Cyber security standards and guidelines

Boost your cyber security using these standards, guidelines and tips.

On this page

• Information Technology Asset Management Guidance
• Victorian Protective Data Security Framework and Standards
• Australian Government Information Security Manual
• The ‘Essential Eight’
• Cloud security guidelines

Information Technology Asset Management Guidance

Managing Victorian Government IT infrastructure and applications effectively is critical to reducing cyber security risk. To improve the way, we manage Victorian Government IT assets, best practice guidance has been developed.

Good IT asset management contributes to better cybersecurity in an organisation to help manage the threat of:

• data theft from lost IT assets

• ransomware attacks

• unmaintained assets become unavailable due to lack of maintenance

• exposure to outdated legacy systems which may have vulnerabilities

Access the Information Technology Asset Management Guidance.

Victorian Protective Data Security Framework and Standards

The Victorian Protective Data Security Framework and Standards (VPDSF) is the overall scheme for managing protective data security risks in Victoria’s public sector.

The VPDSF consists of the:

• Victorian Protective Data Security Framework
• Victorian Protective Data Security Standards
• Assurance Model
• Supplementary security guides and supporting resources

You can contact the Office of the Victorian Information Commissioner for advice on the applicability of the VPDSF to your Victorian Government organisation.

Australian Government Information Security Manual

This Information Security Manual (ISM) helps organisations to protect their information and systems from cyber threats.

These guidelines are intended for:

• chief information security officers (CISOs)
• chief information officers (CIOs)
• cyber security professionals
• information technology managers

Access the Australian Government Information Security Manual (produced by the Australian Cyber Security Centre.)

The ‘Essential Eight’

The Australian Cyber Security Centre has compiled a list of mitigation strategies, known as The Essential Eight that organisations can use as starting points to improve their cyber resilience. These should be implemented as a baseline where possible.

Implementing these 8 strategies proactively can be more cost-effective in terms of time, money and effort than responding to a successful large-scale cyber security incident.

The Essential Eight are:

1. Application whitelisting - Whitelist approved and trusted programs to prevent the execution of unapproved or malicious programs from executing.
2. Patching applications - Perform regular patching/updating of applications in your network.
3. Office macros - Configure Microsoft Office products to block the execution of un-trusted macros.
4. Harden user applications - Tightly control applications that have the ability to perform unwanted or potentially vulnerable actions.
5. Restrict administrative privileges - Restrict administrative privilege for operating systems and applications based on user duties.
6. Patch operating systems – Routinely patch and upgrade your operating systems to the latest versions.
7. Use multi-factor authentication - Set up multi-factor authentication to provide higher authentication assurance for privileged, power and remote user access.
8. Backup daily – Create regular backups of your most important data and configuration settings to help you recover quickly from a disruption. Keep backups on a device that is not connected to your network.

Cloud security guidelines

The cloud security guidelines are intended to support Victorian Government organisations in making informed, risk-based decisions about the use of cloud services.

They are targeted at general management, cyber security and IT security practitioners. They assume basic knowledge of cloud computing and enterprise security architectures.

Download the guidelines:

Victorian Government Cloud Security Guidelines (CISO-Guidance-01) PDF 512.39 KB (opens in a new window)

Victorian Government Office 365 Security Guidance PDF 990.91 KB (opens in a new window)

These guidelines were developed by the Department of Government Services Cyber Security Unit for use by Victorian Government organisations.

Updated 16 January 2025

About the VIC Government

• The Premier and ministers
• Find a Vic Gov department, agency or service
• Strategies and policies
• Inquiries and royal commissions

Grants and programs

Jobs and careers

• Apprenticeships Victoria
• Finding a job guide

Arts, culture and heritage

Business and the workplace

• Mentally Healthy Workplaces Framework
• Portable Long Service Authority
• Victoria’s racing industry
• Workforce Inspectorate Victoria
• Liquor licensing, sale and supply

Communities

• Children
• First Peoples - State Relations
• Finding records
• Gender equality & women’s leadership
• LGBTIQA+ equality
• Multicultural communities
• Seniors Online
• Veterans support and commemoration
• Volunteering in Victoria
• Youth Central

Education and training

• Victorian Early Childhood Regulatory Authority
• Early childhood education – information for professionals
• Kinder: Best Start, Best Life
• Education – information for parents
• Schools.Vic - information for schools
• Education grants, programs, awards and events
• PROTECT
• TAFE, training and universities sector
• TAFE Victoria
• Victorian Skills Authority
• Apprenticeships Victoria
• Learn Local

Environment, water and energy

• Building Victoria’s circular economy
• Recycling Victoria home

Finance and economy

• Economic Growth Statement

Health and social support

• Family violence reform
• NDIS Worker Screening Check
• NDIS and disability services and support in Victoria
• Patient Review Panel
• Transforming Trauma Victoria

Housing and property

• Housing Registrar
• Opening doors
• Know Your Council

Law and justice

• Adoption
• Births, deaths and marriages
• Honorary justices
• Machete ban
• Safeguarding Victorians against terrorism
• Stolen Generations Reparations Package
• Victims of Crime
• Victorian Racing Tribunal

Safety and emergencies

• Emergency Recovery Victoria
• Victorian Emergency Relief and Recovery Foundation
• Emergency Recovery Resource Portal
• How well do you know fire
• Fire Services Reform
• Water safety
• Marine Search and Rescue

Science and technology

• Data sharing and open data
• Data.vic - discover and access Vic Gov open data
• Developer.Vic - portal for API developers
• Go.vic URL shortener
• Vic Gov IT project dashboard
• Victoria’s free public wi-fi network
• Cyber security in the Victorian Government

Sport and recreation

Traffic and transport

• Cameras Save Lives
• Transport Fines
• Getting Around
• Transport Planning
• Transport Future
• Climate Change and transport
• Future Directions For Transport
• Transport projects
• Ports and Freight

Working in the Victorian Government

• Single Digital Presence home
• Accommodation and Library Services
• Executive employment in the Victorian public sector
• Budget, procurement and funding
• Careers in the Victorian Government
• Council and Regulator Toolkit
• Guidelines for working in government
• Join a government network
• Standards and guidelines
• VicFleet CarPool
• Victorian Government style guide