The Australian Institute of Company Directors (AICD) and the Cyber Security Cooperative Research Centre (CSCRC) have released a new set of governance principles to help organisations strengthen their cyber securit.
Recent cyber incidents at Optus and Medibank are a timely reminder of the importance of cyber security, and the need for boards to have clear guidance on how to best protect their organisation’s data, and most importantly the data of their customers and clients. Schools are not immune from these attacks as experience in recent years has shown.
The Principles have been informed by extensive consultation with government, industry experts and the director community. They provide a practical framework for effective board oversight across five key areas:
- Roles and responsibilities
- Cyber strategy development and evolution
- Incorporating cyber into risk management
- Building a cyber resilient culture
- Preparing and responding to a significant cyber incident
The Principles
will enable directors of all sizes of organisations to ask the right
questions of management, spot red flags in how cyber security risk is
being managed, promote a culture of cyber security resilience and
prepare and respond effectively to significant cyber security incidents. The Principles draw on the insight of senior Australian directors, cyber security advisors and government.
For SME and NFP directors there is a checklist of practical low-cost steps to enhance cyber security resilience, which may be of particular value to schools.
For more information on these Principles check out the AICD website here.