Cyber Security News & Current Events

Nigel

Recent Posts

The PSPF and ISM Undergo Major Revisions

Posted by Nigel on 2/04/19 7:30 AM

The information security framework for the Australian Government is driven by two main documents: the Protective Security Policy Framework (PSPF) owned by the Attorney-General’s Department, and the Information Security Manual (ISM) owned by the Australian Signals Directorate (ASD). Note that the PSPF is actually a set of documents, rather than a single volume like the ISM.

Read More

Topics: Compliance, IRAP / ISM

Management Buy-In - Part 1: Why You Need It

Posted by Nigel on 10/12/18 11:02 AM

Every information security framework and “best practice” guide to cyber security states that you need “management buy-in”, but why is it important and what does it look like?

Read More

Topics: Governance, Fundamentals

Christmas Turkeys and Cyber Security Aren't That Dissimilar

Posted by Nigel on 3/12/18 12:56 PM
What Brush Turkeys Have Taught Me About Information Security

It is that time of year again when a male brush turkey has made my backyard his home, tearing apart vegetation to make his nesting mound. While this is a source of frustration, on the positive side, it has given me new ways to think about information security.

Read More

Topics: Insider, Governance, Red Teaming, Risk Assessment

Documentation Provides Security Value

Posted by Nigel on 15/02/18 5:45 PM

A big part of my job is conducting security audits or assessments of clients. In one assessment, I asked a client for some documentation, in this case a system design document, as is usual practice. I was told “We don’t do documentation just for audits”. Further discussion revealed that the client’s culture was one where documentation was considered unnecessary for many activities, including activities directly related to security. Needless to say, I found many issues with their information security posture.

Read More

Topics: Governance

Finally, an actionable blog

The purpose of this blog is to make available the real-world lessons, experience, observations and mistakes that are part of the daily life of a group of cyber security professionals.

Read about:

  • What mistakes organisations are making (anonymously of course!)
  • What effective actions are available to quickly and economically achieve effective protection (without buying new kit)
  • Trends we're seeing, via our incident response and forensic investigation capabilities
  • And sometimes, just frustrations about what is wrong with cyber :|

Subscribe:

Recent Posts