All government agencies must now appoint a Chief Information Security Officer (CISO) to oversee cyber security efforts, says the Australian Department of Home Affairs.
The mandatory appointment of CISOs is part of a few Protective Security Policy Framework (PSPF) changes that were approved by the Government Security Committee in late August.
The minimum qualifications for the CISO position may vary according to the size and needs of the organisation’s cyber security structure. However, they will need hold a minimum Negative Vetting Level 1 security clearance.
“The CISO does not have to be appointed at the SES level – the role is best performed by an officer with the appropriate combination of experience, technical skills and other skills such as business acumen, leadership, communications and relationship building,” the policy noted.
The Australian Government relies on the Protective Security Policy Framework (PSPF) as a vital security blueprint and asset. This framework not only outlines government security policies but also offers guidance to assist Australian government bodies in effectively putting these policies into practice.
Any non-corporate entities within the Commonwealth government, which fall under the purview of the Public Governance, Performance, and Accountability Act 2013, are obligated to adhere to and implement the PSPF.