May 17th, 2018

Guidance Note: 5 Practical tips for GDPR Compliance

Top 5 Tips for GDPR Compliance: Make sure key staff understand what it’s about and what they need to do. Know your data: Identify what information you’ve got and decide if it’s personal data (PD). Develop a data flow map for each group of PD, record...

May 10th, 2018

One big reason why the EU General Data Protection Regulation could affect your business

I recently participated in a debate, speaking for the proposition that Australian businesses should not be concerned by the EU GDPR. The debate was at King Wood Mallesons and, being a polite guest, I was happy for my KWM opponent to speak against that proposition. Though I’m pretty sure that...

May 4th, 2018

Dr Jodie Siganto on the Commonwealth Bank data "loss"

The issue arose in 2016, before the mandatory data breach notification provisions of the Privacy Act 1988 came into force. The bank says it has no evidence that customer information was compromised. But, as the saying goes, the absence of evidence is not evidence of absence. It also says that,...

February 15th, 2018

Domain Related Changes to CISSP Credential Exam

Effective April 15, 2018, (ISC)2 will implement domain-related changes for the Certified Information Systems Security Professional (CISSP®) credential exam. These changes are being implemented based on the outcome of the Job Task Analysis (JTA). The JTA provides the foundation for each of (ISC...

Equifax October 6th, 2017

Case Study: The Equifax Breach

The following is a summary of some of the most important things to know about the breach and the aftermath to date: The breach:  Between mid-May and July 2017 hackers accessed data held by Equifax through a publicised vulnerability in a web application, for which there was a well-known...

EU GDPR August 28th, 2017

Guidance Note: The new EU General Data Protection Regulation: Implications for Australia

Introduction After years of negotiations, the new EU General Data Protection Regulation (GDPR) was passed in 2016, bringing with it wide reaching changes to the EU data protection regime which has been in place for over 20 years, under the EU’s Directive 95/46/EC. Much has been written...

Pages

Blog

The new EU General Data Protection Regulation: Does it apply to you?

July 27th, 2017

From 25 May 2018 Australian businesses may need to comply with the EU General Data Protection Regulation, even if they don't have any physical presence in the EU.  If you offer goods and services or monitor the behaviour of individuals in the EU, then you may be caught.  Our Guidance...

Why is information security blue?

March 28th, 2017

They say a picture is worth a thousand words.  If that's true, what do the images used for information security tell us? What are they trying to convey and are those messages consistent with how we would like to think about information security? There’s an easy way to find out how...

Notifying eligible data breaches: What does it all mean?

March 13th, 2017

Key take-aways Only ‘eligible data breaches’ are notifiable to affected individuals and the OAIC. An eligible data breach is one where there been loss, unauthorised access to or disclosure of information which is likely to result in serious harm. If you’re unsure,...

Why women (and greater diversity) are good for cyber security

March 12th, 2017

The low number of women in cyber security, and ways that we might encourage more women into the field, has been receiving a lot of attention recently.  This led me to ponder why I think it is important that more women become cyber security professionals. There is certainly little doubt that...

What's happened to data breach notification law in Australia?

December 4th, 2016

It’s December 2016 and still no data breach notification law in Australia, despite the government committing to introduce legislation by December 2015 as part of the protections promised on the introduction of mandatory data retention requirements. So, what’s been going on?

Regular Password Changes: No Longer Good Security Practice

October 18th, 2016

Pages

News

One big reason why the EU General Data Protection Regulation could affect your business

May 10th, 2018

I recently participated in a debate, speaking for the proposition that Australian businesses should not be concerned by the EU GDPR. The debate was at King Wood Mallesons and, being a polite guest, I was happy for my KWM opponent to speak against that proposition. Though I’m pretty sure that...

Dr Jodie Siganto on the Commonwealth Bank data "loss"

May 4th, 2018

The issue arose in 2016, before the mandatory data breach notification provisions of the Privacy Act 1988 came into force. The bank says it has no evidence that customer information was compromised. But, as the saying goes, the absence of evidence is not evidence of absence. It also says that,...

