The Department of Broadband, Communication and the Digital Economy (DBCDE) participates in the Australian Government's Critical Infrastructure Resilience (CIR) activities through the Trusted Information Sharing Network (TISN) which is led by the Attorney-General's Department.
Under the TISN, the DBCDE provides secretariat and program support to the Communications Sector Group (CSG) and the IT Security Expert Advisory Group (ITSEAG) and its working group, the Supervisory Control and Data Acquisition Community of Interest (SCADA CoI).
The following key documents, released by the CSG, ITSEAG or the SCADA CoI respectively, are located on the TISN Website under Publications. Other critical infrastructure resilience information is also available on the TISN website.
Communications Sector Group (CSG):
Remote Access: A Tool to Support Business Continuity
This report provides guidance to managers of business continuity and information and communications technology, particularly within critical infrastructure sectors, on the use of remote access to minimise the negative impact of a prolonged emergency. It also outlines a number of variables that may affect the resilience of remote access systems and the underpinning telecommunications network in a prolonged emergency.
IT Security and Expert Advisory Group (ITSEAG):
Mobile device security
The Mobile Device Security report provides advice to the owners and operators of critical infrastructure on enhancing their security when incorporating mobile devices (such as PDAs and smartphones) into their information systems.
Secure your information: Information security principles for enterprise architecture
This report provides a set of information security principles to assist organisations to protect and secure their information assets and achieve regulatory compliance.
The abridged version, for CEOs and CIOs, summarises sound industry practice and provide practical tips and guidance.
This report provides a practical approach for developing a layered approach to security. The report cross references to the guiding principles and recommendations contained in the Secure your information: Information security principles for enterprise architecture report. Abridged versions, specifically for CEOs, CIOs and CSOs are also available.
This report and abridged versions, specifically for CEOs, CIOs and CSOs, contains guidance on:
- user provisioning and de-provisioning (people)
- operational management of user-access (processes)
- technical-access controls (technology).
The report complements the broader Defence-in-depth and Secure your information: Information security principles for enterprise architecture reports, which provide guidance on appropriate strategies for mapping and understanding the layers of information that need protection and a practical approach for developing layered security.
This report and technical appendix was developed for CEOs and CIOs. Wireless technologies offer a number of benefits but there are security weaknesses. The papers review risks associated with using wireless and canvass controls to consider when implementing and using wireless.
Security Information in an Outsourcing Environment: Guide for Critical Infrastructure Providers
This report was developed as a tool to assist industry practitioners enhance their security measures when outsourcing their IT functions, and in particular with regard to Cloud Computing.
An abridged version for CIOs, CSOs and other senior executives is also available.
IT Security Governance
The report examines the drivers, risks and threats to IT security. It also provides a security governance framework for enterprises to follow to develop or enhance IT governance. The executive summary papers for CEOs and CIOs summarise sound practice and provide practical tips and case studies. This report is closely aligned with Secure your information: Information security principles for enterprise architecture.
Managing Denial of Service attacks
The report outlines the potential impact on businesses bottom line and delivers pragmatic advice on managing identified risks. The report's executive summary papers for CEOs and CIOs summarise sound practice in industry and provide practical tips and case studies.
Supervisory Control and Data Acquisition Community of Interest (SCADA CoI):
SCADA security - Advice for CEOs
This paper identifies emerging electronic threats to the security of SCADA systems and some of the issues CEOs should consider in protecting their SCADA systems.
Good practice guides for SCADA/control systems and networks
The SCADA CoI, a working group of the ITSEAG, has developed Good Practice Guides (GPGs) which are available from the secure SCADA area of the TISN website.
To access these GPGs you will need to log in using a TISN ID and password, which requires completion of a TISN Confidentiality Deed and conditions of access forms. Contact firstname.lastname@example.org or telephone 02 6271 1860 for further information.
The guides available are:
- Hardening of SCADA ICT systems
- Monitoring of SCADA networks.