Other similar profiles
Explore more posts
-
Global Risk Consulting (GRC) Group
GRC Group presented a "Whanau-Centric Security Model" (WCSM) to NZ Institute of Intelligence Professionals (NZIIP) network this week. As a collector and distributor of intelligence (through deep and covert reconnaissance) in a previous Military life, we can now adapt, refine, proven practices in the private sector using evidence based data and analysis. Within the intelligence gathering and analysis setting, we deploy complex tech-systems that help bring the problem piece (through metrics) to life and can bolt on agile risks/threats as they materialise in any given security operating environment, keeping the system and thinking agile. Our WCSM approach is built on a wonderful, strong and unique cultural foundation: 1. Whanaungatanga - security entities charged with security responsibilities 2. Kotahitanga - all working together for a common purpose against a universal threat 3. Manaakitanga - mutually supporting one another in that endeavor to minimise the risk(s) 4. Kaitiakitanga - the care and protection of people, assets and information
-
National Cyber Security Centre
🚨 Today, the NCSC and partners from seven other countries have issued a joint advisory about evolving threat activity by APT40 and other China state-sponsored cyber actors: https://lnkd.in/e4qnD7Pj APT40 has embraced the trend in using compromised small-office and home-office devices to launch attacks and have been seen targeting Australian networks. These techniques pose a threat to networks globally. Defenders are encouraged to follow the latest advice to help detect and mitigate this malicious activity.
2 Comments -
FBI Cyber Division
The #FBI, the Cybersecurity and Infrastructure Security Agency (CISA), and the Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) have released a “Secure by Design” guide to establishing a safe software deployment program. Developers should ensure code and configuration changes pass through a series of well-defined phases, supported by robust testing. This #CybersecurityAwarenessMonth, learn how software manufacturers can ensure reliability for customers: https://lnkd.in/eTZe_HVE
6 Comments -
Sustainabil.IT
Have you read the ASD's 2023 Cyber Threat Report? If so how have you addressed the threats that face your business? These sorts of reports give excellent insight into the realities of cyber crime in Australia. If you want to want some advice on things your organisation can do to mitigate risks using Threat Informed Defence, please feel free to contact us today.
-
Phronesis Security
Last week, the Australian Signals Directorate (via the ACSC) released its highly-anticipated six “Principles of Operational Technology Cyber Security”. Like the Essential Eight for IT systems, this publication intends to set out a common list of critical controls that should be in place for all OT systems - endorsed by comparable organisations from the US, UK, Canada, New Zealand, Germany, Netherlands, Japan, and Republic of Korea. Over the coming weeks, Phronesis Security will provide guidance on addressing each Principle, based on our experience securing organisations with challenging OT environments. Arguably, the most critical is the first: ‘Safety is paramount’. OT systems have a complex attack landscape, comprised of lots of peripheral technology – often known as the “low hanging fruit”. These are increasingly targeted by both nation-state actors who may seek to disrupt critical infrastructure and opportunistic cybercriminals for financial gain, notoriety or reputational damage. In our experience, the following key considerations must be met to ensure safety is paramount: • When security controls fail, safety must be prioritised. Just how a locked door provides no security if it is a fire that prevents it from opening, a firewall failure that stops a SCADA system from sending a stop signal to a PLC can be dangerous. • Testing controls regularly is crucial to ensure they fail in a manner that upholds safety and minimise risks in critical situations. • Redundancy must be thoroughly built into safety-critical systems, including sensors and other essential components, to ensure continuous safe operation. • Manual procedures that take over when automated systems fail must be tested regularly, and employees should be well-trained to safely execute these processes. • Auditing and maintaining system integrity is vital in safety-critical environments. If an adversary can tamper with the system undetected, it could lead to severe safety issues. To ensure you’re designing your security controls to preference safety above all else, these are the key questions to ask: • Do we know what happens when our security controls within our Operational Technology environment fail and do they fail safely? • Do we consider the impact to safety in risks to our Operational Technology systems? • Do we have ways of detecting when an adversary makes changes within our environment? For example, an unauthorised change to a PLC. You can learn more about the Principles at the ACSC’s website here: https://lnkd.in/g652RGhx #infosec #resilience #OT #otsecurity #operationaltechnology #criticalinfrastructure #SOCIAct #SLACIPAct #cyber #techjobs #cybersecurity #phronesis
-
Australian Institute of Insider Threats
I frequently receive questions like, "Where can I find more books about insider threats?" To help, I’ve started compiling a list of relevant books, and you can find them on the Australian Institute of Insider Threats - https://lnkd.in/gM-3hsPz If you think that I have missed a book that should be on the list, please let me know. #insiderthreats #riskmanagement #governance #compliance #espionage #counterintelligence #fraud #humanbehaviour
-
Naked Insider - Insider Threats & Data Security
Looking to find topical books on insider threats? I have created a list of around 28 books for your perusal published on the Australian Institute of Insider Threats. Let me know if I missed any? #toxicworkplace #employeeengagement #securitybooks #insiderrisk
-
ITEGRITI Corporation
