“Well worth attending – I learnt a lot”
“This conference was excellent, you really nailed the speakers”
“Great range of speakers. Timely discussions relevant to us all”
“I thoroughly enjoyed the roadshow. It was relevant, valuable and great selection of great presenters. Keep up the great work, and I look forward to next year’s event.”
“One of the best 1 day IT security sessions I have attended- thanks for organising it ”
The business environment of the future will be different from the one we experience today. Boundaries between enterprises and people will dissolve, as everyone and everything is connected. Networks will become the major lever for commercial success or failure, as well as a battleground for criminals, soldiers and spies. Organisations have no choice but to embrace the risks and opportunities presented. But traditional methods of security management will fail to safeguard their intellectual assets. David’s talk will explore the trends and consequences associated with this paradigm shift, and set out a new doctrine for cyber security, with a focus on speed, intelligence and action: the blueprint for the security organisation.
Organisations roughly fall into one of two categories: those who are keen to adopt the Cloud option and those that are erring on the side of caution and using more traditional environments. However, early adopters are not always carrying out the same due diligence ‘testing’ that they would with other service providers discovering , sometimes too late that there data has slipped out of their control and into jurisdictions where there are now reciprocal arrangements with Australia. There are also assumptions that because the services provider is large, at least by reputation, their data is secured and will be accessible as and when it is required.
Surprisingly, it is not necessarily the small ‘mum and pop’ organisations that are getting caught out. Sometimes it is the large organisation with a reputation to protect and a market that sees them as ‘trusted’ that fall for the ‘they’re large and reputable’ so the data will be safe. This is not always the case!
This short presentation provides a brief view of the learnings for NBN Co in successfully establishing a PSPF compliant security programme. NBN Co has over an 18 month period, from a start point in which there was no security policy, guidelines, framework, architecture, or operational monitoring in place, established a fully compliant PSPF Framework. The first three months focused on delivering the strategies, plans, and policies. The next three months focused on establishing the current security posture, and resulted in registration of 152 security issues. This was followed by delivery of security solutions, remediation of issues, and identification and remediation of a further 246 issues. In January 2013, a PSPF Compliance Roadmap was created which detailed every component of the framework that was required to satisfy all 33 PSPF Requirements and a programme of work was undertaken to ensure that there was adequate evidence available to auditors for every requirements. Internal testing concluded in June 2013 that all requirements of the PSPF were in place and an external audit was conducted in July which confirmed this., NBN Co subsequently submitted its statement of PSPF compliance.
A Conference on Cyberspace was held in Seoul in October 2013, and at that conference a Framework for Cybersecurity was agreed by the 43 nations present. This brief presentation provides context for the Conference, covers the key highlights, describes the Seoul Framework, and explains the implications for Australia in adopting this framework.
“Looking at a model that can more efficiently, effectively and securely open government information resources to provide better services to the community and make better use of the governments own ICT resources. This is a hypothetical look at how security can both secure the assets that require securing and open the assets that can be shared. Based on credentialing, encryption, posture and several other factors.”