ASCP17 Principles to protect ISM from cyber threats draft Feb 2019
0 likes69 views
Domain categorisation of draft 2019 security principles released by ACSC - ASD Making Cyber Security digestible for C-Level www.davidpiercepm.com
ASCP17 Principles to protect ISM from cyber threats draft Feb 2019
- 1. David Pierce PM Leadership that Delivers Results Australian Signals Directorate Australian Cyber Security Principles (2019 Initial Draft) Categorised by David Pierce PM Risk and Cyber Security Practionier www.davidpiercepm.com 息 David Pierce PM adapted from : ASD> https://acsc.gov.au/publications/Australian_Cyber_Security_Principles_Initial_Draft.pdf
- 2. ACSC 18 Principles Protecting ISM David Pierce PM www.davidpiercepm.com Adapted form ASD> https://acsc.gov.au/publications/Australian_Cyber_Security_Principles_Initial_Draft.pdf Principles - Domain Categorised 1 of 5 Leadership 1. Cyber security leadership within organisations is provided by a Chief Information Security Officer (CISO). Access 2. Only trusted suppliers are used to deliver and support information and communications technology services. 3. Only trusted, and vendor-supported, applications are allowed to execute on systems.
- 3. ACSC 18 Principles Protecting ISM David Pierce PM www.davidpiercepm.com Adapted form ASD> https://acsc.gov.au/publications/Australian_Cyber_Security_Principles_Initial_Draft.pdf Principles - Domain Categorised 2 of 5 Access (cont) 4. Only trusted suppliers are used to deliver and support information and communications technology services. 5. Only trusted, and vendor-supported, applications are allowed to execute on systems. 6. 5. Personnel are educated and trained in cyber security matters. 7. 6. Personnel are granted the minimum access to information, applications and systems required for their duties.
- 4. ACSC 18 Principles Protecting ISM David Pierce PM www.davidpiercepm.com Adapted form ASD> https://acsc.gov.au/publications/Australian_Cyber_Security_Principles_Initial_Draft.pdf Principles - Domain Categorised 3 of 5 Access (cont) 8. Unauthorised access to systems, supporting infrastructure and facilities is restricted. Deployment 9. Cyber security risks are identified, managed and accepted before systems are used in production environments. 10. Applications, services and systems are designed, developed and deployed using secure practices.
- 5. ACSC 18 Principles Protecting ISM David Pierce PM www.davidpiercepm.com Adapted form ASD> https://acsc.gov.au/publications/Australian_Cyber_Security_Principles_Initial_Draft.pdf Principles - Domain Categorised 4 of 5 Deployment (cont) 11. Applications and services are configured in a secure manner to reduce their attack surface. Maintenance and Control 12. Cyber security risks are identified, managed and accepted before systems are used in production environments. 13. Applications, services and systems are designed, developed and deployed using secure practices.
- 6. ACSC 18 Principles Protecting ISM David Pierce PM www.davidpiercepm.com Adapted form ASD> https://acsc.gov.au/publications/Australian_Cyber_Security_Principles_Initial_Draft.pdf Principles - Domain Categorised 5 of 5 Maintenance and Control 12. Important information is backed up in a secure and resilient manner on a regular basis. 13. Sensitive information is encrypted at rest and in transit between different systems. 14. Information transferred between different systems is done so in a controlled and auditable manner. 15. Measures are implemented to detect and respond to cyber threats and cyber security incidents.
- 7. Learn more about David Pierce PM 息 David Pierce PM My Mantra: You are only as good as the last project you led Website www.davidpiercepm.com Blog www.davidpiercepm.com/blog LinkedIn www.linkedin.com/in/davidpiercepm.com Contact Me www.davidpiercepm.com/contact Project Portfolio www.davidpiercepm.com/capabilities Twitter @DavidPiercePM #Tag #DPPM