Cyber Security Risk Tool


The Department of Defence and defence industry businesses expect their suppliers to understand cyber risk and have adequate cyber security. You can use the Cyber Security Risk Tool to determine if your business is a likely target for cyber attacks and the maturity of your current cyber security practices.

Australian Cyber Security Centre


cyber.gov.au

cyber.gov.au is the Australian Cyber Security Centre’s (ACSC) coordinated end-to-end advice, reporting and response platform. Resources for individuals and businesses are available on the site, including a number of key resources highlighted below.

Australian Government Information Security Manual

The Australian Cyber Security Centre within the Australian Signals Directorate produces the Australian Government Information Security Manual (ISM). The purpose of the ISM is to outline a cyber security framework that businesses can apply, using their risk management framework, to protect their information and systems from cyber threats.

Strategies to Mitigate Cyber Incidents resource

The ACSC’s Strategies to Mitigate Cyber Incidents includes the ASD’s Top 4 and Essential Eight strategies, and has useful advice for businesses to protect themselves against targeted cyber intrusions.

US cyber requirements


Protecting Controlled Unclassified Information

The National Institute of Standards and Technology (NIST) special publication 800-171 Protecting Controlled Unclassified Information provides guidance for non-US Government information systems and organisations. Many US primes are asking suppliers to demonstrate compliance against the controlled unclassified information security requirements. This link also contains resources to supporting materials and publications. NIST is a US body that establishes measurements and standards for use of technologies.

NIST Cyber Security Framework

The NIST Cyber Security Framework is a US-based framework used by many organisations. It is a prioritised, flexible, repeatable and cost-effective framework to help manage cyber security-related risks. Although initially written for critical infrastructure, it is a useful reference for defence businesses.

The fundamentals of small business information security

NIST Small Business Information Security: The Fundamentals has been written for small business owners not experienced in cybersecurity. This guide uses non-technical language to explain basic steps you can take to improve information security.

UK cyber requirements


UK Cyber Essentials

UK Cyber Essentials is a UK Government initiative aimed at helping organisations protect themselves against common cyber attacks.

UK 10 Steps to Cyber Security

The UK 10 Steps to Cyber Security is a UK Government initiative that sets out 10 simple steps for businesses to improve their cyber security capability.