Risk Management & Reporting

Security Audits 2020 Style

Traditionally, security audits have been imposed on organisations by third party assessors, either for regulatory or compliance purposes and may result in significant findings that indicate security vulnerabilities, issues or deficiencies that require attention. For many, audits are activities on their annual compliance roadmap, often causing frenetic activity before the assessment start date, then bated breath while the assessor scrutinises systems and controls. For external compliance, and based on where this approach originated, annual financial auditing is suitable; however, applying this approach to cybersecurity leaves businesses exposed to unnecessary information risk.

Read More

Cyber Hygiene equals Cyber Resilience

Cyber hygiene is a relatively new term to describe the basic security practices everyone should be doing to ensure their organisation remains safe from common security threats. Yet even these most basic security controls are often neglected or not implemented correctly, unduly leaving the business exposed to risks they could easily counter.

Read More

CMMC – Monitoring Privileged Users

This blog post “CMMC – Monitoring Privileged Users” is the ninth in a series on Cybersecurity Maturity Model Certification (CMMC) – a US Department of Defense (DoD) initiative that imposes requirements on contractors and subcontractors to help safeguard information within the US defense supply chain.

Read More

Cyber Maturity Assessments in 2020 and beyond

Cyber maturity assessments provide vital insights into an organisation’s ability to protect its information assets and defend itself against cyber threats.  However, they are time consuming, labour intensive and often difficult to execute – particularly when most staff are working from home and site visits are restricted. This blog post explores the elements of the process that present the biggest challenges and how security audit technology can help you overcome them.

Read More

CMMC – Cybersecurity Risk Management

This blog post “CMMC – Cybersecurity Risk Management’’ is the eighth in a series on Cybersecurity Maturity Model Certification (CMMC) – a US Department of Defense (DoD) initiative that imposes requirements on contractors and subcontractors to help safeguard information within the US defense supply chain.

Read More

Third party risks under travel lockdown

The need for assurance in supply chains and third parties is well-recognised in cyber security.  It is common to exchange data – often sensitive – with third parties, and to rely on them for aspects of service delivery or the undertaking of key business functions.

Read More

The Commonwealth Cyber Security Posture in 2019 Report

How is the Australian Government doing in its efforts to defend itself from cyber threats? Are key strategies and advisories being implemented and operating effectively? The newly released ‘Commonwealth Cyber Security Posture in 2019 Report to Parliament’ (CCSP2019) provides information and visibility into the efforts of the Australian Cyber Security Centre (ACSC) and Attorney-General’s Department (AGD) as to the readiness of Commonwealth entities to respond to the country’s cyber threat environment.

Read More
1 2 3 5