Our work across Queensland’s public sector and local government entities gives us a wealth of insights.
Over the years, we have provided advice and recommendations to entities on cyber risk and security through our reports to parliament, better practice guidance, blogs, and events.
Podcast – Cyber risk: what do we do now?
Listen in as 2 of our senior directors and the Queensland Government's Cyber Security Unit chat about what chief executives need to consider, including risk management, controls, and what to do if you experience a cyber attack. We share some interesting findings and important recommendations from our recent report Responding to and recovering from cyber attacks.
New better practice guides
Our Cyber response and recovery governance checklist provides key questions that those charged with governance should consider with respect to their entity’s cyber security incident response and recovery.
Cyber response and recovery governance checklist
And entities can use our Role capability checklist for cyber attack response and recovery as a prompt to think about where they do or do not hold relevant capabilities across their people, processes, or through technology, note when they were last tested, and address any gaps.
Role capability checklist for cyber attack response and recovery
Related resources
Blog posts
- Managing risks associated with third-party providers
- Risk management – where do we start?
- Advice on reporting data breaches
- How you can manage the risk of your legacy systems
- Is your Information Security Management System helping you mitigate cyber risk?
- Advice on ransomware prevention and recovery
- Increasing concerns around cyber security risks
- The role of governance committees in managing cyber security risks
- Are your 'everyday' internal controls strong enough to prevent a fraud attempt?
- Have you considered physical security as part of your cyber security strategy?
- What does the Queensland Government's information security policy (IS18:2018) mean for you?
- Learnings from our recent cyber security report to parliament
- Cyber security tips
More better practice tools
- Fraud and corruption self-assessment tool
- Fraud risk assessment and planning model
- Risk management maturity model
- Learnings for ICT projects
Reports to parliament
State entities 2023 (Report 11: 2023–24)
2024 status of Auditor-General’s recommendations (Report 1: 2024–25)
Implementing machinery of government changes (Report 17: 2022–23)
Delivering successful technology projects (Report 7: 2020–21)
Effectiveness of audit committees in state government entities (Report 2: 2020–21)
Managing cyber security risks (Report 3: 2019–20)
Monitoring and managing ICT projects (Report 1: 2018–19)
Security of critical water infrastructure (Report 19: 2016–17)
