Enhance cyber security governance

Cyber security’s role in governance

We must adapt to the changing environment by integrating cyber security in all systems and practices.

We can integrate cyber security in our:

• broader strategic planning processes
• governance structures.

This means we can align cyber security objectives to our priorities:

• protecting citizens’ privacy
• maintaining public trust
• maximising the resilience of services.

Effective governance means resources are distributed efficiently and strategically. It lets decision-makers allocate funding and expertise to the areas of highest risk or greatest impact, ensuring that cyber security investments deliver value.

Risk management

Data driven decisions that are informed by effective risk management systems underpin strong governance. When cyber security governance systems are effective, they give structure to allow executives to prioritise threats based on:

• targeting preferences
• security vulnerabilities
• potential impacts on government services and critical digital infrastructure.

Instilling confidence

Data and performance metrics underpin good governance frameworks. These metrics help measure the effectiveness of resource allocation. This ensures investments align with organisational needs and provide ongoing value.

Data gives evidence to Queenslanders that our:

• systems and data are secure
• organisations are compliant with recognised security policies and standards.

How we’ll get there

To deliver on our objectives, the Queensland Government will:

• increase governance effectiveness and support continuous improvement in governance bodies by providing boards and executives with strategic threat intelligence, increased visibility of cyber risk and data insights
• engage governance leads in communities of practice to share lessons, collaborate and build a shared knowledge repository within the public service
• foster collaboration across government and industry sectors to enhance governance capability and drive innovation through new products and services and enhancing cyber procurement
• strengthen cyber security assurance by expanding information and cyber security policy and governance requirements to a broader range of government entities in accordance with the information and cyber security policy (IS18) and other regulatory requirements, including the Security of Critical Infrastructure Act 2018
• strengthen risk management capabilities to enhance resilience through common services, tools, risk management (including in supply chains) advice and guidance
• provide actionable resources and threat intelligence to support evidence-based decision-making and effective policy implementation
• continue to partner with the Australian Government on strategy, policy and frameworks, including through the National Cyber Steering Committee and Data and Digital Ministers, and amplify their impact
• collaborate with other jurisdictions and industry to coordinate strategy and share timely, actionable threat intelligence
• align and integrate Queensland’s information and cyber security policies with state and national protective security arrangements
• leverage data from annual IS18 return and other sources (e.g. Essential Eight dashboard pilot) to improve assessment, investment decisions, assurance and benchmarking processes.