Course Content
Understanding the Defence Industry Security Programming (DISP)
This topic explains the Defence Industry Security Program (DISP). Explains what DISP does for the industry and which entities may apply for DISP membership.
0/4
What is the Defence Industry Security Program?
00:41
What does the Defence Industry Security Program do?
00:52
Entities that may apply for Defence Industry Security Program membership.
01:12
Defence Industry Security Program Knowledge Check
Our role within the Defence Industry Security Program
During this topic, you will be taught about our role within the Defence Industry Security Program, focusing on our process.
0/5
Our role within the Defence Industry Security Program
01:33
Understanding Initial Assessment (IA) Process
01:53
Understanding the Uplift Process
02:08
Understanding the Ongoing Suitability Assessment (OSA) Program
00:23
Our Role, Responsibilities and Processes Knowledge Check
Conduct An Initial Review of a Cyber Security Questionnaire (CSQ)
During this topic you will be taught about the Cyber Security Questionnaire, and how to conduct an initial review of a submitted questionnaire.
0/4
Understanding the Cyber Security Questionnaire (CSQ)
09:07
Conduct A Cyber Security Questionnaire (CSQ) Initial Review
02:51
Conduct An Initial Review Knowledge Check
Conduct An Initial Review Assignment
Conduct An Initial Assessment (IA) of a Cyber Security Questionnaire (CSQ)
During this topic you will be taught how to carry out an Initial Assessment (IA) of a Cyber Security Questionnaire (CSQ).
0/8
High-level Overview of an Initial Assessment
02:02
Application Control
01:22
Patching Application
01:28
Patching of Operating Systems
01:29
Restriction of Administrative Privileges
01:07
Initial Assessment Knowledge Check
Conduct an Initial Assessment (Client One)
Conduct an Initial Assessment (Client Two)
Conduct A Quality Assurance (QA) Check of an Initial Assessment (IA)
During this topic you'll be taught how to carry out a Quality Assurance (QA) Check of an Initial Assessment (IA).
0/6
Quality Assurance Overview
00:18
Common Faults
00:24
Key Technical Assessment Faults
00:21
QA Knowledge Check
Conduct a Quality Assessment (Client One)
Conduct a Quality Assessment (Client Two)
Conducting the Uplift Process
0/5
Uplift Program Overview
00:11
Requesting an Action Plan
01:41
Requesting Resubmission or Additional Information
01:06
Action Plan Acceptance
00:52
Uplift Letter Returned
00:46
Entry Level Assessors Course
Please login for access. Login
About Lesson

During the assessment process, an entity’s cyber security hygiene may be found to be Ad-Hoc or Developing, at this point in time the task status should be changed to Action Plan Requested once the assessment has been sent to the entity.

If you’re unsure of the status, review the entity records on Objective and ensure that the assessment was sent to the entity, requesting that they complete Part 2 – Action Plan.

Action Plan Purpose

The purpose of requesting a response to Part 2 of the assessment known as the “Action Plan” is to afford DISP applicants an opportunity to improve (“Uplift”) their cyber security hygiene.

The intent is for the uplift process to be a supportive one in which we offer general advice and guidance on how an entity may improve its cyber security hygiene.

Need to know:

DISO Cyber is not to provide software or vendor recommendations in relation to meeting our cyber security hygiene standards; Defence cannot be seen to endorse software solutions or vendors.

When an entity identifies that they’re using software or services, we can provide general guidance around their platforms.

Acceptable Example:

An entity is using Microsoft 365 business premium, however, they have not implemented Microsoft Endpoint Manager for the patching of applications or operating systems. It is acceptable to advise them that the platform they’re using supports this functionality and to point them toward it publicly.

Required Action

It is the responsibility of the applicant entity to complete and return Part 2 of their Cyber Assessment to DISO.Cyber@defence.gov.au. The entity may, at any time, request general advice or a teleconference to discuss their circumstances.

Join the conversation
Previous
Next