Minimum you need to do
Engage your cyber security expert early to know how to identify and managerisk.
Talk to your cyber security expert
You should have an early discussion with your cyber security expert about the service you are designing. This will ensure you identify specific security requirements that will meet agency and whole-of-government policies.
If your service is doing any of the following you must engage your agency’s cyber security team. And if so, you should consider hiring a cyber security expert for your project.
1. Implementing authentication services
2. Processing, storing or transacting any of the following types of information:
- personal or health information
- credit card - (see PCI Security Council standards)
- NSW Cabinet, NSW Health, NSW Law Enforcement or Legal Sensitive - (see NSW Government Classification, Labeling, Handling Guidelines
3. Being at risk of above medium level risk, due to loss or compromise of the system.
How to show you’ve engaged your cyber security expert
You have engaged your agency’s security expert early in the design process.
You know how to identify and manage any potential risk.