Domain categorisation of draft 2019 security principles released by ACSC - ASD Making Cyber Security digestible for C-Level www.davidpiercepm.com

1. David Pierce PM
Leadership that Delivers Results
Australian Signals Directorate
Australian Cyber Security Principles
(2019 Initial Draft)
Categorised by David Pierce PM
Risk and Cyber Security Practionier
www.davidpiercepm.com
© David Pierce PM adapted from : ASD> https://acsc.gov.au/publications/Australian_Cyber_Security_Principles_Initial_Draft.pdf

2. ACSC 18 Principles – Protecting ISM
David Pierce PM
www.davidpiercepm.com
Adapted form ASD> https://acsc.gov.au/publications/Australian_Cyber_Security_Principles_Initial_Draft.pdf
Principles - Domain Categorised 1 of 5
Leadership
1. Cyber security leadership within organisations is provided by a Chief
Information Security Officer (CISO).
Access
2. Only trusted suppliers are used to deliver and support information and
communications technology services.
3. Only trusted, and vendor-supported, applications are allowed to execute
on systems.

3. ACSC 18 Principles – Protecting ISM
David Pierce PM
www.davidpiercepm.com
Adapted form ASD> https://acsc.gov.au/publications/Australian_Cyber_Security_Principles_Initial_Draft.pdf
Principles - Domain Categorised 2 of 5
Access (cont)
4. Only trusted suppliers are used to deliver and support information and
communications technology services.
5. Only trusted, and vendor-supported, applications are allowed to execute
on systems.
6. 5. Personnel are educated and trained in cyber security matters.
7. 6. Personnel are granted the minimum access to information,
applications and systems required for their duties.

4. ACSC 18 Principles – Protecting ISM
David Pierce PM
www.davidpiercepm.com
Adapted form ASD> https://acsc.gov.au/publications/Australian_Cyber_Security_Principles_Initial_Draft.pdf
Principles - Domain Categorised 3 of 5
Access (cont)
8. Unauthorised access to systems, supporting infrastructure and facilities is
restricted.
Deployment
9. Cyber security risks are identified, managed and accepted before systems
are used in production environments.
10. Applications, services and systems are designed, developed and deployed
using secure practices.

5. ACSC 18 Principles – Protecting ISM
David Pierce PM
www.davidpiercepm.com
Adapted form ASD> https://acsc.gov.au/publications/Australian_Cyber_Security_Principles_Initial_Draft.pdf
Principles - Domain Categorised 4 of 5
Deployment (cont)
11. Applications and services are configured in a secure manner to reduce
their attack surface.
Maintenance and Control
12. Cyber security risks are identified, managed and accepted before systems
are used in production environments.
13. Applications, services and systems are designed, developed and deployed
using secure practices.

6. ACSC 18 Principles – Protecting ISM
David Pierce PM
www.davidpiercepm.com
Adapted form ASD> https://acsc.gov.au/publications/Australian_Cyber_Security_Principles_Initial_Draft.pdf
Principles - Domain Categorised 5 of 5
Maintenance and Control
12. Important information is backed up in a secure and resilient manner on a
regular basis.
13. Sensitive information is encrypted at rest and in transit between different
systems.
14. Information transferred between different systems is done so in a
controlled and auditable manner.
15. Measures are implemented to detect and respond to cyber threats and
cyber security incidents.

7. Learn more about
David Pierce PM
© David Pierce PM
My Mantra: You are only as good as the last project you led
Website www.davidpiercepm.com
Blog www.davidpiercepm.com/blog
LinkedIn www.linkedin.com/in/davidpiercepm.com
Contact Me www.davidpiercepm.com/contact
Project Portfolio www.davidpiercepm.com/capabilities
Twitter @DavidPiercePM
#Tag #DPPM