The Australian Government is developing our nation’s next Cyber Security Strategy as part of its commitment to protecting Australians from cyber threats.
The new strategy will be a successor to Australia’s landmark 2016 Cyber Security Strategy, which set out the Government’s 4 year plan to advance and protect our interests online backed by a $230 million investment.
The 2020 Cyber Security Strategy will build on this investment to position Australia to meet the rapidly evolving cyber threat environment.
“The scheme should screen”. Why a Cyber Security Accreditation or Certification scheme needs to include personnel suitability assessments.
Because People matter. Trusted Insiders matter.
Insiders have access to sensitive information on a regular basis and can know how that information is protected. If they want to steal it or leak it they can usually do so with far greater ease than outsiders. Insiders can put an organisation’s data at risk with little effort.
OAIC: “Any sizeable organisation is likely to have some employees who are unhappy at work – meaning that there may be people who have access to data and who have a motive for leaking it.”
An insider with malicious intent who works for or with the organisation has already bypassed most security features without having to do anything but simply log on.
47 Security Experts weigh in the topic of insiders here.
The problem is real. Counter-productive workplace behaviours and hostile acts happen.
Why does a civilian suitability clearance inside a Cyber Security Accreditation or Certification scheme make sense?
Research has proven that a limited, one-dimensional National Police Check is futile to safeguard organisations. Best practices embed enhanced personnel vetting measures (such as background suitability interviews and assessments) into the management of employees, temporary staff and third parties (contractors, partners, and other service or product solution providers).
Having a proven trusted workforce dovetails with the requirements set forth in the Protective Security Policy Framework PSPF which recommends screening people for suitability even before offering the job.
OAIC: “Such a scheme could help to rebalance the information asymmetry and risk between individuals and providers of ICT products and services particularly as effective cyber protection is complex and evolving.”
Accenture “One of the growing risks of cyber security is insider threat … through a process of vetting businesses and individuals could become accredited as a trusted capability partner”.
OAIC: ‘A cyber security accreditation or certification scheme could assist individuals to differentiate the cyber security expertise and credentials of software services, infrastructure and internet platform providers”
Here is how it could work:
- The cyber security organisation applies for cyber security accreditation or certification scheme.
- The accreditors assess personnel security in the following way: the organisation provides evidence that all their people have been awarded either a
- (a) PSPF-compliant government security clearance (eg. Baseline, NV1, NV2, PV clearance) or
- (b) PSPF-compliant civilian suitability clearance. (This process complements, augments or in other words – lays on top of – existing recruitment processes and does not of itself replace existing checks that are done by HR.)
- The accreditor can audit the civilian vetting agency’s process, analysis and clearance results to ensure PSPF compliance and that the whole of person protocol has been followed.
Cleard Life Vetting Agency discovers hidden risk and gives the industry a standardise result and piece of mind for all.
CLVA is the only PSPF-compliant civilian suitability clearance in Australia.
We can deliver results as fast as next day – not weeks, months and years and is priced as low as $135 per assessment.
CLVA’s “Vetting As A Service” platform:
- Discourages Candidate’s with something to hide.
- Demonstrates your priorities towards security.
- Uncovers falsified or “puffed” credentials.
- Eliminates uncertainties in the hiring process.
- Demonstrates due diligence.
- Encourages Candidate’s to be honest and truthful.
- Saves money & time spent on recruiting, hiring, re-hiring and training.
- Can help protect against negligent hiring lawsuits.
- Reduces chance of injury to employees.
- Reduces employee theft.
- Reduces turnover.
- Reduces workplace violence.
- Reduces insurance premiums.
- Increases productivity and employee morale.
You don’t have to wait for an accreditation body to be stood up before creating a trusted workforce – talk to use today about how we can assist your goals.
Articles that maybe of interest: