Compliance & Legislation

Security Monitoring and the ASD ISM

Comparing legislative and compliance security frameworks, you will see a definite synergy in what they suggest is important to security monitoring. Interestingly, their focus isn’t on collecting every piece of information and security-related event, then trying to figure out what to do with it. What you need to do is understand the value of specific log sources in your ability to detect threats, then tune them to make sure you get the optimum flow of information from them.

Read More

APRA CPS 234 Compliance – A Modern Approach

On the 1st July 2019, the Australian Prudential Regulatory Authority (APRA) Prudential Standard CPS 234 came into effect. APRA CPS 234 mandates organisations under APRA’s jurisdiction implement an information security management programme to deploy multiple layers of cybersecurity controls such that if one control fails, others limit the impact of a breach – or as we know it in the security industry, defence in depth.

Read More

GDPR One Year Review – The 5 Key Cyber Security Articles

Believe it or not, a year has passed since the EU’s General Data Protection Regulation (GDPR) became law. Over that year, the impact of the legislation has spurred countries around the world to review their own privacy laws to enforce an equitable tightening up of their own data protection approach; but how effective has this year been in terms of making our personal data less at risk of being stolen and sold on the black market?

Read More

OAIC Q3 Data Breach Report – What you Need to Know

The Office of the Australian Information Commissioner (OAIC) – Australia’s statutory agency for privacy and freedom of information – has released its third quarterly report on Australia’s Notifiable Data Breach scheme. It shows 245 reported data breaches between July and September, a number which correlate closely with the previous quarter.

Read More

Privacy Legislation impact on Cyber Security Operations

Should the changes to privacy laws make us rethink log retention? Does your Security Operations Centre (SOC) collect and store logs? The answer is, almost certainly ‘yes’. Even the most basic security operations activities include analysing security events, such as those produced by end user computers, web filters, email systems, databases and network appliances.

Read More
1 2 3