ASD's Blueprint for Secure Cloud

Cyber Security Roles

This page provides a template and guidance to assist organisations in documenting the cyber security roles associated with their system(s) built on ASD's Blueprint for Secure Cloud.

Estimated reading time: 3 minutes

ASD’s ISM outlines the following key roles as required in relation to the operation of <SYSTEM-NAME>.

Chief Information Security Officer (CISO)

Applicability

ISM controls relating to the CISO role are applicable to <SYSTEM-NAME> as they require oversight of cyber security risks and controls within <ORGANISATION-NAME> and as such are applicable to this SSP.

<INSERT ADDITIONAL INFORMATION AS APPROPRIATE>

Organisational Policies and Processes Implemented

The CISO is responsible for information security within <ORGANISATION-NAME>. They are responsible for the definition, authorisation, review, and monitoring of information security policies within the organisation in accordance with the duties outlined in the SSP Annex.

Contact NameContact PhoneContact Email
<CISO-NAME><+61# ## ### ###><CISO-EMAIL@ORGANISATION.GOV.AU>

<INSERT ADDITIONAL INFORMATION AS APPROPRIATE>

Technical Controls Implemented

No technical controls are implemented in <SYSTEM-NAME> relating to the CISO’s roles and responsibilities.

<INSERT ADDITIONAL INFORMATION AS APPROPRIATE>

System Owner

Applicability

ISM controls relating to the System Owner role are applicable to <SYSTEM-NAME> as they require system-specific governance in <ORGANISATION-NAME> and as such are applicable to this SSP.

<INSERT ADDITIONAL INFORMATION AS APPROPRIATE>

Organisational Policies and Processes Implemented

The System Owner monitors security risks and the effectiveness of security controls for <SYSTEM-NAME> and performs or delegates relevant duties outlined in the SSP Annex.

Contact NameContact PhoneContact Email
<SYSTEM-OWNER-NAME><+61# ## ### ###><SYSTEM-OWNER-EMAIL@ORGANISATION.GOV.AU>

<INSERT ADDITIONAL INFORMATION AS APPROPRIATE>

Technical Controls Implemented

No technical controls are implemented in <SYSTEM-NAME> relating to the System Owner’s roles and responsibilities.

<INSERT ADDITIONAL INFORMATION AS APPROPRIATE>

Other Roles

ASD’s ISM outlines other roles and responsibilities that may be relevant to the operation of <SYSTEM-NAME>.

Applicability

ISM controls relating to the appropriate management of <SYSTEM-NAME> within <ORGANISATION-NAME> may be relevant to this SSP, but are not specifically required by the ISM.

Organisational Policies and Processes Implemented

Information Technology Security Advisor (ITSA)

The ITSA is responsible for managing IT Security across <ORGANISATION-NAME>.

Contact NameContact PhoneContact Email
<ITSA-NAME><+61# ## ### ###><ITSA-EMAIL@ORGANISATION.GOV.AU>
System Manager

The System Manager is responsible for managing the day-to-day operations of <SYSTEM-NAME> as delegated by the System Owner.

Contact NameContact PhoneContact Email
<SYSTEM-MANAGER-NAME><+61# ## ### ###><SYSTEM-MANAGER-EMAIL@ORGANISATION.GOV.AU>
Data Owner

Data Owners are responsible for ensuring relevant data complies with policies and regulatory requirements, and is assigned an appropriate classification as defined within the PSPF.

Contact NameContact PhoneContact Email
<DATA-OWNER-1-NAME><+61# ## ### ###><DATA-OWNER-1-EMAIL@ORGANISATION.GOV.AU>
<DATA-OWNER-2-NAME><+61# ## ### ###><DATA-OWNER-2-EMAIL@ORGANISATION.GOV.AU>

<INSERT ADDITIONAL INFORMATION AS APPROPRIATE>

Technical Controls Implemented

No technical controls are implemented in <SYSTEM-NAME> relating to these roles and responsibilities.

<INSERT ADDITIONAL INFORMATION AS APPROPRIATE>

Security & Governance

  • None identified

Design

  • None identified

External Documentation

Do you have a suggestion on how the above page could be improved? Get in touch! ASD's Blueprint for Secure Cloud is an open source project, and we would love to get your input. Submit an issue on our GitHub, or send us an email at blueprint@asd.gov.au

Acknowledgement of Country icon

Acknowledgement of Country
We acknowledge the Traditional Owners and Custodians of Country throughout Australia and their continuing connections to land, sea and communities. We pay our respects to them, their cultures and their Elders; past, present and emerging. We also recognise Australia's First Peoples' enduring contribution to Australia's national security.

Authorised by the Australian Government, Canberra