Risk Management & Reporting

Security Audits 2020 Style

Traditionally, security audits have been imposed on organisations by third party assessors, either for regulatory or compliance purposes and may result in significant findings that indicate security vulnerabilities, issues or deficiencies that require attention. For many, audits are activities on their annual compliance roadmap, often causing frenetic activity before the assessment start date, then bated breath while the assessor scrutinises systems and controls. For external compliance, and based on where this approach originated, annual financial auditing is suitable; however, applying this approach to cybersecurity leaves businesses exposed to unnecessary information risk.

Read More

Cyber Hygiene equals Cyber Resilience

Cyber hygiene is a relatively new term to describe the basic security practices everyone should be doing to ensure their organisation remains safe from common security threats. Yet even these most basic security controls are often neglected or not implemented correctly, unduly leaving the business exposed to risks they could easily counter.

Read More

CMMC – Monitoring Privileged Users

This blog post “CMMC – Monitoring Privileged Users” is the ninth in a series on Cybersecurity Maturity Model Certification (CMMC) – a US Department of Defense (DoD) initiative that imposes requirements on contractors and subcontractors to help safeguard information within the US defense supply chain.

Read More

Cyber Maturity Assessments in 2020 and beyond

Cyber maturity assessments provide vital insights into an organisation’s ability to protect its information assets and defend itself against cyber threats.  However, they are time consuming, labour intensive and often difficult to execute – particularly when most staff are working from home and site visits are restricted. This blog post explores the elements of the process that present the biggest challenges and how security audit technology can help you overcome them.

Read More

CMMC – Cybersecurity Risk Management

This blog post “CMMC – Cybersecurity Risk Management’’ is the eighth in a series on Cybersecurity Maturity Model Certification (CMMC) – a US Department of Defense (DoD) initiative that imposes requirements on contractors and subcontractors to help safeguard information within the US defense supply chain.

Read More

Third party risks under travel lockdown

The need for assurance in supply chains and third parties is well-recognised in cyber security.  It is common to exchange data – often sensitive – with third parties, and to rely on them for aspects of service delivery or the undertaking of key business functions.

Read More

The Commonwealth Cyber Security Posture in 2019 Report

How is the Australian Government doing in its efforts to defend itself from cyber threats? Are key strategies and advisories being implemented and operating effectively? The newly released ‘Commonwealth Cyber Security Posture in 2019 Report to Parliament’ (CCSP2019) provides information and visibility into the efforts of the Australian Cyber Security Centre (ACSC) and Attorney-General’s Department (AGD) as to the readiness of Commonwealth entities to respond to the country’s cyber threat environment.

Read More

Cyber Security in Financial Services

Cyber criminals are making the most of the spread of the Coronavirus.  The financial services industry is being hit particularly hard, with attackers creating their own pandemic of phishing emails trying to steal money, personal information and intellectual property.   

Read More

Data Discovery: It worked for Data Privacy Officers

Security teams face a number of challenges.  The growing extent and complexity of the technology environment that businesses utilise, the limitations of human capabilities to choose good passwords or avoid clicking on links, the increasing sophistication of attacks and attackers and the burgeoning regulations under which they operate.

Read More
1 2 3 5