Gov agencies need to have a CISO

By

Under rule changes made late last month.

Almost 100 federal government entities will need to have a designated chief information security officer (CISO) under revised rules agreed late last month.

Gov agencies need to have a CISO

The rule impacts the 99 [pdf] non-corporate Commonwealth entities (NCEs) that are required to adhere to the Protective Security Policy Framework (PSPF).

PSPF policy amendments impose minimum security clearance requirements on chief security officers (CSOs), while also requiring the specific appointment of a CISO.

“The requirement to appoint a CISO is not expected to impose additional burden on entities as the CSO is currently required to oversee cyber security,” Home Affairs, which has oversight of the PSPF, said in a statement.

The CISO also “does not have to be appointed at the SES [senior executive service] level”, Home Affairs said.

“The role is best performed by an officer with the appropriate combination of experience, technical skills and other skills such as business acumen, leadership, communications and relationship building,” it added.

Corporate Commonwealth entities and wholly-owned Commonwealth companies aren’t required to meet the PSPF, but are meant to view it as “better practice”, according to an audit of the framework last year.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © iTnews.com.au . All rights reserved.
Tags:

Most Read Articles

Macquarie Uni to spend up to $700m on 10-year digital transformation

Macquarie Uni to spend up to $700m on 10-year digital transformation

Nissan A/NZ's outsourced cyber incident call centre breached

Nissan A/NZ's outsourced cyber incident call centre breached

Digital ID bill passes parliament

Digital ID bill passes parliament

Macquarie's banking CISO headed to Endeavour Group

Macquarie's banking CISO headed to Endeavour Group

Log In

  |  Forgot your password?