Cyber security incidents are reported to the Chief Information Security Officer, or one of their delegates, as soon as possible after they occur or are discovered.
Topic
Reporting cyber security incidents
Applicable to
all
History
Priority
must
Jun 2023
Cyber security incidents are reported to the Chief Information Security Officer, or one of their delegates, as soon as possible after they occur or are discovered.
A minor grammatical change was made to the existing control relating to the reporting of cyber security incidents within an organisation.
Mar 2023
Cyber security incidents are reported to an organisation’s Chief Information Security Officer, or one of their delegates, as soon as possible after they occur or are discovered.
The existing control relating to reporting cyber security incidents to an organisation’s Chief Information Security Officer, or one of their delegates, as soon as possible after they occur or are discovered has been mapped to Essential Eight Maturity Level Three of the Essential Eight Maturity Model reflecting that this is part of actioning signs of compromise.
2015
Agencies must direct personnel to report cyber security incidents to an ITSM as soon aspossible after the cyber security incident is discovered.
2010
Agencies must direct personnel to report cyber security incidents to an ITSM as soon as possible after thecyber security incident is discovered.
2008
Agencies must direct staff members to report ICT security incidents to the ITSA and agency security adviser (ASA) if physical or personnel aspects are involved as soon as possible after the ICT security incident is discovered, in accordance with agency procedures.