Redback-Operations · Zeyardh · Sep 24, 2025 · Sep 24, 2025 · Sep 24, 2025 · Sep 24, 2025
@@ -201,3 +201,4 @@ _For detailed views on recovery of assets and operations after minimal operation
 
 **For viewing the tables in the Appendix, please download the PDF file of the Business Continuity Plan that will be found in the PDF Downloads Page in Policies.**
 
+
@@ -381,4 +381,4 @@ To view the original tables, styles and structure, as well as the Risk Matrix. P
       type="application/pdf"
       width="100%"
       height="800px"
-/>
+/>
@@ -64,3 +64,4 @@ Policy enforcement ensures that all DLP and Data Classification policies are fol
 
 ## Conclusion
 By adhering to the DLP and Data Classification policies outlined in this document, the safety and integrity of Redback Operations’ data can be ensured. Regular audits should be conducted to review the effectiveness of these policies and adapt them to emerging technologies and potential risks.
+
@@ -113,4 +113,4 @@ This policy will be reviewed:
 - Annually.
 - After any major cybersecurity incident.
 - Upon changes to legislation or best practices.
-The IT Security Team and Compliance Officers are responsible for reviewing and updating the policy content.
+The IT Security Team and Compliance Officers are responsible for reviewing and updating the policy content.
@@ -196,3 +196,4 @@ Controls map to NIST CSF functions—Identify (asset inventory, roles), Protect
 - [Azure Security Documentation](https://learn.microsoft.com/en-us/azure/security/)
 - [Google Cloud Security Best Practices](https://cloud.google.com/security/best-practices)
 - [OWASP Top Ten](https://owasp.org/www-project-top-ten/)
+
@@ -454,3 +454,4 @@ The encryption policy will be reviewed at least bi-annually to assess its effect
 - Update training and awareness programs to reflect changes in the policy and emerging threats.
 
 The commitment to continuous improvement through training, awareness, and regular policy reviews is essential for maintaining the security and integrity of sensitive information within Redback Operations.
+
@@ -47,3 +47,4 @@ Below are the 7 metrics listed in the ISMS in more detail
 -	How is access to sensitive data and systems controlled and monitored, and how is privilege escalation prevented?
 -	Are all accounts secured with Muli-Factor Authentication (MFA)?
 -	Do we have a password policy addressing common malpractices, such as password recycling and weak passwords?
+
@@ -111,3 +111,4 @@ Moreover, regular audits can take place to assess how effective the policies reg
 ## Conclusion
 To conclude, if all DLP and Data Classification policies that are listed in this document are always adhered to, the safety and integrity of data collected and stored by Redback Operations is guaranteed.
 Though regular audits should take place to actively review all policies being followed, to counteract emerging technologies and potential risks that may threaten our data.
+
@@ -572,3 +572,4 @@ Strict access protocols for visitors are enforced, including escorted access, vi
 **Physical Device Security**
 Cable locks, secure enclosures, and other physical restraints are used to prevent unauthorized removal of devices.
 
+
@@ -156,3 +156,4 @@ Failure to comply with this policy may result in:
 ## Review and Maintenance
 
 This policy will be reviewed every 6 months or upon significant changes to Redback’s operational model or security posture. Updates will be developed under version control and published on the Redback Documentation site.
+
@@ -223,3 +223,4 @@ This gap analysis report underscores the urgent need for a comprehensive review
 
 
 
+
@@ -262,3 +262,4 @@ This section contains links to supplementary policies affiliated with Redback Op
 [User Awareness Training](https://redback-operations.github.io/redback-documentation/docs/company-policy/ISMS/User-Awareness-Training)
 
 [Review of ISMS](https://redback-operations.github.io/redback-documentation/docs/company-policy/Policy%20Reviews/isms-review)
+
@@ -540,3 +540,4 @@ Detailed records of all review meetings, discussions, decisions made, and the re
  - Audit records must be maintained for a minimum of 24 months.
 
