security policies and procedures and embed cyber security into risk management practices and assurance processes. When security risk management is done well, it underpins organisational resilience because entities know their security risks, make informed decisions in managing those risks, identify opportunities and continuously improve. This is reinforced with meaningful training, communications and support across all levels of the Agency.

The mandatory requirements are:

• Planning and Governance
• Cyber Security Culture / Awareness
• Manage Cyber Security Risks
• Resilience against cyber attack
• Report against the requirements

When security risk management is done well, it underpins organisational resilience because entities know their security risks, make informed decisions in managing those risks, identify opportunities and continuously improve.

Sense of Security has the full range of services and products to assist NSW agencies. For more information visit our NSW Department of Finance, Science and Innovation – New Cyber Policy page.