Category: Cybersecurity

  • AI, Privacy and Security (Part 1)

    Is the genie out of the bottle? AI has to be the topic of the year. Everyone is talking about it. Smarter people than me have written about it in great detail. I want to reflect on several ideas pertaining to AI. The first one is really a note about the need for caution. There…

  • Is the Cyber Security Strategy asking the right questions?

    What does it all mean? As the Minister for Home Affairs clearly calls out “ Voluntary measures and poorly executed plans will not get Australia where we need to be to thrive in the contested environment of 2030“ No arguments from me there Minster. This is the key item that we need to address –…

  • Identity – Does it really matter?

    Identity is the corner stone of modern security. Will that ever change? Everything is based on the identity. From there you are allocated permissions to access data or perform tasks. Everything starts from who you are. But we don’t employ people for who they are – we employ them because of what they are. Most…

  • Resilience – How to build it

    What is it? In recent years there has been a great focus in the security industry on increasing resilience. But what does that actually mean, why is it important, and how do you actually do it? Resilience (noun) The capacity to recover quickly from difficulties; toughness The ability of a substance or object to spring back…

  • Essential 8 – Is it really that hard?

    10 years on and the government still can’t get the basics of Cyber Security right. The Auditor General report on “key internal controls” – or more specifically the Essential 8 – showed that most departments are failing to do this properly. Back around 2013/4 the then DSD published a set of four compulsory requirements for…

  • Reporting risk to the board – What not to do

    I have spoken with board members and it is clear that “C” levels are not reporting cyber risk to them in a meaningful way. Modern boards are tired of seeing traffic light reports. The reporting can no longer say – this risk is red but don’t worry – we have a risk mitigation plan. “I…