- Outdated ICT policies that are not suitable for the current ICT environments
- Policies need to be written in a consistent and easy to understand way so that all staff can follow them
- Time constraints, needed to provide core policies within a short timeframe
- Lack of a Cyber Security strategy or risk assessment methodology
- Review current ICT Policies and identify requirements to revise and update them in alignment with the NSW State government guidelines
- Draft Risk Management Policy, Cyber Security Policy and other related policies while taking into consideration the state and capabilities of current systems.
- Workshop policies with stakeholders and ensure that there is a clear understanding of the responsibilities and inherent tasks that need to be carried out to meet the policy requirements.
- Finalise and present policies to council for approval.
- Propose a program of works and solution requirements that need to be added to the ICT Strategic Plan.
|What did we learn?
- The key lesson learned is to keep the policies as effective and practical as possible buy keep them simple to follow by all staff.
- Internal discussions and review of the ICT Policies should be carried out as part of the councils Security Awareness training.