Today, the National Security Agency’s Artificial Intelligence Security Center (NSA AISC) published the joint Cybersecurity Information Sheet Deploying AI Systems Securely in collaboration with CISA, the Federal Bureau of Investigation (FBI), the Australian Signals Directorate’s Australian Cyber Security Centre (ASD ACSC), the Canadian Centre for Cyber Security (CCCS), the New Zealand National Cyber Security Centre (NCSC-NZ), and the United Kingdom’s National Cyber Security Centre (NCSC-UK). The guidance provides best practices for deploying and operating externally developed artificial intelligence (AI) systems and aims to: -Improve the confidentiality, integrity, and availability of AI systems. -Ensure there are appropriate mitigations for known vulnerabilities in AI systems. -Provide methodologies and controls to protect, detect, and respond to malicious activity against AI systems and related data and services. CISA encourages organizations deploying and operating externally developed AI systems to review and apply this guidance as applicable. CISA also encourages organizations to review previously published joint guidance on securing AI systems: Guidelines for secure AI system development and Engaging with Artificial Intelligence. For more CISA information and guidance on securing AI systems, see cisa.gov/ai. #cybersecuirty #ai TLP: CLEAR
-
Sekura.ai
🔐 Australia's Assistance and Access Act could compel tech companies to break encryption, raising global privacy concerns. ASIO's head, Mike Burgess, suggests that lawful access doesn't mean creating backdoors but rather secure methods for targeted investigations. Critics argue this undermines encryption's integrity and could create a "nerd harder" scenario for tech firms. Will companies like Apple and WhatsApp be forced to compromise user security for "targeted actions"? The debate continues. #Encryption #Privacy #CyberSecurity #AustraliaLaw #TechPolicy 👉 What are your thoughts on balancing national security with digital privacy? https://lnkd.in/gsZpWVw3
-
AKYLADE
What are people saying about AKYLADE certifications? "Both exams were great, and A/CRMP definitely more nuanced than A/CRMF as expected. NIST knowledge is also required for a lot of roles in Australia (and heavily referenced by some of the standards here) so it's great to have a purpose-built certification path available." - Chris Collins, MCyberSec | Cybersecurity Risk & Governance | Software and Network Security November 26, 2024 AKYLADE Cyber Risk Management Foundation (A/CRMF) AKYLADE Cyber Risk Management Practitioner (A/CRMP) #CyberSecurity #Infosec #Certification #CareerGrowth #akylade #RiskManagement
-
Siege Cyber
Cybersecurity is a non-negotiable aspect of doing business in the modern world – and for Australian businesses, the Australian Signals Directorate (ASD) Essential 8 framework is a benchmark for best practices in cyber defence. Yet there remains confusion over whether adherence to this protocol is a recommendation or a regulatory must. This post sets out to clarify the status of the ASD Essential 8 for Australian businesses and compliance professionals, detailing why and how to integrate these practices into your cybersecurity strategy. Siege Cyber is an Australian-owned and operated cyber security company focusing on cyber security services. Our goal is to help our customers secure their organisation. www.siegecyber.com.au [email protected] #asdessential8 #mandatoryinaustralia #ciso #cybersecurity
-
Interactive Security Training
PRC State-Sponsored Group, APT 40: The Cybersecurity and Infrastructure Security Agency (CISA) has collaborated with the Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) to release an advisory outlining a People’s Republic of China (PRC) state-sponsored cyber threat group’s activity. The following organizations also collaborated with ASD’s ACSC on the guidance: The National Security Agency (NSA) The Federal Bureau of … Continue reading PRC State-Sponsored Group, APT 40
-
Startup Gladstone Inc.
The Annual Cyber Threat Report 2022–23 developed by the Australian Signals Directorate (ASD). As the Defence Strategic Review made clear, in the post-Second World War period Australia was protected by its geography and the limited ability of other nations in the region to project combat power. In the current strategic era, Australia’s geographic advantages have been eroded as more countries have enhanced their ability to project combat power across greater ranges, including through the rapid development of cyber capabilities. Australia’s region, the Indo-Pacific, is also now seeing growing competition on multiple levels – economic, military, strategic and diplomatic – framed by competing values and narratives. #followers Kiran Kewalramani (GAICD) https://lnkd.in/gaMHfHFU
-
Windstil Group
New Cyber security Bill 2024 for Australia that you should review... New Cybersecurity Legislation for Australia that you should review. Windstil has been following the progress of the proposed Australia Governments Cyber Security Bill 2024 that aims to introduced new legislation focused on enhancing cybersecurity across the broader economy. It’s touted as Australia’s first standalone cybersecurity act. This Bill has now been introduced to parliament. We recommend our customers review the new bill as key elements include mandatory reporting for certain businesses on ransomware payments and a range of other measures business will need to adapt to. You can find a complete breakdown of the Cyber Security Bill 2024 here https://lnkd.in/gvsBRjuB For small and medium business there is going to be increased compliance overhead to adopt a sound cyber security posture across their operations. We understands cyber security can be a daunting topic for many businesses, but we’re here to help. Our Cyber Security Team have developed a cost effective and proven program to implement the Australian Cyber Security Centres (ACSC) Essential Eight framework. We provide an initial analysis of your IT environment, develop a plan and implement the recommended Essential Eight security controls and even develop IT security policies, incident response plans and IT disaster recovery plans for our cyber security customers. Importantly our program is highly cost effective and accessible for small business. It enables our customers to confidently demonstrate to their stakeholders that they are cybersecurity aware, and safe to do business with. For more information please visit our website https://lnkd.in/gnv_ibjz or just give us call on 1300 01 99 88.
