Government resources and international frameworks

The Australian Government has developed a variety of resources to help businesses manage their cyber risks and enhance their cyber resilience.

Businesses can also access internationally recognised frameworks to better manage and reduce cyber security risks and improve their cyber resilience.

Government resources

The Australian Signals Directorate’s Australian Cyber Security Centre (ACSC) has published a range of resources for large organisations and small-to-medium businesses. The ACSC’s guidance is informed by its experience in responding to cyber security incidents.

• Strategies to mitigate cybersecurity incidents: a foundational cyber security framework recommended for all organisations, including SMEs.
• Information Security Manual (ISM): a cyber security framework designed for chief information security officers, chief information officers, cyber security professionals, and information technology managers. The ISM framework can be integrated into a business' risk management framework for protecting their systems, applications, and data from cyber threats.
• Essential Eight: a security baseline and assessment process guide, which makes it much harder for adversaries to compromise systems.
• Incident response planning and management: resources to help businesses prepare for, respond to and manage cyber security incidents:
  • planning for cyber security incidents
  • managing cyber security incidents
  • cyber security incident response.

The ACSC’s guidance for incident response planning and management includes a Cyber Incident Response Plan (CIRP) template and a readiness checklist—to help businesses develop and strengthen their incident response capabilities. It’s important to tailor your CIRP and checklist to reflect your business’s unique operating environment, priorities, resources, and obligations. For more information and practical tools, visit: Cyber security incident response planning: Practitioner guidance.

Government resources for small businesses

To help small businesses, the ACSC has developed a range of resources including a cyber health check tool and security guide.

Small businesses can seek free, tailored support to build their cyber resilience and recover from a cyber incident through the Australian Government Small Business Cyber Resilience Service. The service is delivered by IDCARE.

Small businesses can also access a free online cyber security course via the Cyber Wardens program.

• Cyber health check tool
• ACSC small business hub
• Small business cyber security guide
• Educational pack for small businesses

International cyber security frameworks and standards

There are several international cyber security frameworks and standards that can help businesses manage cyber security risks and improve resilience. Some examples include:

• NIST Cyber Security Framework
• ISO/IEC 27001:2022
• CIS Critical Security Controls
• COBIT
• HITRUST
• Cloud Security Alliance - CSA Cloud Controls Matrix

Government campaigns

Act Now, Stay Secure

The Government’s ‘Act Now, Stay Secure’ initiative includes simple cyber safe actions that everyone can take every day to protect themselves online. It includes actionable tips and resources to help businesses strengthen their cyber resilience.

Cyber awareness month

Cyber Security Awareness Month in Australia is held annually in October. This month is dedicated to raising awareness about the importance of cyber security and promoting best practices to protect individuals and businesses from cyber threats.

For more information go to: Cyber Security Awareness Month 2025.