Domain Related Changes to CISSP Credential Exam

February 15th, 2018

Effective April 15, 2018, (ISC)2 will implement domain-related changes for the Certified Information Systems Security Professional (CISSP®) credential exam. These changes are being implemented based on the outcome of the Job Task Analysis (JTA). The JTA provides the foundation for each of (ISC...

Guidance Note: The new EU General Data Protection Regulation: Implications for Australia

August 28th, 2017

Introduction After years of negotiations, the new EU General Data Protection Regulation (GDPR) was passed in 2016, bringing with it wide reaching changes to the EU data protection regime which has been in place for over 20 years, under the EU’s Directive 95/46/EC. Much has been written...

AWSN Melbourne

August 21st, 2017

Dr Jodie Siganto will be speaking at the AWSN Melbourne branch lunch on September 20th 2017. This is a free event open to AWSN members and guests and will be hosted by BHP at their Melbourne CBD offices. The title of Jodie's talk is: The Australian Cyber Security Skills Shortage: Myths,...

IT Security Training Australia sponsors HAISA 2017

August 14th, 2017

We invite you to participate in the event which, will be held over the 28-30th November 2017 in Adelaide, Australia. This symposium, the eleventh in the series, will bring together leading figures from academia and industry to present and discuss the latest advances in information security from...

Pages

Resources

Guidance Note: 5 Practical tips for GDPR Compliance

May 17th, 2018

Top 5 Tips for GDPR Compliance: Make sure key staff understand what it’s about and what they need to do. Know your data: Identify what information you’ve got and decide if it’s personal data (PD). Develop a data flow map for each group of PD, record...

Case Study: The Equifax Breach

October 6th, 2017

The following is a summary of some of the most important things to know about the breach and the aftermath to date: The breach:  Between mid-May and July 2017 hackers accessed data held by Equifax through a publicised vulnerability in a web application, for which there was a well-known...

Data breach preparedness: It's more than just notificaton ...

April 20th, 2017

New Australian data breach notification laws, effective in February 2018, have focused attention on organisations’ preparedness to notify of eligible data breaches.  But notification is just one part of responding to a data breach or cyber incident.  Data breaches are complex,...

ISO 27001 ISMS Overview and Implementation Course Materials

September 26th, 2013

 Below are attached the following resources:Practical ISMS Nov 12: Completed Course Slides – November 2012 (updated)ISMS Implementation Diagram ISO 27001 Reference List - articles, books and websites that may be of useResearch Article: "Information Security Management: An...

White Paper

10 reasons why an Australian data breach notification law won’t make any difference

August 29th, 2016

Having been on the drawing board since 2008, It is entirely possible that at some stage in the next two years, Australia may get its own version of a data breach notification law.  But, assuming a law similar to the draft legislation issued for consultation in December 2015 is passed, will it...

Data Breach Notification In Australia - Whitepaper Available!

August 30th, 2013

The first data breach notification law (DBNL) was introduced in California in 2002 (and enacted in 2003).  Since that time, similar laws have been introduced in different forms in nearly all the States in the United States and are under consideration in a number of other jurisdictions...

Privacy Act Amendments: What Do They Mean For Information Security?

August 30th, 2013

In May 2012, as part of Privacy Awareness Week, the Attorney General announced amendments to the Privacy Act 1988 (Cth), with the Amendment Bill (all 266 pages of it) introduced to Parliament in late May.  The Bill is expected to pass through both Houses without issue.  The amendments...

Data Breach Litigation In The U.S.: What Does It Mean For Australia?

August 30th, 2013

Since the passing of Data Breach Notification laws in the U.S. there has been an explosion of data breach related litigation.  Most of the actions are brought as class action suits (because the amounts sought per head is small but the groups are often very large).  Although most of the...

Subscribe to ITSTA News