Useful Links

NSW Government

State Owned Corporations Act 1989 (https://www.legislation.nsw.gov.au/#/view/act/1989/134)

State Records Act 1998 (https://www.legislation.nsw.gov.au/#/view/act/1998/17)

Privacy and Personal Information Protection Act 1998 https://www.legislation.nsw.gov.au/view/html/inforce/current/act-1998-133

Health Records and Information Privacy Act 2002 (https://www.legislation.nsw.gov.au/#/view/act/2002/71)

Government Information (Public Access) Act 2009 (https://www.legislation.nsw.gov.au/#/view/act/2009/52)

Government Sector Employment Act 2013 https://www.legislation.nsw.gov.au/view/html/inforce/current/act-2013-040

Data Sharing (Government Sector) Act 2015 (https://www.legislation.nsw.gov.au/#/view/act/2015/60/full)

The NSW State Infrastructure Strategy 2018-2038 (https://www.nsw.gov.au/improving-nsw/projects-and-initiatives/nsw-state-infrastructure-strategy/)

NSW Government Cyber Incident Emergency Sub Plan (https://www.emergency.nsw.gov.au/Documents/plans/sub-plans/cyber-security-incident-sub-plan.pdf)

Internal Audit and Risk Management Policy for the General Government Sector (TPP20-08) https://www.treasury.nsw.gov.au/information-public-entities/governance-risk-and-assurance/internal-audit-and-risk-management

Department of Customer Service

NSW Government Information Classification Guidelines (https://www.digital.nsw.gov.au/policy/managing-data-information/information-classification-handling-and-labeling-guidelines)

NSW Government Cyber Security Strategy (https://www.digital.nsw.gov.au/sites/default/files/NSW%20Cyber%20Security%20Strategy%202018.pdf)

Managing data and information, 2013 (https://www.digital.nsw.gov.au/support-services/data-information/managing-data-information)

DCS-2020-05 Cyber Security NSW directive – Practice Requirements for NSW Government https://arp.nsw.gov.au/dcs-2020-05-cyber-security-nsw-directive-practice-requirements-for-nsw-government

DCS-2021-02 NSW Cyber Security Policy https://arp.nsw.gov.au/dcs-2021-02-nsw-cyber-security-policy/

Information and Privacy Commission NSW

Guidance on Data Breaches, May 2018 (https://www.ipc.nsw.gov.au/data-breach-guidance)

NSW Audit Office

Detecting and responding to cyber security incidents https://www.audit.nsw.gov.au/our-work/reports/detecting-and-responding-to-cyber-security-incidents-

NSW Treasury

Risk management toolkit (https://www.treasury.nsw.gov.au/information-public-entities/governance-risk-and-assurance/internal-audit-and-risk-management/risk)

State Archives and Records Authority of NSW

Standard on Records Management, 2018 (https://www.records.nsw.gov.au/recordkeeping/rules/standards/records-management)

Using cloud computing services: implications for information and records management, 2015 (https://www.records.nsw.gov.au/recordkeeping/advice/using-cloud-computing-services)

Storage of State records with service providers outside of NSW, 2015 (https://www.records.nsw.gov.au/recordkeeping/advice/storage-and-preservation/service-providers-outside-nsw)

Australian Government – Home Affairs

Security of Critical Infrastructure Act 2018 (https://www.homeaffairs.gov.au/about-us/our-portfolios/national-security/security-coordination/security-of-critical-infrastructure-act-2018)

Australia’s Cyber Security Strategy, 2020 (https://cybersecuritystrategy.homeaffairs.gov.au/)

Australian Government - Attorney-General’s Department

The Protective Security Policy Framework (https://www.protectivesecurity.gov.au/Pages/default.aspx)

Relevant Australian and international standards (https://www.protectivesecurity.gov.au/resou rces/Pages/relevant-australian-and-international-standards.aspx)

Australian Government - Australian Signals Directorate

Information Security Manual (https://acsc.gov.au/infosec/ism/)

Australian Government – Office of the Australian Information Commissioner

Australian privacy Principles guidelines, 2014 (https://www.oaic.gov.au/privacy/australian-privacy-principles-guidelines/)

International Organization for Standardization

ISO 22301 Societal Security – Business continuity management systems – Requirements (https://www.iso.org/standard/50038.html)

ISO 27031 Information technology – Security techniques – Guidelines for information and communication technology readiness for business continuity (https://www.iso.org/standard/44374.html)

ISO 27032 Information technology – Security techniques – Guidelines for cybersecurity (https://www.iso.org/standard/44375.html)

National Institute of Standards and Technology

Framework for Improving Critical Infrastructure Cybersecurity (https://www.nist.gov/cyberframework)

New Zealand National Cyber Security Centre

Introduction: Cyber security governance https://www.ncsc.govt.nz/assets/NCSC-Documents/NCSC-Charting-Your-Course-Governance-Intro-Nov-2019.pdf
 

Step One: Building a culture of cyber resilience https://www.ncsc.govt.nz/assets/NCSC-Documents/NCSC-Charting-Your-Course-Governance-Step-1-Nov-2019.pdf

Step Two: Establishing roles and responsibilities https://www.ncsc.govt.nz/assets/NCSC-Documents/NCSC-Charting-Your-Course-Governance-Step-2-Nov-2019.pdf

Step Three: Holistic risk management 
https://www.ncsc.govt.nz/assets/NCSC-Documents/NCSC-Charting-Your-Course-Governance-Step-3-Nov-2019.pdf

Step Four: Cyber security collaboration https://www.ncsc.govt.nz/assets/NCSC-Documents/NCSC-Charting-Your-Course-Governance-Step-4-Nov-2019.pdf

Step Five: Create a cyber security programme https://www.ncsc.govt.nz/assets/NCSC-Documents/NCSC-Charting-Your-Course-Governance-Step-5-Nov-2019.pdf

Step Six: Measuring resilience https://www.ncsc.govt.nz/assets/NCSC-Documents/NCSC-Charting-Your-Course-Governance-Step-6-Nov-2019.pdf