-
Is the Cyber Security Strategy asking the right questions?
What does it all mean? As the Minister for Home Affairs clearly calls out “ Voluntary measures and poorly executed plans will not get Australia where we need to be to thrive in the contested environment of 2030“ No arguments from me there Minster. This is the key item that we need to address –…
-
Identity – Does it really matter?
Identity is the corner stone of modern security. Will that ever change? Everything is based on the identity. From there you are allocated permissions to access data or perform tasks. Everything starts from who you are. But we don’t employ people for who they are – we employ them because of what they are. Most…
-
Essential 8 – Is it really that hard?
10 years on and the government still can’t get the basics of Cyber Security right. The Auditor General report on “key internal controls” – or more specifically the Essential 8 – showed that most departments are failing to do this properly. Back around 2013/4 the then DSD published a set of four compulsory requirements for…
-
Reporting risk to the board – What not to do
I have spoken with board members and it is clear that “C” levels are not reporting cyber risk to them in a meaningful way. Modern boards are tired of seeing traffic light reports. The reporting can no longer say – this risk is red but don’t worry – we have a risk mitigation plan. “I…