QGEA Cyber security management
Queensland Government executives are responsible for establishing strategic and operational risk management arrangements that address cyber threats to portfolio service delivery and are accountable for attesting to the cyber security posture of their organisation.
Integrating security risks from an ISMS into corporate governance and risk management systems is a fundamental part of the Queensland Government Information security policy (IS18). IS18 is supported by a range of better practice resources that can help executives understand their obligations and ensure cyber risks are managed appropriately. It is important that executives understand the critical information assets their business holds and the impact to the business if they were to be compromised, obtaining appropriate cyber security assurance, and ensuring adequate preparedness in the event of a cyber security incident.
Mandated policies in this category
Policy |
February 2025–current
CurrentMandated
Identifying and managing risks to information, applications and technologies, through their lifecycle, using Information Security Management Systems.
Requirements
- Agencies must implement an ISMS based on ISO 27001.
- Agencies must apply a systematic and repeatable approach to security risk management.
- Agencies must meet minimum information security requirements .
- Accountable officers must obtain security assurance for systems.
- Accountable officers must attest to the appropriateness of agency information security.
Additional QGEA guidance to consider