JavaScript is required

Cyber Security Incident Management Plan

The Victorian Government Cyber Security Incident Management Plan provides important information about how the Victorian Public Sector will respond to cyber security incidents.

Cyber security threat

Cyber security incidents are a serious threat to Victorians. They happen more often and are more complex than ever before.

It is no longer a case of ‘if’ but ‘when’ a cyber security incident will occur. The Victorian Government needs to plan to protect Victorians.

Cyber security plans

Responding to cyber security compromises across all levels of severity requires different plans. All plans work together. Each plan focuses on a different audience and covers the different severities of cyber security compromise:

The Department of Government Services has prepared a plan that covers cyber security emergencies. That is the State Emergency Management Plan Cyber Security Sub-Plan. The State Crisis and Resilience Council approved it on 29 November 2023. It is published on the Emergency Management Victoria website.

The Department of Government Services also leads the state’s cyber security incident arrangements. The Department of Government Services has prepared the Cyber Security Incident Management Plan in consultation with other government stakeholders. The State Crisis and Resilience Council approved it on 10 October 2024.

It covers the 3 types of non-emergency cyber security incidents which need a Whole of Victorian Government response. These include limited, major and critical cyber security incidents.

Each department and agency is in charge of how they respond to an incident. They each have their own internal plan. The Department of Government Services maintains an optional Cyber Security Incident Response Plan template to support you to prepare your own internal plan. Cyber security incident response plans work alongside the Cyber Security Incident Management Plan and State Emergency Management Plan Cyber Security Sub-Plan.

Audience of the Cyber Security Incident Management Plan

This Cyber Security Incident Management Plan is primarily written for Victorian departments and government agencies to use. In this plan, the term ‘departments and government agencies’ covers:

  • public service bodies, including all Victorian Government departments
  • government agencies
  • public entities
  • special and exempt bodies
  • public sector infrastructure owners and operators.

Victoria’s councils are encouraged to adopt the plan.

All other stakeholders can consider the plan to see how it might be useful in setting out internal roles and responsibilities.

Download the Victorian Government Cyber Security Incident Management Plan

Cyber Security Incident Management Plan
PDF 1.34 MB
(opens in a new window)
Cyber Security Incident Management Plan
Word 1.78 MB
(opens in a new window)

Download an optional Cyber Security Incident Response Plan template

The Department of Government Services is currently updating this template to align with the updated Cyber Security Incident Management Plan and State Emergency Management Plan Cyber Security Sub-Plan.

The new template will be published here shortly.

Contact Us

If you need help responding to a cyber security incident, contact the Cyber Incident Response Service:

Updated

Back to top