QGEA Cyber security management
Queensland Government executives are responsible for establishing strategic and operational risk management arrangements that address cyber threats to portfolio service delivery and are accountable for attesting to the cyber security posture of their organisation.
Integrating security risks from an ISMS into corporate governance and risk management systems is a fundamental part of the Queensland Government Information security policy (IS18). IS18 is supported by a range of better practice resources that can help executives understand their obligations and ensure cyber risks are managed appropriately. It is important that executives understand the critical information assets their business holds and the impact to the business if they were to be compromised, obtaining appropriate cyber security assurance, and ensuring adequate preparedness in the event of a cyber security incident.
Mandated policies in this category
Policy |
June 2019–current
CurrentMandated
Identifying and managing risks to information, applications and technologies, through their lifecycle, using Information Security Management Systems.
Requirements
- Departments must implement an ISMS based on ISO 27001.
- Departments must apply a systematic and repeatable approach to risk management.
- Departments must meet minimum security requirements.
- Departments accountable officers must obtain security assurance for systems.
- Accountable officers must attest to the appropriateness of departmental information security.
Policy |
April 2023–current
CurrentMandated
The purpose of this policy is to help departments manage the risks associated with the TikTok application and provide consistency with the federal government policy.
Requirements
- Agencies must ensure that the TikTok application is not installed on any government-owned device.
Additional QGEA guidance to consider