Security Controls & Resilience

Improving Critical Infrastructure cyber security

The Australian Parliament hack, dubbed Australia’s “first national cyber crisis” by the Australian Signals Directorate, shows us all too clearly the risks associated with a targeted cyber breach.  When valuable information is accessed the damage can be irreversible.  This is particularly true for any country’s critical infrastructure sector.   The enduring question remains, realistically what can organisations do to fend off the advances from sophisticated, targeted attacks?

Read More

Scrub up – good security starts with cyber hygiene

Squeaky clean cyber hygiene has never been more important. Several Victorian hospitals in Australia were recently hit by a ransomware attack, causing many of their most important administrative systems to be shut down to prevent the malware from spreading. Included in those areas of the business affected by this attack were systems running their financial management, internet and email services, many of which have taken over a week to restore.

Read More

Building cyber resilience against Insider Threats

Insider threats are incredibly difficult to detect and protect against, yet they are amongst the most devastating attacks victims can suffer. Trusted insiders can be anyone with high-level access to systems or information, since this level of privilege is necessary for them to do their job; yet they misuse that privilege and undertake harmful actions against the organisation.

Read More

The difference between PIs and KPIs in cyber security

The difference between “performance indicators” (PIs) and “key performance indicators” (KPIs) seems obvious.  “Key” ones are more important, they are a subset of a larger (and longer) list.

In security, particularly in compliance-driven environments where the information security management system (ISMS) is aligned to a standard, there can be over a hundred controls that must be in place and (ideally) routinely audited, monitoring and reported on.

Read More

Comparing Ways to Measure Security Control Effectiveness

There is a growing range of ways to provide security control metrics and assessments for businesses.  The intended audience of these solutions tends to be non-security people, for example senior board members (for enterprise security and the associated risks) and procurement or risk/compliance managers (for third party security risk exposures) who need an understanding of cyber risk and security control effectiveness to monitor performance, improvements or exceptions.

Read More

Are your Cyber Security Controls effective?

Various factors are converging to influence the need for better management of cyber security risk. Whether it’s to understand the effectiveness of security controls, isolate any weaknesses or to simply acknowledge cyber security as a corporate governance issue; the requirement for greater visibility of an organisation’s cyber security posture is a given.

Read More

4 Cyber security operations lessons from MSSPs

There has been a massive up-swing in the formation, growth and adoption of managed security service providers (MSSP) in recent years.  This has been driven by a number of trends such as the ever-growing cyber threat, the increase in the complexity and openness of technology systems, the shortage of cyber security skills (and the resulting difficulty in attracting and retaining good people) and the heightened regulatory and consumer pressures to protect systems and data.

Read More

Why are cyber security controls failing?

Security teams are always busy deploying and implementing security controls to try and prevent or detect cyber-attacks.  Those controls, as well as the security configurations with the operating systems and networks they are responsible for protecting, introduce an ongoing management and operational load.

Read More
1 2 3