Cyber & Risk

Understanding cyber security has never been as critical as it is today. 

The importance of having cyber security and risk mitigation strategies is now well-embedded in the corporate conscience, with more and more senior executives required to know their exact security posture and how to respond in the event of an incident.

In a complex world where new threat vectors appear almost daily, organisations must be ready. How well prepared are you? 

IBRS can help organisations understand how resilient their systems are, develop incident response plans and get the right policies in place to ensure compliance with the most rigorous of security standards. 

Conclusions: Microsoft’s new BitLocker feature, available in select versions of Vista, offers easy access to ‘whole disk’ encryption, which benefits several areas including; identity management, data security, and asset management.

While BitLocker is a workable and well-integrated security feature, it is not a complete solution to data protection requirements. Whole disk encryption products have limitations and must be viewed as a part of a wider security initiative.

BitLocker’s benefits and limitations must be evaluated and factored into Vista migration plans, especially for organisations looking towards virtualisation and mobility.

Read more ...

Conclusion: Dedicated IT security people are too expensive for SMB organisations. The market trend is towards outsourcing security tasks, and the SMB market must embrace this. Large organisations (500+ people) should make internal security people the managers of internal security programs, and managers of the relationship with managed security service providers (MSSPs) and outsourcers. Security is an operational responsibility which should be shared by everybody in an organisation.

Read more ...

Conclusion: Effective and responsible management of IT security should concern executives at the highest levels of management. Leading practice suggests, but does not mandate, separation of the IT security function from the IT management function. One of the ways that this can be achieved is with the appointment of a Chief Information Security Officer (CISO) with total accountability for all IT security matters within the organisation. A pro forma Position Description for the CISO role is provided herein.

Read more ...

Conclusion: Last month I wrote advising IT practitioners to learn the language of risk management, particularly in the context of ANZ/NZS 4360:2004. The article also contained advice to ensure that IT has a place at the decision-making table when considering the implementation of corporate risk management software.

An assumption was made in the article that in your organisation some corporate risk management initiatives were already under consideration. However, suppose this is not the case. How can the IT practitioner pitch a case for an Enterprise Risk Management (ERM) project as a strategic system? This article provides a guide for doing so, allowing the IT practitioner to assert leadership in a burgeoning area of corporate practice.

Read more ...

IS organisations attack increasing client systems support costs by implementing a desktop "lockdown" or Standard Operating Environment (SOE). However, if they do not give enough attention to the process and planning that is required to lock down their desktops their project will fail because of political and cultural problems, and because lockdown may prevent users from doing their jobs efficiently.

Read more ...

Conclusion: In business and government, the subject of risk continues to be a hot topic. It’s covered regularly by the commerce and technology-oriented sections of the media and is increasingly being discussed and actioned at Board and executive levels. Because of the corporate appetite for risk methodologies and tools, a burgeoning IT industry has developed providing risk management software.

Read more ...

Conclusion: Organisations that do not treat information security risks seriously could pay a heavy price if a major incident occurs and they are unprepared to deal with it.  

Read more ...

In April new Federal anti-spam legislation will ban local spammers from operating; otherwise they could face penalties of over a million Australian dollars a day. According to the Coalition Against Unsolicited Bulk E-mail, the purpose of putting this legislation in place is to stop spammers, and make Australia appear credible when looking to other countries to adopt the same type of law.

Read more ...

Changing business processes and systems to comply with legislative requirements is a major hidden cost in the public and private sector. Ironically, it is also one of the least referenced in the research literature.

Read more ...

SPAM is a terrible problem, from cutting productivity, threatening security, offending the morals of millions, planting doubt in the most macho man, and just irritating anyone with email. 2003 has seen many headlines about SPAM and how companies and governments are going to tackle it head on.

Read more ...

We touched briefly last month on our approach to security and its role in protecting the network from external attack. It is equally essential that clearly stated network policies and procedures, both for internal users and other external stakeholders on projects who require network access, be rigorously applied. Our policies are, visibly endorsed by the Chief Executive Officer and published on the company Intranet. They are designed to protect the enterprise by ensuring that the data on the network is appropriate to the business, network performance is not compromised in any way and the possibilities of virus infection are minimised.

Read more ...