 [def]: #
+
@@ -93,3 +93,4 @@ These recommendations should be prioritized in the ISMS implementation plan (see
 - [7] Khan, A. (2024). NIST CSF PR.AC-7: Users, Devices, and Other Assets are Authenticated. Available at: https://grc-docs.com/blogs/nist-csf-framework-categories/nist-csf-pr-ac-7-users-devices-and-other-assets-are-authenticated
 - [8] Convesio. (2024). The Impact of GDPR on Biometric Data. Available at: https://convesio.com/knowledgebase/article/the-impact-of-gdpr-on-biometric-data-what-you-need-to-know/
 - Redback Operations ISMS Guide, Cryptography Policy, Data Classification & DLP Policy, Endpoint Security Policy
+
@@ -934,3 +934,4 @@ Once changes are approved, the updated policy is communicated to all stakeholder
 https://www.cyber.gov.au/resources-business-and-government/essential-cyber-security/ism/cyber-security-guidelines/guidelines-system-hardening
 
 (Australian Signals Directorate, Guidelines for System Hardening, May 12 2024)
+
@@ -280,4 +280,4 @@ Mislabelled as Section 11.1.  Needs to be renamed to 10.2 to be in line with ISO
 
 ## Summary
 
-The current policy is on the right track to being ISO/IEC 27001 certified. However, there are some sections that either don’t exist or require more detail to be compliant. The overall requirement structure was mostly adhered to, but all the later sections have the wrong numbering structure and as such made it difficult to keep track of each requirement. As mentioned throughout this review, Section 12 is supposed to have links to other policies that are referenced in the policy but there are no links present currently. This needs to be addressed. There also needs to be policies created for some of the assets mentioned in the scope (those are listed in its respective section). 
+The current policy is on the right track to being ISO/IEC 27001 certified. However, there are some sections that either don’t exist or require more detail to be compliant. The overall requirement structure was mostly adhered to, but all the later sections have the wrong numbering structure and as such made it difficult to keep track of each requirement. As mentioned throughout this review, Section 12 is supposed to have links to other policies that are referenced in the policy but there are no links present currently. This needs to be addressed. There also needs to be policies created for some of the assets mentioned in the scope (those are listed in its respective section). 
@@ -137,3 +137,4 @@ This Application Control Policy is designed to ensure that Redback Operations ma
 For additional guidelines and best practices, refer to the following resources:
 ["Australian Signals Directorate, Guidelines for System Hardening, May 12, 2024"](https://www.cyber.gov.au/resources-business-and-government/essential-cyber-security/ism/cyber-security-guidelines/guidelines-system-hardening) 
 
+
@@ -127,3 +127,4 @@ This Clean Desk and Digital Workspace Policy provides a comprehensive framework
 For additional guidelines and best practices, refer to the following resources:
 ["Australian Signals Directorate, Guidelines for System Hardening, May 12, 2024"](https://www.cyber.gov.au/resources-business-and-government/essential-cyber-security/ism/cyber-security-guidelines/guidelines-system-hardening) 
 
+
@@ -291,3 +291,4 @@ The framework acts as a blueprint for consistency and efficiency in handling dat
 
 2. **Updating Models and Systems**  
    Regularly update predictive models and systems.
+
@@ -371,4 +371,4 @@ Appropriate encryption methods should be implemented through Transport Layer
 Security (TLS) or Secure Socket Layer (SSL certificates). Authorisation methods and
 access permissions should be implemented to ensure only authorised users or
 devices can access certain data. This can be done through access control lists (ACLs)
-or role-based access control (RBAC).
+or role-based access control (RBAC).
@@ -416,4 +416,4 @@ must undertake an assessment where there has been a data loss or unauthorised
 access to or disclosure of personal information.
 
 - The company must notify the OAIC where the incident is likely to result in harm to an
-individual.
+individual.
@@ -53,3 +53,4 @@ After you've read through these sections, have a think about what you'd like to
 
 
 
+
@@ -76,4 +76,4 @@ When you make any changes to this compose file, the process for restarting the c
 ## 3. Further Reading
 
 - [Docker](https://docs.docker.com/)
-- [Data Warehouse Docker Guide](https://redback-operations.github.io/redback-documentation/docs/data-warehousing/Instructional%20Documents/VM%20Guide/#the-vm-and-docker)
+- [Data Warehouse Docker Guide](https://redback-operations.github.io/redback-documentation/docs/data-warehousing/Instructional%20Documents/VM%20Guide/#the-vm-and-docker)
@@ -81,3 +81,4 @@ This is an example of how an alert would look like on the dashboard.
 
