Search
 
Results
Total: 251 results found.
Order by
  
Display
Conclusion: This research note sets out and describes the Security Leadership capability maturity model. In using this model, organisations must be honest about their current level before they can even speculate on the benefits of working towards a higher maturity level. Working towards higher levels of maturity has clear benefits for both IT and the ...
Section: Content | Category: Security Leadership | Date: Tuesday, 04 October 2016 | Hits: 827
Section: Content
A security leader understands today’s cyber risks, how these apply to their organisation and market, and has management’s confidence to address these risks responsibly. A security leader guides the organisation through the realities of the new business environment, aligning the organisation’s practices and technologies to its risk appetite, and ensures ...
Section: Content | Category: Security Leadership | Date: Wednesday, 21 September 2016 | Hits: 594
Gain valuable insights into how security leaders are positioning cyber-security and risk within their organisations Be able to self-assess how your organisation measures up on the IBRS capability maturity model for security leadership Learn how to position cyber-security so that it is aligned to business priorities "This Master Advisory Presentation ...
Section: Content | Category: Security Leadership | Date: Wednesday, 21 September 2016 | Hits: 3465
Conclusion: In the IBRS Security Leadership capability maturity model, buying more product is level 2: Alienated, and is typified by IT teams that are struggling to take on the challenge of cyber security because they address it as a technical problem. Buying product without a clear understanding of the business risk it is aiming to address is a guarantee ...
Section: Content | Category: Vendors | Date: Saturday, 03 December 2016 | Hits: 265
... strategy that delivers business value” “APRA and the Cloud: Organisations must be able to show their working” “Considerations for cyber security audits” “IBRS Security Leadership MAP” “Preparation for ransomware requires a conversation on business ethics” Make contact with CIOs at other organisations that your board members also guide. This collaboration ...
Section: Content | Category: Security Leadership | Date: Monday, 03 July 2017 | Hits: 404
... are patched and other basic security operations are undertaken, then the security function is neutered and the organisation is at risk. Outreach: A frequently overlooked requirement for security leadership within organisations is an outreach function. At the larger end of the corporate scale, CBA, Telstra and Australia Post are just three of the local ...
Section: Content | Category: Sourcing & Staffing | Date: Tuesday, 30 June 2015 | Hits: 540
... audited for cyber security has a number of nuances that are worth drawing out. Business risk: Cyber security is not merely an IT issue. Business involvement and alignment are also important to not only cyber security, but also to preparation for an audit. (See: Security Leadership MAP). Risk assessment: Organisations are expected to have an informed ...
Section: Content | Category: Security Leadership | Date: Friday, 03 February 2017 | Hits: 1116
... over the breach and a federal probe from two agencies. Its stock has lost more than a third of its value since the breach was disclosed.” (Source: USA Today, 15th September 2017.) As set out in the IBRS Security Leadership MAP, for a CEO, security leadership involves being a role model that sets the risk tolerance culture of the organisation, communicates ...
Section: Content | Category: Security Leadership | Date: Monday, 02 October 2017 | Hits: 169
... so highly now. Meanwhile, other, newer, players are sweeping up recognised industry figures, and CISOs are changing organisations. Growing risk awareness: At the same time that there is security leadership and skills churn in the local market, there is another market force emerging. A page from Cryptome notes a surprising number of publically listed ...
Section: Content | Category: Security Leadership | Date: Friday, 31 October 2014 | Hits: 502
Conclusion: Much like the fable of the Boy Who Cried Wolf, the security industry has a limited number of opportunities to channel enterprise and national attention to cyber incidents. The WannaCry ransomware worm runs the risk of using up that credit for the security industry as so little impact was felt in Australia. The lack of local impact was more ...
Section: Content | Category: Security Leadership | Date: Sunday, 04 June 2017 | Hits: 369
... experience at RSAC reflected my experiences at many other international cyber-security gatherings over the years. I have come to the conclusion that Australia has pockets of cyber-security leadership that are world-class, and in some instances, world-leading. But these pockets of capability – almost all at the top end of town – are insufficient for ...
Section: Content | Category: In The News | Date: Thursday, 05 May 2016 | Hits: 1188
Security Leadership capability maturity model Running IT-as-a-Service Part 23: Digital world contact centres “ain’t” that digital Can ICT Vendors be Trusted Advisors? Innovation Investment: What the competition is doing Why cyber security concerns, like taxes, will not go away Keeping Digital initiatives on target Sourcing Monthly August 2016 ...
