Canberra proposes IoT ‘star’ ratings and mandatory cyber standards for big business

The federal government wants to strengthen Australia’s cybersecurity regulations and has suggested seven areas for policy reform, including the introduction of mandatory governance standards for larger businesses, a code for how personal information is handled, and a system for regulating smart devices.

In a bid to “further protect the economy from cybersecurity threats”, the government is proposing [PDF] either a voluntary or mandatory set of governance standards for larger businesses that would “describe the responsibilities and provide support to boards”.

While the crux of both options is similar, the mandatory code would require the entities covered to achieve compliance within a specific timeframe. A mandatory code would also see enforcement applied. A voluntary option would not require specific technical controls to be implemented and would rather be…

Read more…