Cyber and Information Security
What we do
- ISO 27001 Implementation planning
- Queensland IS18 Implementation and Strategy
- Queensland Government Information Security Classification Framework (QGISCF) implementation
- ISM and Essential 8
- Cyber exercise development and testing
- Reviews and audits against published standards
- Analysis of projects and organisations against information security best practice
- Computer Incident Response Team development (CSIRT/CERT)
- Cybersecurity strategic posture assessment
- Cloud security strategy
- Executive spear-phishing avoidance training
There is no perfect Cybersecurity
There is only perfect cybersecurity for your organisation.
That’s where Cybersecurity Governance, Risk and Compliance come in.
Sure, your organisation could turn off all the computers, barricade the doors and put guards out, not letting anybody in, even staff. But it wouldn’t be in business long, because it wouldn’t be fulfilling its purpose.
An oldie but a goodie – BBC Yes Minister – The hospital without patients
Security is always a balancing of risks
Security is always a tradeoff between confidentiality of information, integrity and also availability. These three objectives are in constant tension. If you have too much information availability, you might compromise confidentiality. Too much information confidentiality, you might compromise integrity. It’s like a three legged chair that’s always wobbly because one or other of the legs is too short or too long.
These tradeoffs lead to risks, both positive and negative.
- A website with lots of functionality and utility can have more vulnerability from attackers.
- A network that is cut off from the Internet is protected from external attack.
Making decisions about what risks and tradeoffs an organisation wants and needs to accept sits with the executive. They own the risk. Our team at Resilience Outcomes can help your organisation decide how best to navigate this complex area of governance, risk and compliance.
You can read posts related to cybersecurity and technology here, or click Cybersecurity posts on the tab above.