About Us

We work collaboratively with our clients to build strong, sustainable relationships. Our team is committed to delivering consistent high standards of service, and we understand the importance of accessibility. Working with us, you'll enjoy open communication, meaning well scoped, properly resourced and effectively managed matters.

Learn More

Latest Case

Advising global cryptocurrency exchange operators on entry into Australian market July 31, 2018

The rise in popularity and demand for cryptocurrency trading has resulted in a number of cryptocurrency exchange operators expanding into different countries, including Australia, to create a global brand. In Australia, new laws and regulations … Continued

Latest News

Maddocks advises French firm on major construction company acquisition August 6, 2018

Monday 6 August 2018 Law firm Maddocks recently advised French firm Bouygues Construction on its acquisition of leading Australian construction and fitout business AW Edwards. The acquisition is a key part of Bouygues’ continued expansion … Continued

Latest Article

Do your construction documents conform with the new Ministerial Directions and Instructions for Public Construction Procurement? August 15, 2018

Are you a state government department or public body which procures public construction works and services? Are you in the process of determining which form of contract will be most appropriate for your procurement to issue … Continued

Six point cyber security check list for company directors and board members

The Corporations Act 2001 requires company directors and officers to discharge their duties with care and diligence. In its Cyber Resilience: Health Check, the Australian Securities and Investments Commission (ASIC) has clearly articulated its position on cyber security and directors’ duties, stating:

  • it considers board participation important to promoting a strong culture of cyber resilience1
  • a failure to meet obligations to identify and manage cyber risks may, if you are a director or officer of a company, result in you being disqualified from your role.2

So where do you start?

Our ‘Six Point Cyber Security Check List’ is intended to provide a high level entry point for company directors and board members to design strategies to meet their legal obligations on cyber security.3

Six Point Cyber Security Check List

 Issue Strategy
 1. Has your organisation implemented the Australian Signals Directorate’s Top 4 Cyber Risk Mitigation Strategies? The Australian Signals Directorate (ASD) suggests that implementing its Top four mitigation strategies to protect your ICT system can address up to 85 percent of targeted cyber intrusions.
 2. Ask your CIO the Cyber Security Operations Centre’s Questions Senior Management Need to be Asking about Cyber Security:
  • What would a serious cyber incident cost our organisation?
  • Who would benefit from having access to our information?
  • What makes us secure against threats?
  • Is the behaviour of our staff enabling a strong security culture?
  • Are we ready to respond to a cyber security incident?
 3. Take the ASIC ‘Cyber Resilience Health Check’ ASIC’s Cyber Resilience: Health Check contains a number of ‘Health Check Prompts’ which provide useful guidance as to the questions directors and officers can ask in assessing their organisation’s awareness of and preparedness for cyber security issues.
 4. Does your organisation collect or handle personal information? If so is it compliant with the Privacy Act 1988 (Cth)? Does your organisation meet the legal requirement to take such steps as are reasonable in the circumstances to protect personal information from misuse, interference and loss; and from unauthorised access, modification or disclosure? (Australian Privacy Principle (APP) no. 11)
 5. Does your organisation process card payments?  If so, is it (or its card payment processing service provider) compliant with the Payment Card Industry’s Data Security Standard (DSS): Requirements and Security Assessment Procedures?
 6. Is your organisation, your outsourced service providers and third party products used in your organisation compliant with applicable industry standards? For example, the ISO 27000 series of IT and cyber security standards published by the International Organisation for Standardisation (ISO) and the International Electrotechnical Commission (IEC). See ISO/IEC 27018:2014; ISO/IEC 27001:2015.

Need to know more?

Read our related article Six cyber security standards you need to know about if you are a company director or board member.

_________________

1. Cyber Resilience: Health Check (ASIC Report 429), para. 102, page 29.
2. Cyber Resilience: Health Check (ASIC Report 429), paras. 146 – 148, page 38.
3. For convenience, key references in this check list are hyperlinked to relevant source documents. For more detail, see our article ‘Six Cyber Security Standards you need to know about if you are a Company Director or Board Member’.

If you would like further information, please contact us.

Author
Sean Field web Sean Field | Special Counsel
T +61 3 9258 3397
E sean.field@maddocks.com.au

 

 

The Corporations Act 2001 requires company directors and officers to discharge their duties with care and diligence. In its Cyber Resilience: Health Check, the Australian Securities and Investments Commission (ASIC) has clearly articulated its position on cyber security and directors’ duties, stating:

  • it considers board participation important to promoting a strong culture of cyber resilience1
  • a failure to meet obligations to identify and manage cyber risks may, if you are a director or officer of a company, result in you being disqualified from your role.2

So where do you start?

Our ‘Six Point Cyber Security Check List’ is intended to provide a high level entry point for company directors and board members to design strategies to meet their legal obligations on cyber security.3

Six Point Cyber Security Check List

 Issue Strategy
 1. Has your organisation implemented the Australian Signals Directorate’s Top 4 Cyber Risk Mitigation Strategies? The Australian Signals Directorate (ASD) suggests that implementing its Top four mitigation strategies to protect your ICT system can address up to 85 percent of targeted cyber intrusions.
 2. Ask your CIO the Cyber Security Operations Centre’s Questions Senior Management Need to be Asking about Cyber Security:
  • What would a serious cyber incident cost our organisation?
  • Who would benefit from having access to our information?
  • What makes us secure against threats?
  • Is the behaviour of our staff enabling a strong security culture?
  • Are we ready to respond to a cyber security incident?
 3. Take the ASIC ‘Cyber Resilience Health Check’ ASIC’s Cyber Resilience: Health Check contains a number of ‘Health Check Prompts’ which provide useful guidance as to the questions directors and officers can ask in assessing their organisation’s awareness of and preparedness for cyber security issues.
 4. Does your organisation collect or handle personal information? If so is it compliant with the Privacy Act 1988 (Cth)? Does your organisation meet the legal requirement to take such steps as are reasonable in the circumstances to protect personal information from misuse, interference and loss; and from unauthorised access, modification or disclosure? (Australian Privacy Principle (APP) no. 11)
 5. Does your organisation process card payments?  If so, is it (or its card payment processing service provider) compliant with the Payment Card Industry’s Data Security Standard (DSS): Requirements and Security Assessment Procedures?
 6. Is your organisation, your outsourced service providers and third party products used in your organisation compliant with applicable industry standards? For example, the ISO 27000 series of IT and cyber security standards published by the International Organisation for Standardisation (ISO) and the International Electrotechnical Commission (IEC). See ISO/IEC 27018:2014; ISO/IEC 27001:2015.

Need to know more?

Read our related article Six cyber security standards you need to know about if you are a company director or board member.

_________________

1. Cyber Resilience: Health Check (ASIC Report 429), para. 102, page 29.
2. Cyber Resilience: Health Check (ASIC Report 429), paras. 146 – 148, page 38.
3. For convenience, key references in this check list are hyperlinked to relevant source documents. For more detail, see our article ‘Six Cyber Security Standards you need to know about if you are a Company Director or Board Member’.

If you would like further information, please contact us.

Author
Sean Field web Sean Field | Special Counsel
T +61 3 9258 3397
E sean.field@maddocks.com.au