Key documents

Rate this page

Like this page

Dislike this page

Thank you for your feedback.

 

The Department of Broadband, Communication and the Digital Economy (DBCDE) participates in the Australian Government's Critical Infrastructure Resilience (CIR) activities through the External site Trusted Information Sharing Network (TISN) which is led by the External site Attorney-General's Department.

Under the TISN, the DBCDE provides secretariat and program support to the Communications Sector Group (CSG) and the IT Security Expert Advisory Group (ITSEAG) and its working group, the Supervisory Control and Data Acquisition Community of Interest (SCADA CoI).

The following key documents, released by the CSG, ITSEAG or the SCADA CoI respectively, are located on the TISN Website under External site Publications. Other critical infrastructure resilience information is also available on the TISN website.

Communications Sector Group (CSG):

Remote Access: A Tool to Support Business Continuity

This report provides guidance to managers of business continuity and information and communications technology, particularly within critical infrastructure sectors, on the use of remote access to minimise the negative impact of a prolonged emergency. It also outlines a number of variables that may affect the resilience of remote access systems and the underpinning telecommunications network in a prolonged emergency.

IT Security and Expert Advisory Group (ITSEAG):

Mobile device security

The Mobile Device Security report provides advice to the owners and operators of critical infrastructure on enhancing their security when incorporating mobile devices (such as PDAs and smartphones) into their information systems.

Secure your information: Information security principles for enterprise architecture

This report provides a set of information security principles to assist organisations to protect and secure their information assets and achieve regulatory compliance.

The abridged version, for CEOs and CIOs, summarises sound industry practice and provide practical tips and guidance.

Defence-in-depth

This report provides a practical approach for developing a layered approach to security. The report cross references to the guiding principles and recommendations contained in the Secure your information: Information security principles for enterprise architecture report. Abridged versions, specifically for CEOs, CIOs and CSOs are also available.

User-access management

This report and abridged versions, specifically for CEOs, CIOs and CSOs, contains guidance on:

  • user provisioning and de-provisioning (people)
  • operational management of user-access (processes)
  • technical-access controls (technology).

The report complements the broader Defence-in-depth and Secure your information: Information security principles for enterprise architecture reports, which provide guidance on appropriate strategies for mapping and understanding the layers of information that need protection and a practical approach for developing layered security.

Wireless security

This report and technical appendix was developed for CEOs and CIOs. Wireless technologies offer a number of benefits but there are security weaknesses. The papers review risks associated with using wireless and canvass controls to consider when implementing and using wireless.

Security Information in an Outsourcing Environment: Guide for Critical Infrastructure Providers

This report was developed as a tool to assist industry practitioners enhance their security measures when outsourcing their IT functions, and in particular with regard to Cloud Computing.

An abridged version for CIOs, CSOs and other senior executives is also available.

IT Security Governance

The report examines the drivers, risks and threats to IT security. It also provides a security governance framework for enterprises to follow to develop or enhance IT governance. The executive summary papers for CEOs and CIOs summarise sound practice and provide practical tips and case studies. This report is closely aligned with Secure your information: Information security principles for enterprise architecture.

Managing Denial of Service attacks

The report outlines the potential impact on businesses bottom line and delivers pragmatic advice on managing identified risks. The report's executive summary papers for CEOs and CIOs summarise sound practice in industry and provide practical tips and case studies.

Supervisory Control and Data Acquisition Community of Interest (SCADA CoI):

SCADA security - Advice for CEOs

This paper identifies emerging electronic threats to the security of SCADA systems and some of the issues CEOs should consider in protecting their SCADA systems.

Good practice guides for SCADA/control systems and networks

The SCADA CoI, a working group of the ITSEAG, has developed Good Practice Guides (GPGs) which are available from the secure SCADA area of the TISN website.

To access these GPGs you will need to log in using a TISN ID and password, which requires completion of a TISN Confidentiality Deed and conditions of access forms. Contact scada@dbcde.gov.au or telephone 02 6271 1860 for further information.

The guides available are:

  • Hardening of SCADA ICT systems
  • Monitoring of SCADA networks.

Link: External site Trusted Information Sharing Network

 
 
 
 
Document ID: 70628 | Last modified: 21 December 2011, 10:36am