The Australian federal government is now mandating that non-corporate commonwealth entities appoint a CISO to be responsible for cyber security leadership in the entity. The government recently approved amendments to the Protective Security Policy Framework (PSPF) which now requires agencies to have a dedicated CISO as well as a CSO. The CISO role is expected to complement that of the existing CSO and in some cases the same officer may be appointed to both roles. According to the policy framework, the CISO must be appointed and empowered to provide leadership and make decisions about cyber security across the entity. And the core requirement states that the CISO is responsible for cyber security, and is empowered to make decisions about the entity’s cyber strategy and associated implementation program. This change is part of the Australian Cyber Security strategy to make Australia the most cyber secure nation in the world by 2030.
https://www.protectivesecurity.gov.au/system/files/2023-08/policy-02-management-structures-and-responsibilities.pdf
https://www-csoonline-com.cdn.ampproject.org/c/s/www.csoonline.com/article/650982/australian-government-mandates-agencies-appoint-cisos.html/amp/
This segment was created for the It’s 5:05 podcast