Security Controls & Resilience

Cyber Essentials – secure your Internet connection

In the UK, the National Cyber Security Centre (NCSC) runs an information assurance scheme called Cyber Essentials.  Our blog post series looks at each of the framework’s five focus areas and offers practical hints and tips on security requirements and value to organisations wishing to follow its advice.

Read More

Cyber Essentials – a practical framework

In the UK, the National Cyber Security Centre (NCSC) runs an information assurance scheme called Cyber Essentials.  It  encourages organisations to adopt good practice in information security that will improve cyber resilience.  It is an integral part of government and defence supply chain requirements that involve handling information – so anyone who wants to work with the public sector will find it is a requirement of those contracts.  For other industries, Cyber Essentials provides tangible benefits if organisations choose to use it.

Read More

Improving Critical Infrastructure cyber security

The Australian Parliament hack, dubbed Australia’s “first national cyber crisis” by the Australian Signals Directorate, shows us all too clearly the risks associated with a targeted cyber breach.  When valuable information is accessed the damage can be irreversible.  This is particularly true for any country’s critical infrastructure sector.   The enduring question remains, realistically what can organisations do to fend off the advances from sophisticated, targeted attacks?

Read More

Scrub up – good security starts with cyber hygiene

Squeaky clean cyber hygiene has never been more important. Several Victorian hospitals in Australia were recently hit by a ransomware attack, causing many of their most important administrative systems to be shut down to prevent the malware from spreading. Included in those areas of the business affected by this attack were systems running their financial management, internet and email services, many of which have taken over a week to restore.

Read More

Building cyber resilience against Insider Threats

Insider threats are incredibly difficult to detect and protect against, yet they are amongst the most devastating attacks victims can suffer. Trusted insiders can be anyone with high-level access to systems or information, since this level of privilege is necessary for them to do their job; yet they misuse that privilege and undertake harmful actions against the organisation.

Read More

The difference between PIs and KPIs in cyber security

The difference between “performance indicators” (PIs) and “key performance indicators” (KPIs) seems obvious.  “Key” ones are more important, they are a subset of a larger (and longer) list.

In security, particularly in compliance-driven environments where the information security management system (ISMS) is aligned to a standard, there can be over a hundred controls that must be in place and (ideally) routinely audited, monitoring and reported on.

Read More
1 3 4 5 6 7 8