Intelligence and Security Operating Model Stage 2

The South Australian Government requires a sustainable, whole-of-government operating model to facilitate telemetry data capture, analysis, and visibility.

This initiative aligns with the strategic objective of the Stronger Cyber, Future Ready Program, aimed at enhancing cyber resilience and operational oversight across agencies. The goal is to establish a mature, integrated service that delivers consistent, secure, and actionable telemetry monitoring across all government entities.

SCOPE OF WORK

1. Future State Operating Model

Objective:

To identify existing and future state processes to design and implement an operating model for whole of government logging requirements, including responsibilities for those interacting with or managing the logging service.

Key Deliverables:

• Defined Objectives:

Collaborate with the Office of the Chief Information Officer (OCIO) to deliver a sustainable, whole-of-government visibility capability. Objectives include:

• Developing a sustainable operating model, including a cost model and oversight of data capture and analysis systems.

• Mapping existing and future-state processes to support visibility and monitoring.

• Defining common security use cases applicable across agencies.

• Supporting the embedding of the operating model across government entities.

• Stakeholder Engagement:

Facilitate structured engagement with:

• Relevant government departments and agencies.

• Cyber security and IT operations teams.

• Use workshops, interviews, and collaborative sessions to gather insights and validate approaches.

• Technical and Operational Design:

Deliver detailed design and documentation for:

• Data flows, monitoring mechanisms, control frameworks, and alerting systems.

• Roles and responsibilities across government for visibility and response.

• Standardised documentation to establish baselines of best practice, including:

• Common log source documentation.

• Ingestion process documentation.

• Operational playbooks and procedures.

• Consideration and integration with previous and ongoing relevant activities:

Utilise existing resources to support development of the model, including:

• Work completed previously to identify the current state of logging activity across the majority of SA Government, including centrally in the OCIO.

• Work underway to implement a telemetry data capture and analysis system that will uplift log sharing between SA Government agencies.

• Work completed previously to develop a Cyber Operating Model that defines services, processes, and activities to manage cyber risks across government.

• Implementation Support:

Produce hands-on assistance to:

• Embed the operating model into agency workflows.

• Align technical and governance components with the South Australian Cyber Security Framework (SACSF).

• Ensure sustainability and scalability of the solution.