Security has always been a big deal, and recent events have brought it into sharp focus for many of us. I remember in the early 90s, implementing a secure system for Defence. We were so worried about data interception that we built the entire network using fibre - right up to the desktop. Sadly, in the race to pile on security controls, sometimes the basics are overlooked. Take the recent Optus and Medibank breaches for example. Reports suggest that the former accidentally opened their test environment to the internet and used un-scrubbed customer data for testing. In the later, user credentials were harvested to create two back doors through which data was obtained. Not knowing the full details of these incidents, it is difficult to draw conclusions. But from what we know, there are some take-aways.

Although VPDSS and AS/ISO 27001 compliance is important, in my experience it can give a false sense that all is ok. In my world, the Essential 8 is a great reference for reviewing what you have. ASD and the ACSC provide really clear and specific guidance on the basic security controls you must have in place. Also take a look at this to verify the level of controls you’ll need given the information you hold. You’ll notice that this Fed Govt advice is similar to that in the VPDSS, just with more detail.

Need security policy based on ACSC and ASD advice? Check out the Fed’s Protective Security Policy Framework (PSPF).

Reach out if you want to know more about applying the Essential 8, the PSPF, or the treasure trove of security controls described in detail in the ISM.

And remember, just like in the 80s classic War Games, sometimes the most sophisticated attacks can be thwarted by the simplest of measures.

Across the Industry

Recent Government Tenders

Microsoft News

"A change in perspective is worth 80 IQ Points" 
linkedin facebook pinterest youtube rss twitter instagram facebook-blank rss-blank linkedin-blank pinterest youtube twitter instagram