
Cyber risks
Failing to understand and mitigate cyber risk can damage your reputation, , breaches of privacy, loss of data, increase costs, give rise to legal liabilities and have other material adverse effects. With multiple access points available for attack, the best approach to cyber risk is to always assume that your digital assets are in a constant state of attack.
To combat cyber risk, you need to assume that you are a target, even if you don't know who is targeting you or for what reason. Don't get stuck in reactive mode. Focus on what can be done proactively to manage the problem before it occurs. While you rely heavily on information technology to conduct your business this is not just an IT issue.
The identification, assessment, management, reporting and monitoring of cyber risks should not be treated differently to any other risks.
LGIS understands these concerns and through our cyber program we aim to support members in improving their cyber-security practices and provide protection for losses.
The Essential 8 Framework developed by the Australian Signals Directorate (ASD) has a prioritised list of baseline security controls that organisation can implement to protect and improve their cyber-security. These eight controls can mitigate up to 85% of cyberattacks.
Cyber risk resources for members
These resources are exclusively for LGIS members, please make sure you have logged into the website before clicking on the links below:
The Essential Eight Guideline
LGIS has developed these resources to support members understanding and the implementation of the Essential Eight mitigation strategies to achieve baseline compliance against the Essential Eight framework.
The Essential Eight is a cyber security mitigation framework developed by the Australian Signals Directorate (ASD), to assist organisations in protecting themselves against cyber security threats.
Download the guideline and control checklist. The guideline is written in four sections and provides step-by-step advice on implementing each Essential Eight control to achieve the desired level. The accompanying checklist is a detailed tool to support members in assessing their current controls to identify gaps and vulnerabilities.
Cyber incident response management guideline
It's vital that local governments have a response plan in place BEFORE a cyber incident occurs.
When there is a cyber incident, time is limited and it can be incredibly stressful. It's the type of situation where decisions need to be made under pressure and individuals need to know what their roles and responsibilities are. Developing a CIRM plan supports local government leaders during a cyber incident to respond to and manage the situation effectively.
Download the guideline and templates as required. The guideline is written in three sections, with explainatory appendices. It provides step-by-step advice on preparing, developing, implementing and revieing a CIRM. It also explores important considerations including legislation, regulations and jurisdictional arrangements.