CyberCX Hack Report: Insights from a year of offensive security testing

Navigating the Incoming Cyber Reforms: A CISO’s Guide

Cyber Security Strategy

padlock

Published by Hema Berggren, Strategy and Consulting on 23 October 2024

 

The Federal Government released a landmark legislative package to uplift cyber security regulation in accordance with the 2023-2030 Australian Cyber Security Strategy. The package proposes a new standalone Cyber Security Bill 2024 (Cyber Security Bill) and material amendments to the Security of Critical Infrastructure Act 2018 (Cth) (SOCI Act).

Translating cyber regulatory requirements into effective cyber controls across people, processes, and technology is challenging. It requires careful analysis and planning to align compliance requirements with practical cyber security measures and organisational risk management practices.

 

Cyber Security Bill

New secure-by-design standards will be imposed on the manufacturers of IoT devices. 

 

Certain businesses will be required to mandatorily report ransomware payments. 

 

Organisations can voluntarily report information to a National Cyber Security Coordinator (Coordinator).

 

A new Cyber Incident Review Board (CIRB) will conduct post-incident reviews of significant cyber security events.

 


 

SOCI Act Amendments

Data storage systems that hold ‘business critical data’ will be treated as part of the critical infrastructure asset. 

 

There is a revised definition of ‘protected information’.

 

The Government can issue a direction to vary Critical Infrastructure Risk Management Programs (CIRMPs). 

 

The existing Government Assistance Framework has expanded. 

 

The SOCI Act obligations have been expanded to include telcos. 

The amendments incorporate elements of the Telecommunications Sector Security Reforms (TSSR) into the SOCI Act. For more information, see our latest insight here.

Other Cyber Security Resources

Ready to get started?

Find out how CyberCX can help your organisation manage risk, respond to incidents and build cyber resilience.