top of page

Australia's IRAP

The Australian government's Information Security Registered Assessors Program (IRAP) provides cyber security guidelines. Assessors identify security deficiencies and then evaluate compliance with corrective measures.

The program has four key principles:

1. Govern - IRAP recommends organizations hire a chief information security officer, and that cyber security be considered part of the risk management framework.

2. Protect - information should be encrypted at rest and while in transit between systems, and applications should have their attack surface limited.

3. Detect - Both breaches and 'anomalous activities' should be recorded and analyzed quickly.

4. Respond - Incidents should be reported both internally and to security regulatory agencies.

bottom of page