About Us

We work collaboratively with our clients to build strong, sustainable relationships. Our team is committed to delivering consistent high standards of service, and we understand the importance of accessibility. Working with us, you'll enjoy open communication, meaning well scoped, properly resourced and effectively managed matters.

Learn More

Latest Case

Providing innovative procurement solutions for local government projects April 20, 2018

We advised City of Casey on the procurement process of the Bunjil Place Project. Bunjil Place is a $125 million civic and cultural precinct for the City of Casey, encompassing an 800-seat theatre and 200-seat … Continued

Latest News

Maddocks signs on for Luminance AI platform May 24, 2018

Thursday 24 May 2018 Maddocks has adopted an artificial intelligence (AI) platform to assist in streamlining due diligence processes. The firm has signed on to use the market-leading Luminance AI platform to provide due diligence … Continued

Latest Article

Strategic use of regulatory action policies: an example in the context of Freedom of Information May 23, 2018

Regulatory action policies (including strategies and statements issued by regulators) are a useful tool for regulators to signal the importance of a particular regulatory area to the regulated sector and to the public at large. … Continued

Six point cyber security check list for company directors and board members

The Corporations Act 2001 requires company directors and officers to discharge their duties with care and diligence. In its Cyber Resilience: Health Check, the Australian Securities and Investments Commission (ASIC) has clearly articulated its position on cyber security and directors’ duties, stating:

  • it considers board participation important to promoting a strong culture of cyber resilience1
  • a failure to meet obligations to identify and manage cyber risks may, if you are a director or officer of a company, result in you being disqualified from your role.2

So where do you start?

Our ‘Six Point Cyber Security Check List’ is intended to provide a high level entry point for company directors and board members to design strategies to meet their legal obligations on cyber security.3

Six Point Cyber Security Check List

 Issue Strategy
 1. Has your organisation implemented the Australian Signals Directorate’s Top 4 Cyber Risk Mitigation Strategies? The Australian Signals Directorate (ASD) suggests that implementing its Top four mitigation strategies to protect your ICT system can address up to 85 percent of targeted cyber intrusions.
 2. Ask your CIO the Cyber Security Operations Centre’s Questions Senior Management Need to be Asking about Cyber Security:
  • What would a serious cyber incident cost our organisation?
  • Who would benefit from having access to our information?
  • What makes us secure against threats?
  • Is the behaviour of our staff enabling a strong security culture?
  • Are we ready to respond to a cyber security incident?
 3. Take the ASIC ‘Cyber Resilience Health Check’ ASIC’s Cyber Resilience: Health Check contains a number of ‘Health Check Prompts’ which provide useful guidance as to the questions directors and officers can ask in assessing their organisation’s awareness of and preparedness for cyber security issues.
 4. Does your organisation collect or handle personal information? If so is it compliant with the Privacy Act 1988 (Cth)? Does your organisation meet the legal requirement to take such steps as are reasonable in the circumstances to protect personal information from misuse, interference and loss; and from unauthorised access, modification or disclosure? (Australian Privacy Principle (APP) no. 11)
 5. Does your organisation process card payments?  If so, is it (or its card payment processing service provider) compliant with the Payment Card Industry’s Data Security Standard (DSS): Requirements and Security Assessment Procedures?
 6. Is your organisation, your outsourced service providers and third party products used in your organisation compliant with applicable industry standards? For example, the ISO 27000 series of IT and cyber security standards published by the International Organisation for Standardisation (ISO) and the International Electrotechnical Commission (IEC). See ISO/IEC 27018:2014; ISO/IEC 27001:2015.

Need to know more?

Read our related article Six cyber security standards you need to know about if you are a company director or board member.

_________________

1. Cyber Resilience: Health Check (ASIC Report 429), para. 102, page 29.
2. Cyber Resilience: Health Check (ASIC Report 429), paras. 146 – 148, page 38.
3. For convenience, key references in this check list are hyperlinked to relevant source documents. For more detail, see our article ‘Six Cyber Security Standards you need to know about if you are a Company Director or Board Member’.

If you would like further information, please contact us.

Author
Sean Field web Sean Field | Special Counsel
T +61 3 9258 3397
E sean.field@maddocks.com.au

 

 

The Corporations Act 2001 requires company directors and officers to discharge their duties with care and diligence. In its Cyber Resilience: Health Check, the Australian Securities and Investments Commission (ASIC) has clearly articulated its position on cyber security and directors’ duties, stating:

  • it considers board participation important to promoting a strong culture of cyber resilience1
  • a failure to meet obligations to identify and manage cyber risks may, if you are a director or officer of a company, result in you being disqualified from your role.2

So where do you start?

Our ‘Six Point Cyber Security Check List’ is intended to provide a high level entry point for company directors and board members to design strategies to meet their legal obligations on cyber security.3

Six Point Cyber Security Check List

 Issue Strategy
 1. Has your organisation implemented the Australian Signals Directorate’s Top 4 Cyber Risk Mitigation Strategies? The Australian Signals Directorate (ASD) suggests that implementing its Top four mitigation strategies to protect your ICT system can address up to 85 percent of targeted cyber intrusions.
 2. Ask your CIO the Cyber Security Operations Centre’s Questions Senior Management Need to be Asking about Cyber Security:
  • What would a serious cyber incident cost our organisation?
  • Who would benefit from having access to our information?
  • What makes us secure against threats?
  • Is the behaviour of our staff enabling a strong security culture?
  • Are we ready to respond to a cyber security incident?
 3. Take the ASIC ‘Cyber Resilience Health Check’ ASIC’s Cyber Resilience: Health Check contains a number of ‘Health Check Prompts’ which provide useful guidance as to the questions directors and officers can ask in assessing their organisation’s awareness of and preparedness for cyber security issues.
 4. Does your organisation collect or handle personal information? If so is it compliant with the Privacy Act 1988 (Cth)? Does your organisation meet the legal requirement to take such steps as are reasonable in the circumstances to protect personal information from misuse, interference and loss; and from unauthorised access, modification or disclosure? (Australian Privacy Principle (APP) no. 11)
 5. Does your organisation process card payments?  If so, is it (or its card payment processing service provider) compliant with the Payment Card Industry’s Data Security Standard (DSS): Requirements and Security Assessment Procedures?
 6. Is your organisation, your outsourced service providers and third party products used in your organisation compliant with applicable industry standards? For example, the ISO 27000 series of IT and cyber security standards published by the International Organisation for Standardisation (ISO) and the International Electrotechnical Commission (IEC). See ISO/IEC 27018:2014; ISO/IEC 27001:2015.

Need to know more?

Read our related article Six cyber security standards you need to know about if you are a company director or board member.

_________________

1. Cyber Resilience: Health Check (ASIC Report 429), para. 102, page 29.
2. Cyber Resilience: Health Check (ASIC Report 429), paras. 146 – 148, page 38.
3. For convenience, key references in this check list are hyperlinked to relevant source documents. For more detail, see our article ‘Six Cyber Security Standards you need to know about if you are a Company Director or Board Member’.

If you would like further information, please contact us.

Author
Sean Field web Sean Field | Special Counsel
T +61 3 9258 3397
E sean.field@maddocks.com.au