Workplace Innovation

  • Reporting cyber security to the board

    Conclusion:Cyber threats and incidents will continue to be covered in the mainstream media, and local organisations will increasingly become part of this coverage. Not only may these stories get reported more frequently and in more depth, but local board members will become increasingly aware of what the technical aspects around cyber security mean. Reporting to the board is a blend of what the board – the people tasked with ensuring that the organisation is dealing responsibly with its risks – thinks is important with what the CIO and their team consider to be important. Finding the balance of information to report is important, and will be a continually evolving discussion between cyber security leaders and their boards.

  • GDPR – A European standard impacting Australian organisations

    Conclusion: Australian organisations and agencies need to embrace the European Union’s new General Data Protection Regulation (GDPR) legal framework for protecting and managing Private Individuals Information (PII). There is considerable risk to organisations that do not take action to comply, financially and to organisations’ brands.

    There are also potential upsides in embracing the requirements and being able to demonstrate compliance with the accountability principles, and implementing both technical and organisational measures that ensure all processing activities comply with the GDPR.

    Whilst Australian companies may already have practices in place that comply with the Australian Privacy Act 1988, GDPR has a number of additional requirements, including the potential appointment of “data protection officers”. Action should already be taking place, and organisations should not underestimate the time and effort it may take to reach and maintain compliance.

  • Community Clouds – better together?

    Conclusion: Community Clouds can provide the expected value of using “Cloud”-based services in a shared environment that may be more economical than a closed private Cloud or privately owned and managed IT solutions. But economics may not be the driving factor. Identifying a common “customer” need or client base can be the main driver to getting similar organisations to agree to use shared resources or services.

    The effort in getting organisations to recognise the opportunity to work together and to actually implement a community Cloud should not be underestimated. As in arranging car pooling, whilst the benefits may be clear, there is still the challenge of finding the other participants who all want to go to the same place, at the same time, and with agreed cost sharing. A “lead” organisation is necessary to help coordinate the required effort to create a Community Cloud.

  • IBRS Security Leadership MAP

    • Gain valuable insights into how security leaders are positioning cyber-security and risk within their organisations
    • Be able to self-assess how your organisation measures up on the IBRS capability maturity model for security leadership
    • Learn how to position cyber-security so that it is aligned to business priorities 

    "This Master Advisory Presentation is designed to guide and stimulate discussion between business and technology groups, and point the way for more detailed activity. It also provides links to further reading to support these follow-up activities." James Turner, Author of the Security Leadership MAP.

    For a deeper understanding of how security impacts the way business is done, download your copy now. 

  • Network Virtualisation – Security drives adoption

    Conclusion: The introduction of Software Defined Networking (SDN) offerings touted a number of benefits around simpler and more agile network management and provisioning, lowering capital and operational costs.

  • Preparation for ransomware requires a conversation on business ethics


    Business leaders must accept that ransomware attacks are a foreseeable risk. 

    Conclusion: Ransomware has proven such a successful cash cow for criminals that it is unlikely they will voluntarily stop their attacks. This means that business leaders must accept that further ransomware attacks are a foreseeable risk. While there are important conversations around the level of appropriate technical controls that an organisation may wish to implement, this conversation can only occur after business leaders have decided whether they want their organisation to help fund organised crime, or not. For organisations with a strong corporate social responsibility ethos, this is a very easy decision to make, but it is imperative that business leaders understand why they are committing to better technical hygiene and accepting tighter technical controls.

  • Lessons from security analytics projects

    Conclusion: Big data and analytics projects can learn important lessons from the domain of information security analytics platforms. Two critical factors to consider when planning deployment of an analytics platform are: the need for a clear business objective and; the depth and duration of organisational commitment required. Without a clear understanding of the objective of the analytics project, or adequate resource commitment, the project will likely fail to deliver on expectations. The worst outcome is that inadequate investment in people could result in an organisation drawing incorrect conclusions from the analytics platform.

  • An excellent resource for your IT security strategy

    Conclusion: Despite the apparent value of the DSD’s Top 35 Mitigation Strategies report, organisations considering executing its recommendations will have to weigh up the business impact of implementation. In some instances, a mitigation strategy may be too intrusive on business operations. For some, the cost of ongoing support may be too high. However, the most significant barrier will be communicating risk to the business, and the need for a given strategy (particularly the more intrusive ones!). In order to realise the benefits of this resource in improving an organisation’s security posture, the report will need to be translated into business impact in order to gain executive buy-in.