JavaScript is required

Cyber security standards and guidelines

Boost your cyber security using these standards, guidelines and tips.

Information Technology Asset Management Guidance

Managing Victorian Government IT infrastructure and applications effectively is critical to reducing cyber security risk. To improve the way, we manage Victorian Government IT assets, best practice guidance has been developed.

Good IT asset management contributes to better cybersecurity in an organisation to help manage the threat of:

  • data theft from lost IT assets
  • ransomware attacks
  • unmaintained assets become unavailable due to lack of maintenance
  • exposure to outdated legacy systems which may have vulnerabilities

Access the Information Technology Asset Management Guidance.

Victorian Protective Data Security Framework and Standards

The Victorian Protective Data Security Framework and Standards (VPDSF) is the overall scheme for managing protective data security risks in Victoria’s public sector.

The VPDSF consists of the:

You can contact the Office of the Victorian Information Commissioner for advice on the applicability of the VPDSF to your Victorian Government organisation.

Australian Government Information Security Manual

This Information Security Manual (ISM) helps organisations to protect their information and systems from cyber threats.

These guidelines are intended for:

  • chief information security officers (CISOs)
  • chief information officers (CIOs)
  • cyber security professionals
  • information technology managers

Access the Australian Government Information Security Manual (produced by the Australian Cyber Security Centre.)

The 'Essential Eight'

The Australian Cyber Security Centre has compiled a list of mitigation strategies, known as The Essential Eight that organisations can use as starting points to improve their cyber resilience. These should be implemented as a baseline where possible.

Implementing these 8 strategies proactively can be more cost-effective in terms of time, money and effort than responding to a successful large-scale cyber security incident.

The Essential Eight are:

  1. Application whitelisting - Whitelist approved and trusted programs to prevent the execution of unapproved or malicious programs from executing.
  2. Patching applications - Perform regular patching/updating of applications in your network.
  3. Office macros - Configure Microsoft Office products to block the execution of un-trusted macros.
  4. Harden user applications - Tightly control applications that have the ability to perform unwanted or potentially vulnerable actions.
  5. Restrict administrative privileges - Restrict administrative privilege for operating systems and applications based on user duties.
  6. Patch operating systems – Routinely patch and upgrade your operating systems to the latest versions.
  7. Use multi-factor authentication - Set up multi-factor authentication to provide higher authentication assurance for privileged, power and remote user access.
  8. Backup daily – Create regular backups of your most important data and configuration settings to help you recover quickly from a disruption. Keep backups on a device that is not connected to your network.

Cloud security guidelines

The cloud security guidelines are intended to support Victorian Government organisations in making informed, risk-based decisions about the use of cloud services.

They are targeted at general management, cyber security and IT security practitioners. They assume basic knowledge of cloud computing and enterprise security architectures.

Download the guidelines:

Victorian Government Cloud Security Guidelines (CISO-Guidance-01)
PDF 512.39 KB
(opens in a new window)
Victorian Government Office 365 Security Guidance
PDF 990.91 KB
(opens in a new window)

These guidelines were developed by the Department of Premier and Cabinet Cyber Security Unit for use by Victorian Government organisations.

Updated