1 Comment -
IT Partners
#BreachInsights 🔎 New Zealand Stock Exchange - Distributed Denial of Service (DDoS) attacks. In March and April 2020, the New Zealand Stock Exchange (NZX) was hit by several DDoS attacks. The severity of these attacks was unlike anything seen before, forcing the exchange to shut down. ❔ What is a DDoS, and what happened in the New Zealand Stock Exchange attacks? A Distributed Denial of Service (DDoS) attack occurs when an attacker floods a website, server, or network with excessive traffic, overwhelming the system and thus blocking legitimate users from accessing the service. In NZX’s case, the website had been overwhelmed by malicious offshore digital traffic, slowing it down so much that the exchange could not make any market announcements required by financial regulators. This forced NZX to stop any trading. The attack review revealed that an attack of this scale was predictable and should have been prepared for. NZX lacked tools and practices for handling increasing trading volumes and was aware of limitations in its core processing systems. Furthermore, the attacks highlighted the shortcomings in NZX's crisis management procedures, i.e. relying on a single, unprotected method for market announcements with minimal contingency planning in place. Lessons Learned: ⚫ Businesses need to ensure they have adequate technology capabilities and trained staff. Regular assessments of systems and processes are essential to identify and address weaknesses before they lead to significant issues. ⚫ Businesses should adopt essential tools and best practices to handle growth effectively. This includes investing in scalable systems that can accommodate increasing demand and proactively addressing known infrastructure limitations. ⚫ Businesses should create contingency plans for critical operations. Additionally, prioritising security practices is crucial for safeguarding against potential threats and ensuring effective crisis management. Read the full article in the comments section 👇 #ITPartners #Cybersecurity #TechNews #SecurityFlaws #CyberAwareness #CyberDefense
1 Comment -
Metacurity - The Solution to Infosec News Overload
A joint report by the Australian Signals Directorate, its Five Eyes nation partners, and other countries, including Japan, accused the Chinese state-backed hacker group APT40 of stealing passwords and usernames from two unnamed Australian networks in 2022 and added that the group remained a threat. Don't miss today's Metacurity for more on this development and other top infosec news you should know, including --Microsoft bans Android devices in China, --New CloudSorcerer group abuses public cloud for Russian espionage, --Avast releases decryptor for DoNex ransomware, --Apple removes 25 VPN apps from Russian app store, --Roblox conference attendees exposed in data breach, --Scalpers fake Ticketmaster tix, --much more #apt40 #microsoft #china #androiddevices #cloudsorcerer #donexransomware #russia #vpns #roblox #scalpers #ticketmaster #hackers #databreach #ransomware #infosec #cybersecurity https://lnkd.in/e6GRfftd
-
Australian Financial Crimes Exchange
With cyber attacks increasingly affecting both Australia and New Zealand, there have been calls to strengthen our joint defense. Why It Matters: 🔹 Unified Effort: Avoid the complexity of separate national reviews, benefiting the industry with a single, cohesive approach. 🔹 Proven Models: Build on the success of trans-Tasman institutions like the ANZCTC. 🔹 Regional Impact: Strengthen the Pacific Cyber Security Operational Network (PaCSON) with joint updates and recommendations. Prime Ministers Chris Hipkins and Anthony Albanese have emphasised the importance of working together on cybersecurity. By formalising our collaboration, we can better protect our nations and lead the way in cyber defense. Read more: https://hubs.la/Q02H1Zw60 #CyberSecurity #TransTasman #AFCX
1 Comment -
Signal Corporation Limited
Global Feed featured on TechDay New Zealand: "Our business environment is increasingly impacted by environmental events and threat actors, from state groups and cyber criminals to the effects of civil disruption. Monitoring and responding to these threats is increasingly important not just for security professionals, but for C-suite leaders concerned about risk mitigation and business continuity for the whole organisation." #cybersecurity #osint #riskmanagement #threatmonitoring #AI https://lnkd.in/g_w8q45K
1 Comment
Explore collaborative articles
We’re unlocking community knowledge in a new way. Experts add insights directly into each article, started with the help of AI.
Explore MoreOthers named Claire C. in Australia
-
Claire C
-
Claire C
Administrator at Australian Quarter Horse Association
-
claire C
Monash
-
Claire C
Administrator at Department of Justice (Tasmania)
-
Claire C
--
12 others named Claire C. in Australia are on LinkedIn
See others named Claire C.