Section: Content | Category: Digital Digest | Date: Monday, 03 October 2016 | Hits: 243
... a business perspective (i. e. security leadership2), must be evaluated. Identifying and developing remediation strategies for these risks can benefit from external advisors, but ultimately must be owned by an internal coordinator. Thus, the skill sets assessing the risks of Cloud services must be internal, but may be developed with external help over ...
Section: Content | Category: Governance & Planning | Date: Thursday, 02 June 2016 | Hits: 289
Security is one of the fastest growing markets in technology and a huge boon for the channel, but many organisations struggle with cyber maturity due to misinformation and poor guidance from partners. In the latest IBRS Master Advisory Presentation - Security Leadership: A Fresh Perspective of cyber risk management in a hyper-connected world - the ...
Section: Content | Category: In The News | Date: Friday, 07 October 2016 | Hits: 783
16. Advisors
... and panel participant. He is the author of the IBRS Security Leadership MAP. James is frequently quoted in the media on industry issues, and is the longest serving cyber security industry analyst in the Asia Pacific region. He contributes a regular opinion piece for the Australian Financial Review covering issues in the local cyber security industry. ...
Section: Content | Category: Website Information | Date: Friday, 17 October 2014 | Hits: 8850
Four technology forces will shape the business strategy in 2016, writes IBRS' Dr Joe Sweeney In the view of IBRS, four technology forces will shape business strategy in 2016: Mobility, the Post PC Era, and Future Workplace Innovation As-a-Service Security Leadership Data Driven Business ...
Section: Content | Category: In The News | Date: Thursday, 18 February 2016 | Hits: 1167
... a self-service end user computing environment.14 Security leadership: Cyber-Security is a growing concern, largely due to greater awareness of the problem stemming from mandatory reporting regimes overseas, but also from greater exposure to security threats. However, the purpose and value15 of cyber-security are not well understood. Through 2016, ...
Section: Content | Category: Governance & Planning | Date: Monday, 01 February 2016 | Hits: 249
... externally) work environment. In addition, consider a “security leadership” program to move the organisation from treating risks as pure technical issue (e. g. cyber security) to a cultural issue. As organisations adopt greater external facing collaboration, the imperative is to become a “purpose driven culture” where all users are cognisant of, and ...
Section: Content | Category: Applications | Date: Friday, 01 April 2016 | Hits: 1199
Conclusion: Security leaders should approach security frameworks as a challenge to how the organisation secures its information assets. So, security leaders should be able to defend adherence, or variation, from any point on a chosen framework. Variance may be critical for business function, but the security leader needs to know this and be able to ...
Section: Content | Category: Security Leadership | Date: Wednesday, 01 October 2014 | Hits: 459
Conclusion: The role of a cyber security executive is challenging at the best of times, as they need to continually strike a balance between informing and influencing, without continually alarming. But the context surrounding why an organisation creates a cyber security executive role is critical to the success of cyber risk management. Executive level ...
Section: Content | Category: Security Leadership | Date: Saturday, 02 January 2016 | Hits: 476
Conclusion: Awareness of risks and threats, by itself, is not enough to protect an organisation. Security awareness campaigns are a sustained attempt at behaviour modification. But behaviour modification works best when an individual is not resisting the change. This means that the first step for any security awareness campaign must be to assess employee ...
Section: Content | Category: Security Leadership | Date: Thursday, 29 January 2015 | Hits: 783
Conclusion: Security awareness programs are an attempt to change staff behaviour for the protection of an organisation’s information assets, and also an attempt to change corporate culture to support and encourage desirable behaviours. However, security awareness programs also run the risk of overwhelming staff with too much fear, uncertainly, and doubt. ...
Section: Content | Category: Security Leadership | Date: Saturday, 04 March 2017 | Hits: 153
Conclusion: Now, there is renewed pressure on new IT projects to prove their value. For IT security projects, managers may feel that they need to make excessively complicated calculations in order to prove a return on investment (ROI) and thereby justify the project, but this is an unnecessary complication. Rubbery figures will melt under close scrutiny ...
Section: Content | Category: Security Leadership | Date: Friday, 27 March 2009 | Hits: 564
Conclusion: as cyber-security becomes a board-level topic, organisations in the A/NZ region are feeling the pinch of the security skills shortage. In this environment, moving IT services to the Cloud has the potential to streamline and/or automate some basic IT security practices. Cloud services are not an IT security silver bullet, but for many organisations, ...
Section: Content | Category: Security Leadership | Date: Sunday, 01 March 2015 | Hits: 632
Conclusion: Effective and responsible management of IT security should concern executives at the highest levels of management. Leading practice suggests, but does not mandate, separation of the IT security function from the IT management function. One of the ways that this can be achieved is with the appointment of a Chief Information Security Officer ...
