What is the Benchmark?
The Benchmark is an annual self-assessment of baseline cyber security controls across the Victorian Government. It uses the Australian Cyber Security Centre’s Essential Eight Maturity Model.
The Victorian Government Cyber Maturity Benchmark brings risk, IT and cyber professionals together to assess baseline cyber controls and plan improvements that will protect government services and data.
The Victorian Government Chief Information Security Officer recommends organisations implement the Essential Eight mitigation strategies as a baseline to prevent cyber incidents, mitigate the damage they cause, and recover from more efficiently and effectively.
The Benchmark self-assessment can help you:
- review and understand the maturity of your organisation’s baseline cyber controls
- produce reports that can be used to make decisions about investment in cyber security improvements
- support Victorian Protective Data Security Standard (VPDSS) attestation for Standard 11: ICT Security by providing information about technical controls
- compare your organisation’s cyber maturity against a whole-of-government benchmark or selected sectors.
The benchmark also helps the Victorian Government Cyber Security Unit and VMIA understand cyber maturity across the Victorian public sector and make informed decisions about how to improve the State’s cyber security and recovery.
Accessing the Benchmark self-assessment
We’re releasing the Benchmark self-assessment to Victorian Government departments and agencies in phases from September 2020 to May 2021. This phased approach means we’ll be able to effectively support departments and agencies to complete the Benchmark.
Planned access dates for the Victorian Government Cyber Maturity Benchmark
Phase 1 (Pilot) September 2020
Department of Education, TAFEs, teaching and curriculum agencies
Phase 2 – November 2020
Department of Transport, transport and vehicles, police and emergency services
Phase 3 – February 2021
Department of Justice and Community Safety, Department of Premier and Cabinet, justice and regulation agencies
Phase 4 – March 2021
Department of Environment, Land, Water and Planning and water and environment agencies
Phase 5 – May 2021
Department of Jobs, Precincts and Regions, Department of Treasury and Finance and arts, culture and tourism, finance, insurance and IT, property and planning and economic development, agriculture and food, sports and events agencies and cemetery trusts
Log in to the Benchmark self-assessment
You’ll be transferred to our self-assessment hub which hosts:
- Victorian Government Cyber Maturity Benchmark
- RMA Online (Risk Maturity Self-assessment)
If you can’t see the Cyber Maturity Benchmark when you log in, it means you don’t have access yet.
Interested in accessing the Benchmark self-assessment early? Contact us at firstname.lastname@example.org or phone 03 9270 6900.
We recommend completing the self-assessment within three months of getting access to the Benchmark tool.
- Cyber Maturity Benchmark Information Sheet [PDF, 217KB]
- Cyber Maturity Benchmark User Instructions [PDF, 575KB]
- Improving Cyber Maturity with the Essential Eight [PDF, 535KB]
- Cyber Resilience Foundations webinar - demystify cyber in an enterprise risk context and build your ability to assess and manage this risk
- Cyber Maturity Benchmark FAQ [PDF, 287KB]
- Australian Cyber Security Centre information
- Cyber Maturity Benchmark Information Security [PDF, 286KB]
More information or assistance to use the Benchmark
Contact us at email@example.com or phone 03 9270 6900.
How will the Benchmark data be used?
The Cyber Maturity Benchmark data will help you review and plan improvements to your cyber security controls.
The Department of Premier and Cabinet’s Victorian Government Cyber Security Unit will use Benchmark data to:
- understand and report on cyber security maturity across the Victorian public sector
- make informed decisions about where to invest in improving cyber security across the Victorian Government
- develop targeted capability and peer sharing programs to assist agencies to improve cyber security in priority areas.
VMIA will use the data from the Benchmark to:
- help clients to make informed decisions about cyber risk management
- report (de-identified) benchmarking results to participating entities
- develop programs, products and services to meet the needs of clients
- develop insights to inform risk-based policy and continuous improvement in the Victorian Government
- monitor the effectiveness of the Victorian Government Cyber Maturity Benchmark service and other VMIA products and services
- obtain cyber insurance for its clients in the reinsurance market at a competitive price
- fulfil VMIA’s obligations under section 23 of the Victorian Managed Insurance Authority Act 1996.
Data generated through the Benchmark self-assessment will be securely stored. VMIA is bound by Victorian legislation and information management frameworks.
- VMIA and the Victorian Government Cyber Security Unit will not share your identifiable data with third parties without your permission.
- VMIA will not use the Benchmark data to calculate individual insurance premiums.