The Australian government's Information Security Registered Assessors Program (IRAP) provides cyber security guidelines. Assessors identify security deficiencies and then evaluate compliance with corrective measures.

The program has four key principles:

1. Govern - IRAP recommends organizations hire a chief information security officer, and that cyber security be considered part of the risk management framework.

2. Protect - information should be encrypted at rest and while in transit between systems, and applications should have their attack surface limited.

3. Detect - Both breaches and 'anomalous activities' should be recorded and analyzed quickly.

4. Respond - Incidents should be reported both internally and to security regulatory agencies.