Section: Content | Category: Security Leadership | Date: Sunday, 28 January 2007 | Hits: 542
Conclusion: Security awareness campaigns are actually an effort to change an aspect of organisational culture. Cultural change is famously difficult, takes a long time, and will ultimately fail if it does not have senior executive commitment. Specifically, senior executives must be seen to be exhibiting the behaviour of the new culture. The implication ...
Section: Content | Category: Security Leadership | Date: Saturday, 28 February 2009 | Hits: 540
Conclusion: Security incident and event management (SIEM) products can deliver solid insights into the security status of an organisation’s network. However, SIEM requires ongoing support, mature change control processes, and rapid and open communications between diverse teams within the IT department - as well as the rest of the organisation! A successful ...
Section: Content | Category: Security Leadership | Date: Thursday, 24 January 2013 | Hits: 855
Conclusion: The threat of a data breach (unauthorised access to data) is not just from hackers, and not just as a result of malicious intent. Carelessness and oversight by trusted inside sources has been shown, repeatedly, to be the root cause of numerous data breaches. Recognising this, many organisations (particularly in government and finance) include ...
Section: Content | Category: Security Leadership | Date: Monday, 28 July 2008 | Hits: 646
Conclusion: Cyber security can be perceived by outsiders as an occult domain. Psychologically, people can respond in many ways to something they do not understand with responses ranging from denial to fear. Consequently, a frequent challenge to better security maturity is inertia, rooted in ignorance. It is imperative that security practitioners break ...
Section: Content | Category: Security Leadership | Date: Thursday, 05 May 2016 | Hits: 378
Conclusion: To be effective a cyber security program that controls access to hardware, software and data needs to be comprehensive and include all stakeholders. The challenge for IT and line management is to shape the message to the audience in terms they understand so they take their responsibilities seriously. Observations: Today’s print and online ...
Section: Content | Category: Security Leadership | Date: Tuesday, 04 October 2016 | Hits: 1559
Conclusion: As cyber security gains awareness among business leaders, many organisations are undertaking new cyber risk management initiatives. However, these initiatives can be misdirected if business leaders are not clear on why they are doing them. On the journey to improving an organisation’s cyber security maturity, the question “why?” is a powerful ...
Section: Content | Category: Sourcing & Staffing | Date: Friday, 01 April 2016 | Hits: 315
Conclusion: This month, discussions regarding analytics and data-driven innovation have been prominent. As the role of IT changes from providing technology solutions to driving business outcomes and strategy through the use of technology agile services to support business processes and targets are required. Companies have recognised that data handling ...
Section: Content | Category: Sourcing & Staffing | Date: Wednesday, 02 December 2015 | Hits: 369
Conclusion: Unless an organisation has an already strong cyber security capability, or the budget and appetite to progress its maturity very quickly through expanding its headcount and changing business processes, it is unlikely that any security tool purchases will help. Instead, organisations aspiring to improve their cyber security maturity should ...
Section: Content | Category: Security Leadership | Date: Tuesday, 02 February 2016 | Hits: 324
Conclusion: The IT industry has hit a breaking point where the artificial grouping of information security and IT has left many organisations vulnerable. Business units have viewed information security as an IT problem, and IT has abdicated responsibility for many aspects of operations that should be viewed as basic hygiene. It is time for organisations ...
Section: Content | Category: Security Leadership | Date: Monday, 02 November 2015 | Hits: 498
Conclusion: Despite increasing focus on information and data in an as-a-Service age, thought leadership in the data management discipline has waned. Today, few of the frameworks, methods and bodies of knowledge that emerged either from the data modelling fraternity or the records management community in the last decade remain active. This leaves organisations ...
Section: Content | Category: Governance & Planning | Date: Wednesday, 02 August 2017 | Hits: 225
Commonwealth Bank of Australia has admitted it is culling the number of technology partners it works with as part of a cost cutting drive that has some industry observers concerned it is stepping back from its previous leadership position on cyber security. CBA has been the subject of ongoing rumours in IT circles that it is taking the knife to its ...
Section: Content | Category: In The News | Date: Wednesday, 27 September 2017 | Hits: 156
Conclusion: Remediating major systems is not a job for the faint-hearted or over-confident IT managers. Poor governance decisions and excessive optimism can easily lead to project failures (and ruin careers). Conversely smart decisions combined with sound project leadership can increase the probability of success and enhance careers. Observations: ...
