QTY	Product	Price	Edit
	{{ item.title }} {{ item.secondaryItem.title }} Availability - Places available Availability - In stock This product is already registered. View all enrolled courses/webinars	{{ (item.price * item.quantity) \| currency }} FREE {{ (item.secondaryItem.price * item.secondaryItem.quantity) \| currency }} FREE

QTY

Product

Price

Edit

Availability - Places available

Availability - In stock

This product is already registered.

View all enrolled courses/webinars

FREE

{{ (item.secondaryItem.price * item.secondaryItem.quantity) | currency }}

FREE

Subtotal	{{ subTotal \| currency }} $0.00
Total inc. GST	AUD {{ total \| currency }} $0.00
Package Discount Package Discount If you enrol in all three Foundations of Directorship courses, you will receive a package discount. Already applied	-{{ packageDiscount \| currency }}
Member Discount	-{{ discount \| currency }}

Subtotal

{{ subTotal | currency }} $0.00

Total inc. GST

AUD {{ total | currency }} $0.00

-{{ packageDiscount | currency }}

Member Discount

-{{ discount | currency }}

AICD submission on cyber security legislative reforms

Thursday, 07 March 2024

Cyber security Governance

On 6 March 2024 the AICD provided a submission to the Department of Home Affairs on proposed cyber security focused legislative reforms.

Our submission provided support, or in-principle support, for almost all of the key reforms that were the subject to consultation. AICD members recognise that targeted and low-cost regulatory obligations are appropriate in certain areas, such as ransomware threat intelligence. However, this should be balanced by measures that promote trust between industry and Government, notably through comprehensive protections on how information provided to Government during a critical cyber security incident is used and shared.

Our key points on the central proposed reforms were:

in-principle support for a ransomware reporting regime applying to large businesses that avoids duplication with existing reporting and notification obligations, only collects necessary operational information and is based on genuine ‘no fault, no liability’ principles;
support for a legislated obligation on the Australian Signals Directorate and the National Cyber Security Coordinator in respect information provided by an organisation during the response and recovery phases of a significant cyber security incident. We recommended this obligation is expanded beyond ‘use’ to the ‘use, sharing and awareness’ of information and separately the cyber security purposes are tightened to provide sufficient comfort to organisations in the rigour of the obligation;
in-principle support for the establishment of a Cyber Incident Review Board in a low cost and agile manner that avoids additional regulatory burden and costs on organisations impacted by a critical cyber incident;
in-principle support for the proposed approach to clarifying the application of ‘business critical data’ and data storage systems falling within the scope of the Security of Critical Infrastructure Act 2018 (SOCI Act); and
did not support the proposed Ministerial ‘consequence management’ directions powers under the SOCI Act. There is not a strong policy case for the new powers, including that the existing Ministerial directions powers in the SOCI Act are deficient. In addition, the powers would be inconsistent with the intent of the SOCI Act, unfettered and cover the highly subjective and unclear concept of ‘consequence management’.

DOWNLOAD SUBMISSION

Cyber security Governance

Latest news

This is of of your complimentary pieces of content

Access this content

This is exclusive content.

You have reached your limit for guest contents. The content you are trying to access is exclusive for AICD members. Please become a member for unlimited access.

Access this content