Cyber security obligations and better practice
The Information security policy (IS18) is the primary policy for information security in the Queensland Government. It is supported by various frameworks, standards, and guidelines under the Queensland Government Enterprise Architecture (QGEA).
The following cyber security policies, guidelines and standards help Queensland Government entities easily find and navigate available best practice resources, understand their obligations, and improve cyber security. Each of the below resources are divided into three key categories:
- QGEA cyber security mandatory documents – the core QGEA information and cyber security documents, which are a mandatory requirement under the Information security policy
- QGEA cyber security better practice – The range of associated non-mandatory documents in the information and cyber security space under the QGEA.
- Other related documents – Related QGEA documents. Also includes other relevant and trusted local, national and international better practice resources, that can supplement cyber security advice.
QGEA cyber security mandatory document
Other related documents
- Australian Government Protective Security Policy Framework
- ISO31000 Risk Management (government employees learn how to access ISO standards for Cyber security)
- Queensland Treasury - A Guide to Risk Management
- National Institute of Standards and Technology Cyber Security Framework
- Queensland Government Specific Purpose Planning Requirements – Mandatory and discretionary planning
- Queensland Audit Office - Cyber risk: what do we do now?
QGEA cyber security mandatory document
- ISO 27001 – Information Security Management Systems (government employees learn how to access ISO standards for Cyber security)
QGEA cyber security mandatory document
QGEA cyber security better practice
Other related documents
- QGEA Records governance policy
- QGEA Information access and use policy (IS33)
- QGEA Information asset custodianship policy
- QGEA Digital and ICT strategic planning framework
- QGEA Information sharing authorising framework
- Information Privacy Act 2009 (Qld)
- Public Records Act 2002 (Qld)
- Queensland Cabinet Handbook
- ABS Data Quality Framework
- National Archives US - Developing and Using Security Classification Guides
- Australian Signals Directorate Information Security Manual
- Australian Government Protective Security Policy Framework
QGEA cyber security mandatory document
QGEA cyber security better practice
Other related documents
- QGEA Federated identity policy
- Information Privacy Act 2009 (Qld)
- Australian Government Gatekeeper Public Key Infrastructure Framework
- NIST Special Publication 800-63B, Digital Identity Guidelines, Section 4
- Office of the Information Commissioner Privacy Impact Assessment
- National Identity Proofing Guideline
- Australian Government Trusted Digital Identity Framework
- QGEA Federated Identity Blueprint
QGEA cyber security mandatory document
Other related documents
- Australian Signals Directorate Information security manual
- Australian Government Protective Security Policy Framework
- National Institute of Standards and Technology (NIST) FIPS 140-3 Security Requirements for Cryptograph Modules.
- NIST SP800-53 Security and Privacy Controls for Information Systems and Organisations
- NIST SP 800-57 Recommendation of Key Management Pt. 1 section 5.1.1
QGEA cyber security mandatory document
QGEA cyber security better practice
Other related documents
QGEA cyber security mandatory document
QGEA cyber security better practice
- Vocabulary for event recording and incident sharing framework overview
- Incident reporting - manual form and example
- Incident management guideline
- Executive guide to security incident management
- Ransomware guideline
- Business continuity management and ICT disaster recovery implementation factsheet
- ICT asset disaster recovery planning guideline
Other related documents
Other related documents
- ISO 27036-1 – Supplier relationships – Part 1: Overview and concepts
- ISO 27036-2 – Supplier relationships – Part 2: Requirements
- ISO 27036-3 – Supplier relationships – Part 3: Overview and concepts
- ISO 27036-4 – Supplier relationships – Part 4: Overview and concepts
Government employees learn how to access ISO standards for Cyber security.
QGEA cyber security mandatory document
QGEA cyber security better practice
- Email spoofing protection guideline
- Reducing password frustration for Queensland public servants’ guideline
- Web application security testing guideline
- Deployment of intrusion, detection and prevention systems Guideline
- Vulnerability management guideline
- Vulnerability disclosure guideline
Other related documents
- Australian Signals Directorate blueprint for a secure cloud
- ISA/IEC 62443 Secure industrial automation and control systems
- Australian Signals Directorate Principles of operational technology cyber security
- Australian Signals Directorate Travelling With Mobile Devices
QGEA cyber security better practice
For assistance and guidance in implementing the cyber security policy suite, or to suggest inclusions, please contact cybersecurityunit@qld.gov.au.
To be involved in the cyber security policy review, join the QGEA Reference Group Viva Engage network.