People attitude toward security is probably the most important factor when it comes to ensure a good Security strategy is in place. Even with the right technical protections, if people do not act carefully, it is not going to work out! So awareness is key. And targeting the right audience is critical to ensure the right outcome. On that topic, ZDNet published an interesting article titled: Is your cybersecurity training reaching the right people?

An interesting read about how using pen and paper helps you to take better notes than using a computer: Want to Take Better Notes? Ditch the Laptop for a Pen and Paper, Says Science

I personally always struggled taking notes on a computer and have been a fierce user of notebooks (especially since I discovered reusable ones). Well now I will have an even better excuse to continue doing so 😄

Following my presentation on Building an Information Security Policy Framework at the "Implementing CPS 234" conference held in Sydney in May 2019, I received many requests to publish a transcript. Thank you all for your interest and for the large amount of feedback you shared with me. As promised, here is an augmented transcript of my presentation.

It covers an overview of what a Policy Framework is, and why it is an essential part of any Information Security program; the various existing frameworks used across the industry, their strengths and limitations; a methodology to create a flexible framework, supported by a risk assessment and a strong understanding of the assets owned by the institution and the threats they are exposed to; and an approach to define an adequate control set and how to prioritise its implementation. Read More…

Microsoft today is taking the unusual step of releasing security updates for unsupported but still widely-used Windows operating systems like XP and Windows 2003, citing the discovery of a “wormable” flaw that the company says could be used to fuel a fast-moving malware threat like the WannaCry ransomware attacks of 2017. Read more at http://bit.ly/2Xr3Kgv

No, “humble narcissism” is not an oxymoron; it’s a combination of qualities that the best leaders and companies have. Organizational psychologist Adam Grant explains why in this interesting TED article.

First State Super has fully integrated its financial advice business, StatePlus.

In a move aimed at making financial advice accessible for all its members, the $70 billion fund has brought its financial advice business StatePlus in-house. Read more at http://bit.ly/2XqxFFu

Corporate reality is that there is a growing interest from employees to use their personal devices for work. This can have a very positive impact on business – choosing which device is best for them and when, empowers workers and makes them more productive – but it also raises many security concerns for the enterprise – especially around access, confidentiality of information, compliance, security and privacy.

In order to define how employees will be able to interact with the corporate resources, the Bring-Your-Own-Device (BYOD) strategy is a critical part of your journey toward BYOD. It is there to define the capabilities your organisation offers to employees to use their personal laptops, smartphones or tablets for work.

To assist you in your journey, this article covers how to answer these questions and what are the options available for you in order to create a secure BYOD strategy.

Read More…

As I have recently been working on a new Data Strategy, taking into consideration how Artificial Intelligence (AI) can help us to provide better insights and advises to our customers, it is also the right time to consider the risks associated to such technology. I'm not talking about 🤖 Skynet taking over the world 😉 but how, if not well use, AI can reinforce human bias instead of helping us being better advisors!

Here is a great talk from Kriti Sharma @ TED on how to keep human bias out of AI.

I am very proud and excited to be one of the key speakers at the "Implementing CPS 234" conference on 3rd May in Sydney.

I will be talking on how to build an information security policy framework that is agile to changing threats.

More than ever, financial institutions in Australia and New Zealand are moving toward public cloud computing as a way to benefit from easy to use, flexible, cost effective and reliable infrastructures and services. Despite its substantial benefits, cloud computing also creates a complex new environment for financial institutions to navigate. Regulators in Australia and New Zealand are evolving their requirements and guidelines. It results in a growing expectation that financial institutions have a robust governance over their outsourcing process and ensure a high level of oversight of their cloud service providers. This article discusses the regulatory requirements around usage of Cloud Services in Australia and New Zealand and how to satisfy them. Read More…