Fines and penalties for non-compliance.

Australia’s information security industry wants to see the Government introduce a mandatory baseline for basic IT security and associated penalties for non-compliance as part of the country’s revised national cyber security strategy.

Infosec industry representative body AISA recently followed the Communications Alliance to release the second public submission to the Government’s review of the ageing national cyber security strategy.

AISA said the setting of a mandatory security baseline and support for small-to-medium enterprise in implementing basic security were two of the most important missing pieces of cyber security in Australia.

It said its 3000 members named poor information sharing, lack of investment in security and failure at the executive level to appreciate security risks as the top challenges for Australian organisations in information security.

AISA members listed a need for greater understanding at board level of cybersecurity risks “coupled with some sort of regulatory push by way of a mandated security baseline or greater penalties for data security failures to encourage the adoption of improved security controls”.

“There is also wide support for increased enforcement and penalties for non-compliance with agreed baselines where private information is concerned or where such enforcement would be regarded as for the public good,” AISA wrote in its submission.

“AISA members support government funding of some sort [of] verification or low-level audit activity for essential systems or for service providers hosting personal information and in other cases where assurance is required.”

Read the full article at itnews