 
 
+
@@ -10,3 +10,4 @@ sidebar_position: 2
       width="100%"
       height="800px"
 />
+
@@ -9,4 +9,4 @@ sidebar_position: 1
       type="application/pdf"
       width="100%"
       height="800px"
-/>
+/>
@@ -9,4 +9,4 @@ sidebar_position: 3
       type="application/pdf"
       width="100%"
       height="800px"
-/>
+/>
Original file line number	Diff line number	Diff line change
Expand Up		@@ -201,3 +201,4 @@ _For detailed views on recovery of assets and operations after minimal operation

		For viewing the tables in the Appendix, please download the PDF file of the Business Continuity Plan that will be found in the PDF Downloads Page in Policies.
Original file line number	Diff line number	Diff line change
Expand Up		@@ -64,3 +64,4 @@ Policy enforcement ensures that all DLP and Data Classification policies are fol

		## Conclusion
		By adhering to the DLP and Data Classification policies outlined in this document, the safety and integrity of Redback Operations’ data can be ensured. Regular audits should be conducted to review the effectiveness of these policies and adapt them to emerging technologies and potential risks.
Original file line number	Diff line number	Diff line change
Expand Up		@@ -196,3 +196,4 @@ Controls map to NIST CSF functions—Identify (asset inventory, roles), Protect
		- [Azure Security Documentation](https://learn.microsoft.com/en-us/azure/security/)
		- [Google Cloud Security Best Practices](https://cloud.google.com/security/best-practices)
		- [OWASP Top Ten](https://owasp.org/www-project-top-ten/)
Original file line number	Diff line number	Diff line change
Expand Up		@@ -454,3 +454,4 @@ The encryption policy will be reviewed at least bi-annually to assess its effect
		- Update training and awareness programs to reflect changes in the policy and emerging threats.

		The commitment to continuous improvement through training, awareness, and regular policy reviews is essential for maintaining the security and integrity of sensitive information within Redback Operations.
Original file line number	Diff line number	Diff line change
Expand Up		@@ -47,3 +47,4 @@ Below are the 7 metrics listed in the ISMS in more detail
		- How is access to sensitive data and systems controlled and monitored, and how is privilege escalation prevented?
		- Are all accounts secured with Muli-Factor Authentication (MFA)?
		- Do we have a password policy addressing common malpractices, such as password recycling and weak passwords?
Original file line number	Diff line number	Diff line change
Expand Up		@@ -111,3 +111,4 @@ Moreover, regular audits can take place to assess how effective the policies reg
		## Conclusion
		To conclude, if all DLP and Data Classification policies that are listed in this document are always adhered to, the safety and integrity of data collected and stored by Redback Operations is guaranteed.
		Though regular audits should take place to actively review all policies being followed, to counteract emerging technologies and potential risks that may threaten our data.
Original file line number	Diff line number	Diff line change
Expand Up		@@ -572,3 +572,4 @@ Strict access protocols for visitors are enforced, including escorted access, vi
		Physical Device Security
		Cable locks, secure enclosures, and other physical restraints are used to prevent unauthorized removal of devices.
Original file line number	Diff line number	Diff line change
Expand Up		@@ -156,3 +156,4 @@ Failure to comply with this policy may result in:
		## Review and Maintenance

		This policy will be reviewed every 6 months or upon significant changes to Redback’s operational model or security posture. Updates will be developed under version control and published on the Redback Documentation site.
Original file line number	Diff line number	Diff line change
Expand Up		@@ -223,3 +223,4 @@ This gap analysis report underscores the urgent need for a comprehensive review
Original file line number	Diff line number	Diff line change
Expand Up		@@ -262,3 +262,4 @@ This section contains links to supplementary policies affiliated with Redback Op
		[User Awareness Training](https://redback-operations.github.io/redback-documentation/docs/company-policy/ISMS/User-Awareness-Training)

		[Review of ISMS](https://redback-operations.github.io/redback-documentation/docs/company-policy/Policy%20Reviews/isms-review)