History
- Priority
- should
- Nov 2018
- Removed
- Removed due to a merge of relevant content into security control 0043.
- 2017
- Agencies should include the following content in their IRP:• clear definitions of the types of cyber security incidents that are likely to be encountered• the expected response to each cyber security incident type• the authority responsible for responding to cyber security incidents• the criteria by which the responsible authority would initiate or request a formalinvestigation of a cyber security incident by a law enforcement agency, the Australian CyberSecurity Centre or other relevant authority• other authorities which need to be informed in the event of an investigation being undertaken• the details of the system contingency measures or a reference to these details if they arelocated in a separate document.
- Control Text Changed. No public explaination.
- 2015
- Agencies should include the following content in their IRP:• clear definitions of the types of cyber security incidents that are likely to be encountered• the expected response to each cyber security incident type• the authority responsible for responding to cyber security incidents• the criteria by which the responsible authority would initiate or request formal, police orAustralian Security Intelligence Organisation investigations of a cyber security incident• other authorities which need to be informed in the event of an investigation beingundertaken• the details of the system contingency measures or a reference to these details if they arelocated in a separate document.
- 2010
- Agencies should include the following content in their IRP:••••clear definitions of the types of cyber security incidents that are likely to be encounteredthe expected response to each cyber security incident typethe authority responsible for responding to cyber security incidentsthe criteria by which the responsible authority would initiate or request formal, police or ASIOinvestigations of a cyber security incident• other authorities which need to be informed in the event of an investigation being undertaken• the details of the system contingency measures or a reference to these details if they are locatedin a separate document.
- 2008
- Agencies should include within their IRP: a. clear definitions of the types of ICT security incidents that are likely to be encountered b. the expected response to each ICT security incident type c. the authority within the agency that is responsible for initiating: 1) a formal (administrative) investigation 2) a police investigation of an ICT security incident 3) an Australian Security Intelligence Organisation investigation of an ICT security incident pertaining to national security information, in accordance with part G of the PSM d. the criteria by which the responsible authority would initiate formal, police or Australian Security Intelligence Organisation investigations of an ICT security incident e. which other agencies or authorities need to be informed in the event of an investigation being undertaken f. the details of the system contingency measures or a reference to these details if they are located in a separate document.