Total 650 words used.
[REDACTED FOR PUBLICATION] As reported by one of the global cyber security researchers, in 2020 Australia was the most-attacked ransomware target in the Asia-Pacific region.
To mitigate the risk of cybercrime, the Council's Cyber Security team embarked on a Cyber Security Uplift project with the vision to ensure the City supports ‘Resilient Sydney’ objectives and to realise the following benefits:
- Reduce security risks and exposure
- Improve security posture
- Implement 24/7 monitoring, detection and incident response
- Advance staff awareness
Taking action to proactively manage cyber security challenges, the Council implemented the following new and innovative measures [REDACTED FOR PUBLICATION] that have provided a significant increase in the Council’s resilience to cyber threats.
[REDACTED FOR PUBLICATION]
Initiative 1 - Cyber Security Management Framework (CSMF)
The City engaged an independent security consulting firm to review existing security controls and identify any potential gaps. As a result, we developed the City's [REDACTED FOR PUBLICATION] Cyber Security Management Framework [REDACTED FOR PUBLICATION] to drive continuous cyber security improvements in technology management, operational security and personnel awareness.
[REDACTED FOR PUBLICATION]
[REDACTED FOR PUBLICATION]
Initiative 2 - Managed Security Service Provider (MSSP)
In December 2020, the Council partnered with a security provider to deliver a range of services and provide the security capabilities necessary to support the Council throughout its journey of digital transformation and beyond.
For the first time ever, this initiative provided the Council with access to services for:
- global threat analysis,
- centralised network event monitoring,
- pro-active scanning for security vulnerabilities,
- enhanced malicious activity detection on user devices,
- orchestration of incident response and threat remediation
The implementation commenced in Feb 2021 which was followed by the process of operational adoption via tuning and customisation.
[REDACTED FOR PUBLICATION]
[REDACTED FOR PUBLICATION]
Initiative 3 - Email Phishing Awareness Program
The City has rolled out our phishing awareness training program, reinforced with monthly phishing simulation tests. This has allowed us to create a safe, educational environment for staff to practice identify and report suspected phishing attempts.
[REDACTED FOR PUBLICATION]
[REDACTED FOR PUBLICATION] Reporting of False Positives (i.e. legitimate emails incorrectly reported as Phishing) has reduced dramatically [REDACTED FOR PUBLICATION] .
[REDACTED FOR PUBLICATION]
[REDACTED FOR PUBLICATION]
The Future Roadmap - The Cyber Security Team continues to undertake assessments of its security posture and alignment to industry standards and best practice. WE are committed to meet with our MSSP regularly to re-evaluate controls in order to ensure cyber security protection across council services.
Nomination Title: Cyber Security Uplift at the City of Sydney