Section: Content | Category: Applications | Date: Wednesday, 25 June 2014 | Hits: 862
Conclusion: The ability to inspire as a leader is becoming more recognised as a core management and leadership skill. What does not change overnight are the most innermost core values of how an inspirational leader behaves. Through their leadership they inspire others to perform and succeed, making a positive difference not just internally within the ...
Section: Content | Category: Sourcing & Staffing | Date: Thursday, 02 November 2017 | Hits: 88
Conclusion: CTOs need to balance natural technical strengths with traditional leadership skills such as strategic thinking and empathy with others to be initially recruited and then remain as successful CTOs. Observations: Successful CTOs are dedicated and naturally enjoy being in the weeds of technology. But they are required to raise their heads ...
Section: Content | Category: Sourcing & Staffing | Date: Monday, 03 July 2017 | Hits: 333
Conclusion: Staff remember how leaders behave and react during a crisis, rather than when the business is operating successfully. Astute leaders do not just deal with restoration and getting the business back on deck; they also support their staff during and after the crisis and can even create the potential for the organisation to be in a better state ...
Section: Content | Category: Governance & Planning | Date: Sunday, 01 January 2017 | Hits: 927
Conclusion: Bugcrowd, Hivint, Kasada, and Secure Code Warrior each has a proven capability to address an important aspect of the cyber defences of Australian organisations. The Australian Cyber Security Strategy, launched in April 2016, advocates the promotion of local capabilities where Australia can build globally competitive solutions. These four ...
Section: Content | Category: Security Leadership | Date: Sunday, 01 January 2017 | Hits: 579
Conclusion: There are two compelling information security reasons for creating a sense of purpose and ownership within an organisation. The first is that a sense of purpose and ownership will empower staff so that they move from responding to basic security hygiene matters, towards pre-empting issues. The second reason is so that organisations look ...
Section: Content | Category: Sourcing & Staffing | Date: Saturday, 03 October 2015 | Hits: 307
Conclusion: Organisations that do not treat information security risks seriously could pay a heavy price if a major incident occurs and they are unprepared to deal with it. Observations: In the last ten years the degree of interconnectedness through the Internet of organisations, their suppliers and customers and government, has increased dramatically. ...
Section: Content | Category: Security Leadership | Date: Wednesday, 28 July 2004 | Hits: 523
Conclusion:The latest Verizon Data Breach Investigation report (2011) continues many of the themes drawn out since its first publication in 2008. However, the DBIR is not a best practice guide on how to secure organisational data; it is an aggregation of cases where organisations failed to secure theirs. Consequently, the DBIR should be viewed as a ...
Section: Content | Category: Security Leadership | Date: Thursday, 26 May 2011 | Hits: 925
Conclusion: Security professionals are valuable not only for what they know, but also for how they think. However, this style of thinking can often result in them being alienated for “being too negative”. An alienated security professional is a waste of resources, so CIOs should adopt DeBono’s Six Thinking Hats, a thinking exercise based on role-play, ...
Section: Content | Category: Security Leadership | Date: Thursday, 24 June 2010 | Hits: 675
Conclusion: Despite the vendor and media hype around malware threats to the hypervisor, the biggest risk to IT departments from virtualisation is insufficient procedural controls. The risk stems from virtual machines being poorly managed, growing in number, and the consequent haemorrhage of money to support them. Virtual machines should be processed ...
Section: Content | Category: Security Leadership | Date: Thursday, 29 January 2009 | Hits: 591
nformation security refers to the protection of sensitive company data and vital systems from external attacks, such as theft or destruction. Part one of this series explored how organisations can determine whether outsourcing information security to a Managed Security Service Provider (“MSSP”) would be the best way to identify, prevent and recover ...
Section: Content | Category: Sourcing & Staffing | Date: Wednesday, 31 December 2003 | Hits: 386
Conclusion: Non-IT executives are often reported as being concerned about the prospect of a cyber incident, but as security is not their area of expertise, responsibility for mitigation and preparation is often devolved to IT. This is a mistake, because as much as lack of any security could be devastating, applying the wrong controls to an organisation ...
Section: Content | Category: Governance & Planning | Date: Wednesday, 02 September 2015 | Hits: 517
Conclusion: Dedicated IT security people are too expensive for SMB organisations. The market trend is towards outsourcing security tasks, and the SMB market must embrace this. Large organisations (500+ people) should make internal security people the managers of internal security programs, and managers of the relationship with managed security service ...
Section: Content | Category: Security Leadership | Date: Saturday, 28 April 2007 | Hits: 515