Security Controls & Resilience

Australia Under Cyber Attack

On Friday 19th June, the Australian Prime Minister gave a press conference outlining an intense and persistent cyber attack against Australian organisations, allegedly originating from an overseas adversary. The Prime Minister confidently stated that a hostile nation-state was behind the campaign, refrained from naming the culprit. Other news outlets, however, suggested unnamed senior government officials  claimed the origin was China, but this remains unconfirmed by official sources.

Read More

CMMC – Restrict Admin Privileges

This blog post “CMMC – Restrict Admin Privileges” is the tenth in a series on Cybersecurity Maturity Model Certification (CMMC) – a US Department of Defense (DoD) initiative that imposes requirements on contractors and subcontractors to help safeguard information within the US defense supply chain.

Read More

Moving security from “Keeping the lights on” to “Getting back to normal”

In the first quarter of 2020 IT and security teams around the world faced an unprecedented challenge.  The coronavirus pandemic grew in a matter of weeks to a phenomenon that would disrupt businesses, lives and the economy like nothing else we have faced before.

The introduction of lockdowns, travel restrictions and stay-at-home orders forced many businesses to adjust almost overnight to a different way of working that avoided staff being in offices or on sites.  Some staff had to balance work obligations with a need to home-school children, some had to shelter for their own safety, some were furloughed or laid off – leaving businesses without access to their abilities.

Read More

ANAO cyber review of Federal Government agencies

The 2019-20 ‘Interim Report on Key Financial Controls of Major Entities’ has been released.  The Australian National Audit Office’s (ANAO) review focused on the financial and HR systems of eighteen Australian Government agencies.

The report revealed that only one of the eighteen agencies that were reviewed was rated as achieving and managing their cyber resilience to Essential Eight Maturity Level Three requirements.  It also found that four agencies had incorrectly self-assessed, due to a poor understanding of their requirements.

Read More

Cyber Hygiene equals Cyber Resilience

Cyber hygiene is a relatively new term to describe the basic security practices everyone should be doing to ensure their organisation remains safe from common security threats. Yet even these most basic security controls are often neglected or not implemented correctly, unduly leaving the business exposed to risks they could easily counter.

Read More

CMMC – Monitoring Privileged Users

This blog post “CMMC – Monitoring Privileged Users” is the ninth in a series on Cybersecurity Maturity Model Certification (CMMC) – a US Department of Defense (DoD) initiative that imposes requirements on contractors and subcontractors to help safeguard information within the US defense supply chain.

Read More

System and Information Integrity and the CMMC

This blog post “CMMC – System and Information Integrity’’ is the seventh in a series on Cybersecurity Maturity Model Certification (CMMC) – a US Department of Defense (DoD) initiative that imposes requirements on contractors and subcontractors to help safeguard information within the US defense supply chain.

Read More

Third party risks under travel lockdown

The need for assurance in supply chains and third parties is well-recognised in cyber security.  It is common to exchange data – often sensitive – with third parties, and to rely on them for aspects of service delivery or the undertaking of key business functions.

Read More

CMMC – Developing a Level 4 Maturity SOC

This blog post “CMMC – Achieving a Level 4 SOC’’ is the sixth in a series on Cybersecurity Maturity Model Certification (CMMC) – a US Department of Defense (DoD) initiative that imposes requirements on contractors and subcontractors to help safeguard information within the US defense supply chain.

Read More
1 2 3 4 5 8