The Australian Signals Directorate (ASD) has developed prioritised mitigation strategies to help organisations mitigate cyber security incidents caused by various cyber threats. These can be used by any organisation and can be accessed here – Strategies to Mitigate Cyber Security Incidents. This is supported by the Strategies to Mitigate Cyber Security […]
Cyber & Info Security
US NIST Cybersecurity Resources
In February 2024, the U.S. Government’s, National Institute of Standards and Technology released the NIST Cybersecurity Framework 2.0 providing guidance to industry, government agencies, and other organisations to manage cybersecurity risks. It offers a taxonomy of high-level cybersecurity outcomes that can be used by any organisation — regardless of its […]
How to calculate the estimated cost of a data breach
The NSW Information and Privacy Commission has a useful resource for any organisation estimating the cost of a data breach. This fact sheet will assist NSW public sector agencies in estimating the cost of a data breach under the Mandatory Notification of Data Breach Scheme as required in the notification […]
Cybersecurity Obligations for Corporate Leaders
On 19 December 2023, the Australian Government released the 2023-2030 Australian Cyber Security Strategy: Cyber Security Legislative Reforms Consultation Paper and an overview of existing cyber obligations for business leaders. The consultation paper is the next step in implementing the 2023–2030 Australian Cyber Security Strategy to boost the nation’s cyber security. The Overview of Cyber […]
Update to the Essential Eight Maturity Model
The Australian Signals Directorate (ASD) and Australian Cybersecurity Centre have recently updated the Essential Eight Maturity Model (E8MM) to assist organisations in protecting their internet-connected information technology networks against common cyber threats. Key focus areas for this update include: balancing patching timeframes increasing adoption of phishing-resistant multifactor authentication supporting management […]
US and Australian government issue joint Cyberseucrity Advisory on preventing Web Application Access Control Abuse
The Australian Signals Directorate’s Australian Cyber Security Centre (ACSC), U.S. Cybersecurity and Infrastructure Security Agency (CISA), and U.S. National Security Agency (NSA) have recently released a joint Cybersecurity Advisory to warn vendors, designers, and developers of web applications and organizations using web applications about insecure direct object reference (IDOR) vulnerabilities. IDOR […]
Third-Party Risk and Cybersecurity: Navigating Evolving Threats and Data Governance
High-profile data breaches in the last few years have not only resulted in increased regulatory attention but have also served to highlight the evolving set of cyber threats faced by organisations. Of particular note, there have been numerous incidents where cybercriminals have managed to obtain organisational data not through a […]
Questions for boards to ask about cybersecurity
The Australian Cyber Security Centre (ACSC) has released a guide for boards and executives that discusses high-level topics to know about cyber security within organisations. Boards need to proactively build an understanding of their organisation’s specific cyber threat and risk environment. The Guide sets out how the board can understand as […]
Optus Data Breach – the risks of data over – retention
The Optus Data Breach incident has shed some much-needed light on the need for robust, top-down board governance over organisational data and information. It is evident that this attack has demonstrated the need for organisations to sufficiently invest in cyber-attack prevention, detection and response. While the Optus data breach is […]
Cyber Risk Management and the Value of Cyber Insurance
The technology revolution has created unprecedented developments in the way that business is transacted, how information is obtained, how we communicate with each other and how data is sourced and stored. The reality of these developments has also lead to unparalleled increases in the ability of criminals to act in […]
Information Security Risk Management Practitioner Guide – OVIC
The Office of the Victorian Information Commissioner (OVIC) issues security guides to support the Victorian Protective Data Security Standards (VPDSS). This document provides organisations with guidance on security risk management fundamentals to enable them to undertake a Security Risk Profile Assessment (SRPA) as required under s89 of the Privacy and […]
Broken Trust – The Information Security Dangers of Insider Threats
The increasing awareness of external cyber-security threats has executives focused on how their organisation can be defended against the “enemy at the gates”. But are organisations just as much at risk from an “enemy within”? In this article Dr Peter Chapman, Director in the Ferrier Hodgson Forensic Technology and […]
Information Security & Information Governance – how they work together
Information (data) security, cybersecurity and IT security all usually refer to the protection of computer systems and information assets by suitable controls, such as policies, processes, procedures, organizational structures and software and hardware functions. The type and extent of controls depends on the scope and maturity of the business function […]
Cyber Insurance: how it works and the benefits of Information Governance
As the number and size of cyber attacks on businesses continues to increase, the risk of experiencing a data breach is higher than ever. The resulting cost of these breaches can be significant – according to the Ponemon Institute’s 2017 Cost of Data Breach Study, these totalled $2.51 million […]