Security has always been a big deal, and recent events have brought it into sharp focus for many of us. I remember in the early 90s, implementing a secure system for Defence. We were so worried about data interception that we built the entire network using fibre – right up to the desktop. Sadly, in the race to pile on security controls, sometimes the basics are overlooked. Take the recent Optus and Medibank breaches for example. Reports suggest that the former accidentally opened their test environment to the internet and used un-scrubbed customer data for testing. In the later, user credentials were harvested to create two back doors through which data was obtained. Not knowing the full details of these incidents, it is difficult to draw conclusions. But from what we know, there are some take-aways.
Although VPDSS and AS/ISO 27001 compliance is important, in my experience it can give a false sense that all is ok. In my world, the Essential 8 is a great reference for reviewing what you have. ASD and the ACSC provide really clear and specific guidance on the basic security controls you must have in place. Also take a look at this to verify the level of controls you’ll need given the information you hold. You’ll notice that this Fed Govt advice is similar to that in the VPDSS, just with more detail.
Need security policy based on ACSC and ASD advice? Check out the Fed’s Protective Security Policy Framework (PSPF).
And remember, just like in the 80s classic War Games, sometimes the most sophisticated attacks can be thwarted by the simplest of measures.
Across the Industry
Digital ministers in Australia collaborate on a national identity resilience strategy to protect data
Breach and Attack Tool (BAT) developed to extinguish fires at sea by Sydney maritime firefighters
New low code platform Budibase allows users to develop apps from external data sources in minutes
Understanding the difference between digital transformation and optimisation for businesses
Recent Government Tenders
Barwon Water: EOI Business Process and Digital Transformation Delivery Partner (VendorPanel)
The Department of Transport: Public Transport Ticketing Project, Independent Certifier Services (VendorPanel)
Department of Premier and Cabinet Tasmania: eCabinet System (Tasmianian Government Tenders)
East Gippsland Shire Council: Electronic Document and Records Management Solution (TenderLink)