Regulatory Compliance and Preparation

Many industries and regions are governed or guided by mature standards and guidelines to minimise Cyber, IT Security and Organisational risks. The CyberOps team is here to help.

The team has assisted many organisations to align and prepare for certifications with the following and many other standards and guidance.

Standards, guidance, industry, regulatory and legal requirements

• Australian Signals Directorate (ASD) guidelines – TOP 35 and Essential 8 Information Security Manual.
• Australian Defence Security Manual (DSM) and Protective Security Policy Framework (PSPF).
• Australian Government Information Security Manual (ISM).
• US National Institute of Standards and Technology (NIST) cybersecurity guidelines.
• Payment Card Industry Data Security Standards (PCI-DSS).
• Australian Securities & Investment Commission 26 (ASIC 26).
• US Health Insurance Portability and Accountability Act (HIPAA).
• International Standards Organisation security and risk standards such as ISO 27001/2, ISO 22301, ISO 27032, ISO 31000 and others.
• COBiT – Control Objectives for Information and related Technology.
• AS2805 – Electronic funds transfer.

• SANS and Centre for Internet Security (CIS) guidelines, hardening guides and security benchmarks.
• Open Web Application Security Project (OWASP) Web, Mobile and thick application development and testing guidelines.
• Office of the Australian Information Commissioner (OAIC) personal information security and Privacy Principles guidelines.
• Australian mandatory Notifiable Data Breach (NDB) law and EU General Data Protection Regulation (GDPR).
• Australian Prudential Regulation Authority’s (APRA’s) security and governance requirements, guidelines and standards.
• AS/NZS 4360 – Risk Management.
• Capability Maturity Model (CMM).
• Defence Signals Directorate ACSI33 (Security Guidelines for Australian Government IT Systems), Gateway Certification Guide & Evaluated Products List.

Cyber Security Health Checks

Cyber Security Health Checks of critical operating environments, organisational policies, processes and business alignment to required guidelines/standards/laws/regulatory requirements. Assesments include:

• Review and/or establishment of a Cyber Security road map or framework for the organisation, in line with industry standards/guidelines, laws and regulatory requirements.
• Review and/or establishment of Cyber Risk Management plan consistent with the Risk tolerance of the organisation and industry.

• Cyber Security Operations reviews, and assessments of processes & procedures to improve the efficiency of security operations and incident management processes.
• Disaster Recovery (DR) and Business Continuity (BC) maturity.

Specialist Assessments

• IoT Cyber Security Assessment as per Cloud Security Alliance (CSA) security guidelines, including IoT Vulnerability Assessment & Penetration Testing (VAPT).
• Australian Defence subcontractor or supplier organisational readiness reviews.

• Critical infrastructure Cyber Security Maturity Assessments: Oil and Natural Gas Cyber Security Capability maturity modeling, Electricity Cyber Security Capability maturity modeling, Water Cyber Security maturity modeling, Smart Grid Cyber Security modeling.
• SCADA / Critical Infrastructure Cyber Security Operations reviews as per critical infrastructure NIST or other related standards.