The result of three recent cyber resilience audits conducted by the Australian National Audit Office (ANAO) was released on 4 July. The report showed some encouraging results, but also highlighted some concerns. The need for real-time visibility of cyber security posture is becoming increasingly evident.Read More
There is a growing range of ways to provide security control metrics and assessments for businesses. The intended audience of these solutions tends to be non-security people, for example senior board members (for enterprise security and the associated risks) and procurement or risk/compliance managers (for third party security risk exposures) who need an understanding of cyber risk and security control effectiveness to monitor performance, improvements or exceptions.Read More
Various factors are converging to influence the need for better management of cyber security risk. Whether it’s to understand the effectiveness of security controls, isolate any weaknesses or to simply acknowledge cyber security as a corporate governance issue; the requirement for greater visibility of an organisation’s cyber security posture is a given.Read More
There has been a massive up-swing in the formation, growth and adoption of managed security service providers (MSSP) in recent years. This has been driven by a number of trends such as the ever-growing cyber threat, the increase in the complexity and openness of technology systems, the shortage of cyber security skills (and the resulting difficulty in attracting and retaining good people) and the heightened regulatory and consumer pressures to protect systems and data.Read More
Security teams are always busy deploying and implementing security controls to try and prevent or detect cyber-attacks. Those controls, as well as the security configurations with the operating systems and networks they are responsible for protecting, introduce an ongoing management and operational load.Read More
Few organisations have the resilience to suffer a cyberattack as large as the one the Australian National University (ANU) notified last week. Data breaches of this magnitude certainly take their toll, and in this case the ANU will be feeling the pain for some time to come. But what happened and how can organisations better prepare themselves for this kind of attack?Read More
The updated Australian Government Information Security Manual (ISM) was released by the Australian Cyber Security Centre (ACSC) at the end of 2018. The manual represents the ACSC and ASD’s knowledge of best practice cyber security measures based on their experience in responding to cyber security incidents within Australia.Read More
There are plenty of stories about cyber crime affecting companies and individuals in the security industry and mainstream media – companies having data stolen, personal data being used for fraud, phishing scams, identity theft/fraud and ransomware being used to extort money.
The question is how can you and your business learn from these past cases and reduce your own exposure to the same sorts of attacks?Read More
The Australian Cyber Security Centre (ACSC) maintains a guideline called ‘The Essential Eight: Strategies to Mitigate Cyber Security Incidents’. Government departments’ cyber resilience is measured against these controls. Research shows that successful implementation of the Essential Eight fends off 85% of targeted cyber-attacks, so it’s a very sound security strategy to follow.
Let’s explore the ACSC’s Cyber Maturity Model for Essential Eight compliance to understand how it works, what to look out for and why you should apply it within your organisation.Read More
Critical infrastructure (CI) systems are prime targets for cyber-attack from overseas adversaries as the mass disruption from a successful attack could seriously cripple a country’s economy and national security. How prepared is your critical infrastructure to defend against international hackers and what can you do to build effective security controls?Read More