Main
Log in

Mike Mitchelmore

This email address is being protected from spambots. You need JavaScript enabled to view it.

Mike Mitchelmore is an IBRS advisor specialising in the areas of ICT strategy, program and project management, ICT service delivery and telecommunications. Mike has more than 40 years of experience in the ICT industry during which he has successfully led engagements in the design and deployment of a global telecommunications networks and IT platforms, negotiated managed telecommunications services, introduced new capabilities for call centres and consolidated ICT systems to focus on service delivery for citizen facing services. Mike has also assisted clients in ICT strategy, support planning, system design and architecture, and procurement strategies. Mike is a graduate of the Australian Army Command and Staff College, and the Royal Military College of Science (UK). He holds a degree in Social Science (human resource development), and graduate diplomas in Management Studies and Telecommunications Systems Management. Mike is a certified PRINCE 2 Practitioner and an ITIL (V2) Manager.

Conclusion: Telecommunications services and the supporting infrastructure have historically been complex, costly and difficult to change. The modern technology landscape now allows for greater flexibility in the design of networks, and the telecommunications services of voice, video and data they deliver.

The use of software defined networking (SDN), Cloud-based standard operating environments (SOE) with unified communications (UC) and Cloud-based call centre solutions are now mature, secure and commonplace in the market.

These changes with the significantly reduced cost of physical connectivity (lines and links), which are now viewed as a commodity, enable the telecommunications landscape to be agile to each organisation’s business needs and delivered at greatly reduced costs.


Register to read more...


Conclusion: The Agency Head/CEO is responsible to accredit the ICT system for use at the PROTECTED level. The accreditation process is specific to the services being delivered for the organisation. The Australian Signals Directorate (ASD) certification process is a generic process that assesses the Cloud Service Provider’s (CSP) level of security only.

The Agency Head/CEO remains responsible as the Accreditation Authority (AA) to accredit the security readiness for the services to be delivered for their organisation. In practice the CIO/CISO will lead the accreditation process on behalf of the CEO.

ASD’s role as the Certifying Authority (CA) for PROTECTED Cloud services provides the agency/organisation using the CSP with independent assurance that the services offered meet government Information Security Registered Assessors Program (IRAP) requirements and vulnerability assessment requirements at the PROTECTED level. The certification process provides a consistent approach to the cyber risk assessment of the CSP’s environment only. The PROTECTED Cloud certification does not cover security assessment related to the design and maintenance of the customers’ services and/or software to be run on the PROTECTED Cloud platform.

The adoption of a PROTECTED Cloud solution will still require a regular review of the security posture. ASD will conduct regular reviews of their processes as the certifying authority (CA), and the Agency Head/CEO will be required to regularly review the accreditation of the service as a whole.


Register to read more...


Conclusion: What to monitor and how you respond to the data is often poorly documented and not fully understood until after a failure occurs. In this world of “no surprises”, effective monitoring is a key success factor. If an organisation’s ICT monitoring strategy is to be successful it must be structured around the organisation’s business outcomes. The monitoring strategy framework is achieved through the alignment of the organisation’s critical-business functions, the ICT high-level design, the ICT architecture and the priorities set out in the organisation’s disaster recovery plan (DRP) as the primary influencing factors.
Key to an effective DRP is a clear understanding of the system architecture and design, with sound knowledge of the risks and weaknesses it brings in support of critical business functions. When the ICT monitoring strategy is based on this framework it will deliver a near real-time health status of the organisation’s ICT environment, allow for planning future capacity, and in the investigation of incidents when they occur. An effective monitoring strategy will be business-focused and not monitoring for monitoring’s sake.


Register to read more...


Conclusion: Cloud offerings are now commercially available, allowing CIOs to engage the technology offerings with a high degree of trust that the service is secure and responsive at reduced cost to in-house solutions.

CEOs have an obligation to ensure their organisation’s IT systems are cost-effective and meet the security accreditation defined by government (or their Board). PROTECTED Cloud services can reduce cost of operations and meet many of the CEO’s obligations for accreditation (and review) of services, and therefore better manage risk, to meet government and best practice commercial security requirements.

All PROTECTED Cloud data centres certified by ASD are physically located in Australia. Depending on your needs, they all meet Australian Government data sovereignty requirements and offer low latency and in-country technical support teams to assist clients. Provision of PROTECTED Cloud services allows the CIO to restructure IT, moving to a more agile and potentially lower cost option to provide the appropriate security approach.


Register to read more...


Conclusion: CIOs should consider the environments for their PROTECTED information, both when building new capability and/or when renewing older infrastructure and services. The need to have cost-effective infrastructure services (in-house or IaaS), accredited security of services and responsiveness for clients using the service are three key deliverables for any CIO.

The Australian Government has identified PROTECTED ratings be applied where systems and data are at risk and where the systems or data are critical to ensuring national interest, business continuity and integrity of an individual’s data. Critical business functions are a combination of the IT systems they run on and the data they consume.

Defining what should be afforded a PROTECTED rating and therefore adequately protected is an ongoing challenge. The Australian Government’s Information Security Manual (ISM) and recent legislation “Security of Critical Infrastructure Act 2018” detail the requirements and framework for reporting, on government-run IT systems and critical infrastructure. Using this framework as a base, organisations should assess whether the data or IT environments that support critical business functions should be treated as PROTECTED.


Register to read more...


Related Articles:

"Canberra-based Azure is about much more than security" IBRS, 2018-04-14 13:43:57

"On-Premises Cloud: Real flexibility or just a finance plan?" IBRS, 2017-05-06 06:37:20

"Running IT-as-a-Service Part 33: How to transition to hybrid Cloud" IBRS, 2017-08-02 02:32:44

In the News

ANZ business users calling the shots in ICT decisions

Conducted by Australia’s Intelligent Business Research Services (IBRS) and commissioned by TechnologyOne, the survey of 261 business leaders in ANZ has shown that business functions are having more...
Read More...

Managed security: a big gamble for Aussie IT providers - CRN - 02 August 2018

TechSci Research estimates the Australian managed security services (MSS) market will grow at a CAGR of more than 15 percent from 2018-23 as a result of the increased uptake of cloud computing and...
Read More...

Kids, Education and The Future of Work with Dr Joseph Sweeney - Potential Psychology - 25 July 2018

What is the future of work and how do we prepare our kids for it? Are schools and universities setting kids up for future success? Does technology in the classroom improve outcomes for kids? Should...
Read More...

PageUp starts rebuilding and looks to learn lessons after data breach nightmare - AFR - 27 June 2018

The timing couldn't have been worse for PageUp; two days before Europe's new data protection regime came into force the Melbourne-based online recruitment specialist's security systems detected...
Read More...

Australia is still in the cyber security dark ages - AFR - 28 June 2018

In terms of cyber security years, Australia is still in the dark ages, a period typified by a lack of records, and diminished understanding and learning. We're only a few months into practising...
Read More...

Subscribe to IBRS Updates

Invalid Input
Invalid Input
Please enter a valid email address
Please enter your mobile phone number
Invalid Input

Get in-context advice from our experts about your most pressing issues or areas of interest

Make an Inquiry

Sitemap

Already a subscriber?

Login to read your premium content.

        Forgot your password?
Recently Viewed Articles