Course Content
Understanding the Defence Industry Security Programming (DISP)
This topic explains the Defence Industry Security Program (DISP). Explains what DISP does for the industry and which entities may apply for DISP membership.
0/4
What is the Defence Industry Security Program?
00:41
What does the Defence Industry Security Program do?
00:52
Entities that may apply for Defence Industry Security Program membership.
01:12
Defence Industry Security Program Knowledge Check
Our role within the Defence Industry Security Program
During this topic, you will be taught about our role within the Defence Industry Security Program, focusing on our process.
0/5
Our role within the Defence Industry Security Program
01:33
Understanding Initial Assessment (IA) Process
01:53
Understanding the Uplift Process
02:08
Understanding the Ongoing Suitability Assessment (OSA) Program
00:23
Our Role, Responsibilities and Processes Knowledge Check
Conduct An Initial Review of a Cyber Security Questionnaire (CSQ)
During this topic you will be taught about the Cyber Security Questionnaire, and how to conduct an initial review of a submitted questionnaire.
0/4
Understanding the Cyber Security Questionnaire (CSQ)
09:07
Conduct A Cyber Security Questionnaire (CSQ) Initial Review
02:51
Conduct An Initial Review Knowledge Check
Conduct An Initial Review Assignment
Conduct An Initial Assessment (IA) of a Cyber Security Questionnaire (CSQ)
During this topic you will be taught how to carry out an Initial Assessment (IA) of a Cyber Security Questionnaire (CSQ).
0/8
High-level Overview of an Initial Assessment
02:02
Application Control
01:22
Patching Application
01:28
Patching of Operating Systems
01:29
Restriction of Administrative Privileges
01:07
Initial Assessment Knowledge Check
Conduct an Initial Assessment (Client One)
Conduct an Initial Assessment (Client Two)
Conduct A Quality Assurance (QA) Check of an Initial Assessment (IA)
During this topic you'll be taught how to carry out a Quality Assurance (QA) Check of an Initial Assessment (IA).
0/6
Quality Assurance Overview
00:18
Common Faults
00:24
Key Technical Assessment Faults
00:21
QA Knowledge Check
Conduct a Quality Assessment (Client One)
Conduct a Quality Assessment (Client Two)
Conducting the Uplift Process
0/5
Uplift Program Overview
00:11
Requesting an Action Plan
01:41
Requesting Resubmission or Additional Information
01:06
Action Plan Acceptance
00:52
Uplift Letter Returned
00:46
Entry Level Assessors Course
Please login for access. Login
About Lesson

Overview

The objective of the Initial Assessment is to use the Cyber Security Questionnaire (CSQ) to gather sufficient information to make an assessment under the ACSC Top 4 (Obsolete) as to the level of the company’s cyber security hygiene.

A further breakdown of the ACSC Top 4 (Obsolete) – Application Control, Patch Applications, Patch Operating Systems, and Admin Privileges will be provided in further lessons.

Understanding the Cyber Security Assessment Template 

Technical Findings

It is important when conducting an Initial Assessment that is technical findings as consistent with our messaging and the comments relating to recommendations in Part 2 – Findings and Recommendations. 

Avoid:

  • Making Long Written observations
  • Echoing entity comments from their CSQ.

Cyber Security Hygiene Rating

Our rating scale is based on responses within the questionnaire, we will assess the overall level of cyber security maturity using the following ratings. 

Recommendations 

As general advice, we recommend that you review your compliance with the four controls listed in the table above. Guidance can be found at: https://cyber.gov.au/publications/.  

  • Essential Eight Maturity Model 
  • Essential Eight to ISM Mapping 
  • Implementing Application Control 
  • Secure Administration 
  • Hardening Microsoft Windows 10 Workstations 
  • Patching Guidelines 

Bring Your Own Devices (BYOD) 

The use of BYOD does not mitigate the requirement for application control or patching of applications and operating systems on workstations. All components of your organisations information systems or services that are used to correspond with Defence, are considered within the scope of this assessment. This includes all endpoints such as desktops, laptops, mobile devices, and virtual machines. 

Join the conversation
Previous
Next