AMP, Commonwealth Bank choose homegrown security

DIY security framework removes jargon from security/audit standards to create better reports for business

IT security policy model

IT security policy model

O'Driscoll admits receiving industry flak about “trivialising” security but says it did not change his attitude — namely that “technical jargon should not leave the confines of IT”.

“My job is done when people take security seriously because they understand why, not because they have to,” O'Driscoll said.

O'Driscoll claims his big challenge was to achieve a balance between providing business departments with enough information to make decisions, but keep things straightforward and clear enough to have meaning to non-IT users.

“The CEO and audit want transparency with IT, and I want both [of them] off my back, so simplicity works.”

AMP and the Commonwealth Bank now both use employ a “colour tag” using green, orange and red to identification and grade security zones, access and devices based on potential risk.

O'Driscoll said AMP’s security shop is now busy shifting responsibility and risk back to business owners as much as possible. O'Driscoll said this forces business units to re-evaluate their needs and reduce risks within projects. “When they understood we weren't just going to rubber-stamp everything they put a lot more work into what they gave us,” he said.

O'Driscoll said Australia is increasingly becoming a target for hackers and online fraudsters, who see the country as a “softer” target compared to the United States and its hard-line disclosure laws.

“Compliance doesn't mean you're safe,” he said. “You can have lousy security and still be compliant.”

O'Driscoll was speaking at the ISACA Oceania CACS2008 conference in Sydney this week.

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Follow our new CSO Australia LinkedIn
Follow our new social and we'll keep you in the loop for exclusive events and all things security!
Have an opinion on security? Want to have your articles published on CSO? Please contact CSO Content Manager for our guidelines.

Tags commonwealth bankamp

More about AMPCherryCommonwealth Bank of AustraliaISOLogicalWikipedia

Show Comments

Featured Whitepapers

Editor's Recommendations

Brand Page

Stories by Darren Pauli

Latest Videos

More videos

Blog Posts