Dr. Philip Nesci is an IBRS advisor specialising in digital strategy and transformation, Cloud strategy and analytics, cyber security and risk management and large scale program and project management. Philip has an extensive track record as a CIO and an Executive in global commercial organisations such as Shell, Orica and China Light and Power, where he has orchestrated and delivered major organisational transformations enabled by technology. More recently as CIO of Monash Health and the Australian Red Cross Blood Service, Philip has focused on the Health sector and in Government leading a number of programs which have significantly reshaped the customer experience and engagement, underpinned by cyber resilience. Philip’s approach to strategy development and implementation is achieved through strong leadership and extensive engagement with Boards and Executives. Philip’s blend of business and technology experience across a wide range of industries and enhanced by working extensively in Australia, Europe, Asia and the USA, provides him with unique understanding in successfully planning and executing digital strategies to reshape business.
Conclusion: With an ever-increasing number of cyber-related incidents, cyber security risk has evolved from a technical risk to a strategic enterprise risk. While many organisations have enterprise crisis management and business continuity plans, specific plans to deal with various types of cyberattacks are much less common, even though many of the attack scenarios are well known. Every organisation should have an incident response plan in place and should regularly review and test it. Having a plan in place can dramatically limit damage, improve recovery time and improve the resilience of your business.
- Security Leadership
02 April 2020
Conclusion: With cases of the novel coronavirus (COVID-19) emerging across Australia, many businesses are or should bewell into pandemic planning to ensure they maintain essential services. Teleworking, remote working, or working from home, is a centrepiece of those efforts and will increasingly be implemented by organisations. Cybercrime activity is rising rapidly with actors seeking to exploit the fear and uncertainty in the community. The use of remote working technologies presents additional cyber security challenges that can be different from the more secure on-premise environments. Below is a list of considerations to help guide businesses through these challenges.
- Security Leadership
02 April 2020
Conclusion: Covid-19 has already had severe global impacts even though the total impact is yet to be fully dimensioned. Further restrictions are foreseen in Australia. Its implications will be long term and disrupt the way we conduct business in future and the way we interact socially and a ‘new normal’ will emerge. No business will be immune and during this dislocation both challenges and opportunities will arise.
At IBRS we believe that it is critical to take the long view on how the crisis will evolve and be prepared for the waves of change which will follow.
- Governance & Planning
01 April 2020
Conclusion: Cyber security is now one of the top priorities in many organisations. With an ever-increasing number of cyber-related incidents, cyber security risk has evolved from a technical risk to being regarded as a strategic enterprise risk. The role of the Chief Information Security Officer (CISO) has traditionally required strong technology skills to protect the organisation from security incidents. With boards and executives now requiring executive-level cyber leadership and accountability, the role of the CISO must evolve beyond the traditional technology domain to also encompass strategy, stewardship and compliance as well as being a trusted business advisor.
- Sourcing & Staffing
08 March 2020
Conclusion: Cyber security and data privacy are currently hot topics at both executive and board levels and security incidents feature in the media on an almost weekly basis. CIOs and executive teams will face increasing scrutiny from their boards with a focus on accountability, risk assessment, reporting and organisational resilience to cyber incidents. Boards are genuinely grappling with how to assess risks and how to ensure that the organisation is sufficiently well prepared to protect and respond appropriately to security incidents, within budget and resource constraints. CIOs and CISOs have a unique opportunity to engage with boards and provide the leadership that is expected, as the move to digital accelerates. In this note we highlight the recent trends and outline some of the key recommendations to practical steps to strengthen your organisation’s ability to protect itself holistically from cyber and data loss risks.
- Security Leadership
06 February 2020
Conclusion: Cloud services have now been around for over a decade and since that time many of the services available have evolved in both scope and maturity. Most organisations now have a range of services in the Cloud and many have adopted a ‘Cloud first’ strategy for new solutions to business problems. However, this reactive approach runs the risk of not leveraging the full potential of Cloud services and creating fragmented infrastructure and applications which inhibit the rapid response to business problems and increase costs in the longer term. What is required is a deliberate strategy which maps out the transition to Cloud at infrastructure, platform and application levels and is integrated with enterprise IT. Given the scale, scope and risks of the strategy, executive and board alignment is critical as is the implementation of appropriate governance.
- As a Service
09 January 2020