This audit would examine the effectiveness of the management of cyber security risks within selected entities.

The scope would include:

  • reviewing the actions taken by selected entities in prioritising cyber security to support the themes stated in Australia’s Cyber Security Strategy;
  • assessing cyber security controls implemented against the entities’ cyber security frameworks; and
  • comparing the entities’ implemented cyber security frameworks and controls against the mandatory controls required under the Protective Security Policy Framework and the Australian Signals Directorate’s Essential Eight Maturity Model.