Jean-Baptiste Bres

Chief Information Security Officer

Is your cybersecurity training reaching the right people?

People attitude toward security is probably the most important factor when it comes to ensure a good Security strategy is in place. Even with the right technical protections, if people do not act carefully, it is not going to work out! So awareness is key. And targeting the right audience is critical to ensure the right outcome. On that topic, ZDNet published an interesting article titled: Is your cybersecurity training reaching the right people?

💡 Conference Transcript: Building an Information Security Policy Framework

Article

Following my presentation on Building an Information Security Policy Framework at the "Implementing CPS 234" conference held in Sydney in May 2019, I received many requests to publish a transcript. Thank you all for your interest and for the large amount of feedback you shared with me. As promised, here is an augmented transcript of my presentation.

It covers an overview of what a Policy Framework is, and why it is an essential part of any Information Security program; the various existing frameworks used across the industry, their strengths and limitations; a methodology to create a flexible framework, supported by a risk assessment and a strong understanding of the assets owned by the institution and the threats they are exposed to; and an approach to define an adequate control set and how to prioritise its implementation.

Read More…

Microsoft Patches ‘Wormable’ Flaw in Windows XP, 7 and Windows 2003

Microsoft today is taking the unusual step of releasing security updates for unsupported but still widely-used Windows operating systems like XP and Windows 2003, citing the discovery of a “wormable” flaw that the company says could be used to fuel a fast-moving malware threat like the WannaCry ransomware attacks of 2017. Read more at http://bit.ly/2Xr3Kgv

💡 Creating a Secure Bring-Your-Own-Device Strategy

Article

Corporate reality is that there is a growing interest from employees to use their personal devices for work. This can have a very positive impact on business – choosing which device is best for them and when, empowers workers and makes them more productive – but it also raises many security concerns for the enterprise – especially around access, confidentiality of information, compliance, security and privacy.

Factsheet


In order to define how employees will be able to interact with the corporate resources, the Bring-Your-Own-Device (BYOD) strategy is a critical part of your journey toward BYOD. It is there to define the capabilities your organisation offers to employees to use their personal laptops, smartphones or tablets for work.

To assist you in your journey, this article covers how to answer these questions and what are the options available for you in order to create a secure BYOD strategy.

Read More…

What the Marriott Breach Says About Security

Marriott disclosed earlier this week a four-year-long breach. It involved the personal and financial information of 500 million guests of some of its hotel properties.
What could have gone so wrong that such a breach remained unnoticed for so long? This great article shares some considerations around the security postures that companies take on, and why they work... or not.

💡 APRA CPS 234: Are you ready?

Article

The Australian Prudential Regulation Authority (APRA) just published the final version of the Prudential Standard CPS 234 (Information Security), that will be enforceable by 1 July 2019. Have you assessed your readiness? This article reviews the main expectations from the regulator and provides some guidance on how to ensure timely compliance.

Read More…

Facebook Security Breach Exposes Accounts of 50 Million Users

Facebook is breached, putting 50 Million users’ data at risk. Great time to ask yourself what data you are making available on the net, and what would you do if it ends ends available to all because of a breach? Maybe it’s time to close your social network accounts that are not providing you any real value?...

💡 Security 101 – Why is it not safe to share sensitive information by email?

Article

You are regularly being reminded by your security team that sharing sensitive information by email is not safe. But why? Well, good question. Here are some answers

Read More…

💡 Understanding Meltdown and Spectre

Article

As an executive or senior manager, what should I know and what should my company be doing about Meltdown and Spectre?
If you are not an IT Security specialist and you have been trying to understand what all the fuss is about - you are probably struggling to find articles that are not overly technical or too generic. Hopefully, this one will be answer your questions.

Read More…