Transition to new NSW Cyber Security Policy

Doll Martin Associates is pleased to announce its Cyber Security Transition and Assurance Service. This will assist NSW agencies to transition into the new cyber security environment from the superseded NSW Digital Information Policy (DISP) policy framework.

On 1 February 2019, the NSW Cyber Security Policy replaced the DISP. It is mandated for adoption by all NSW agencies. In a significant change it requires agencies to implement the Australian Cyber Security Centre (ACSC) ‘Essential Eight’ strategies. The ‘Essential Eight’ are eight baseline security strategies, supported by a detailed set of over 850 implementable guidelines and controls that can protect against risks that threaten the agency IT systems and information .

The new Cyber Security Policy continues the practice of using an Information Security Management System (ISMS) or Cyber Security Management System (CSMS) that is compliant with a recognised standard such as ISO/IEC 27001 or ISA/IEC 62443. Agencies must still provide an Attestation Statement on cyber security in their annual reports.

The Doll Martin Associates team will work with the agency management, the CIO and ICT security team to provide a gap analysis comparing the new Cyber Security Policy against current arrangements, and identify the requirements for revising the security system. From this, we will develop a set of recommendations and a transition plan for moving into the new cyber security environment, incorporating the ‘Essential Eight’ strategies.

The Doll Martin Associates team can update your operational ICT security policies and procedures, coordinate the mandated standards audit, and draft the annual report for the NSW Government Chief Information Security Officer due by 31 August every year. We can also provide the maturity assessment against the Essential Eight and draft the new annual Attestation Statement for the CEO as required in the agency annual report. Doll Martin Associates offers optional Accredited Third-Party services to formally audit the cyber security ISMS systems for the purposes of demonstrating compliance via the Attestation Statement in the agency annual report.

The Cyber Security Transition and Assurance Service helps NSW agencies achieve a seamless transition into their new cyber security environment. The subject matter expertise of our DMA team helps to reduce research, analysis time and associated documentary costs.  Agency ICT security and user staff required for the transition can be released to other duties during the busy period at the end of the financial year.

Doll Martin Associates has an acknowledged record in working successfully with NSW agencies to attain a best practice environment for their information security capabilities, standards certification, and ICT operational policies and procedures. If you would like to discuss how Doll Martin Associates can assist your agency to transition to the NSW Cyber Security, please contact us at contact@dollmartin.com.au or via the button below.