Cyber and Information
Good cybersecurity is designed to work in concert with an organisation’s information security strategy and its broader organisational risk envelope.
The best defence and the greatest weaknesses against cyber attack are your people.
Whether an information security event is just a blip or causes lasting damage is determined not in the moment where the event is discovered, but in the preparedness of the organisation to respond.
This is resilience.
There are many constraints to security in organisations.
- There is no silver bullet
- Not all controls are technical
- Budgets aren’t growing at the same rate as threats
- Not everything can be protected to the same level
- You can’t avoid all risk to the organisation without stopping what it is doing
- Your organisation needs to develop ways to prevent, detect and respond to the threats that it faces
- Developing relationships with stakeholders is an important step
The vast majority of organisations in Australia today will no longer be around in 25 years.
Indications are that the average lifespan of companies is getting shorter as the pace of change speeds up. It is not just SMEs, but big companies too.
Good governance helps organisations navigate risk. This is true for those in the government, private and not-for-profit sectors.
Identity and privacy
Security is a CEO and leadership responsibility.
Security risk management and governance must be embedded in organisational management processes.
Transparency of an organisation’s security risk and remediation is essential to ongoing improvement.
Security threat and incident information needs to be proactively shared with trusted partners to help strengthen supply chain defences.