Victorian Protective Data Security Framework and Standards
The Victorian Protective Data Security Framework and Standards (VPDSF) is the overall scheme for managing protective data security risks in Victoria’s public sector.
The VPDSF consists of the:
Australian Government Information Security Manual
These guidelines are intended for:
- chief information security officers (CISOs)
- chief information officers (CIOs)
- cyber security professionals
- information technology managers
The 'Essential Eight'
The Australian Cyber Security Centre has compiled a list of mitigation strategies, known as that organisations can use as starting points to improve their cyber resilience. These should be implemented as a baseline where possible.
Implementing these 8 strategies proactively can be more cost-effective in terms of time, money and effort than responding to a successful large-scale cyber security incident.
The Essential Eight are:
- Application whitelisting - Whitelist approved and trusted programs to prevent the execution of unapproved or malicious programs from executing.
- Patching applications - Perform regular patching/updating of applications in your network.
- Office macros - Configure Microsoft Office products to block the execution of un-trusted macros.
- Harden user applications - Tightly control applications that have the ability to perform unwanted or potentially vulnerable actions.
- Restrict administrative privileges - Restrict administrative privilege for operating systems and applications based on user duties.
- Patch operating systems – Routinely patch and upgrade your operating systems to the latest versions.
- Use multi-factor authentication - Set up multi-factor authentication to provide higher authentication assurance for privileged, power and remote user access.
- Backup daily – Create regular backups of your most important data and configuration settings to help you recover quickly from a disruption. Keep backups on a device that is not connected to your network.
Cloud security guidelines
The cloud security guidelines are intended to support Victorian Government organisations in making informed, risk-based decisions about the use of cloud services.
They are targeted at general management, cyber security and IT security practitioners. They assume basic knowledge of cloud computing and enterprise security architectures.
Download the guidelines:
These guidelines were developed by the Department of Premier and Cabinet Cyber Security Unit for use by Victorian Government organisations.
Reviewed 12 November 2019