The Australian government's Information Security Registered Assessors Program (IRAP) provides cyber security guidelines. Assessors identify security deficiencies and then evaluate compliance with corrective measures.
The program has four key principles:
1. Govern - IRAP recommends organizations hire a chief information security officer, and that cyber security be considered part of the risk management framework.
2. Protect - information should be encrypted at rest and while in transit between systems, and applications should have their attack surface limited.
3. Detect - Both breaches and 'anomalous activities' should be recorded and analyzed quickly.
4. Respond - Incidents should be reported both internally and to security regulatory agencies.