Vic Govt security standards to launch next month

The data security boss for the Australian state of Victoria David Watts says more than 2,500 state government agencies will be required to comply with security benchmarks to be released next month.

Watts says the Victorian Government Protective Data Security Framework (VPDSF) he and his team developed is slated for release on 1 July and will be requirements of government contracts.

Speaking at the AusCERT conference on the Gold Coast today, Watts said he expects agencies to comply with the standards as of 2017, despite the lack of penalties for non-compliance.

“The VPDSF will apply to more than 2,500 bodies and agencies and will require them to take a holistic data security approach,” Watts says.

“It will be focusing on observed weaknesses and likely threat vectors.

“There is an incredible reliance [in Victorian agencies] on outsourcing and third parties without an understanding of the risks.”

Watts says the compliance will take place as a staged roll out due to a lack of security boffins in the state, and will emphasise a soft non-confrontational approach.

That riled some industry types who said during the presentation that agencies would not comply without threat of repercussions such as fines and job losses.

The VPDSF is built on a security-by-design approach with a focus on human-related threats such as insider thieves and include a subset of tools agencies should deploy.

Bureaucrats can check out the standards on the Vic commissioner's website. ®