March 28th, 2017

Why is information security blue?

They say a picture is worth a thousand words.  If that's true, what do the images used for information security tell us? What are they trying to convey and are those messages consistent with how we would like to think about information security? There’s an easy way to find out how...

March 13th, 2017

Notifying eligible data breaches: What does it all mean?

Key take-aways Only ‘eligible data breaches’ are notifiable to affected individuals and the OAIC. An eligible data breach is one where there been loss, unauthorised access to or disclosure of information which is likely to result in serious harm. If you’re unsure,...

March 12th, 2017

Why women (and greater diversity) are good for cyber security

The low number of women in cyber security, and ways that we might encourage more women into the field, has been receiving a lot of attention recently.  This led me to ponder why I think it is important that more women become cyber security professionals. There is certainly little doubt that...

February 6th, 2017

February 7, 2017: Ask out loud - Safer Internet Day

What: Share the single call to action with your staff and / or customers: #AskOutLoud If you experience something suspicious online, Ask Out Loud because your online safety is worth a second opinion. How: Share the pre-prepared resources (produced on behalf of Stay Smart Online(SSO)) and promote...

January 27th, 2017

Kick Start Your Cyber Sec Training in 2017

Hone your offensive and defensive cyber skills or develop a deeper understanding of cyber topics (like Dark Web, Bot-nets, Bitcoin, Cryptoware, Watering-holes, Man-in-the-Middle) with practical, hand-on courses led by a respected industry expert. More information available here. SPECIAL OFFER:...

December 4th, 2016

What's happened to data breach notification law in Australia?

It’s December 2016 and still no data breach notification law in Australia, despite the government committing to introduce legislation by December 2015 as part of the protections promised on the introduction of mandatory data retention requirements. So, what’s been going on?



Background information on the Employee Record exemption from the Privacy Act

October 14th, 2013

Some background information on the Employee Record exemption from the Privacy Act  (which will continue to apply to private entities from March 2014) :Employee Record – Privacy Act 1988 (Cth) ExemptionThe Employee Record exemption from the Privacy Act is the one that most people find...

Merchants Fights Back – Counter Sues Against Payment of PCI DSS Penalties

October 3rd, 2013

For perhaps the first time, the enforceability of the fine system supporting the PCI DSS standard will be considered in the U.S. Case of Elavon Inc. v. Cisero’s Inc., 100500480, Utah Third Judicial District Court, Summit County (Park City). The owners of an Italian restaurant in Utah (...

Another Merchant Takes on PCI DSS

October 3rd, 2013

In March 2013, Genesco Inc. filed a complaint in the U.S. District Court for the Middle District of Tennessee against Visa seeking to recover $13.3 million in non-compliance fines and assessments that Visa had imposed on two acquiring banks, Wells Fargo and Fifth Third Financial, which processed...

Cloud Maturity Study Reveals the Top 10 Issues Eroding Cloud Confidence

October 3rd, 2013

 Government Regulations, Exit Strategies, and International Data Privacy are Top ConcernsFindings from a joint Cloud Security Alliance (CSA) and ISACA survey show that government regulations, exit strategies and international data privacy dominate the Top 10 areas where confidence...

The Woes of No IT Security Unemployment

October 3rd, 2013

The Woes of No IT Security UnemploymentFinding Skilled People Poses Dilemma for EmployersInteresting article from the U.S. where, although the employment of IT security professionals is at an all-time high, it isn't keeping pace with the demand for these skills in American businesses and...

First State Super in breach of Privacy Act

October 3rd, 2013

First State Super in breach of Privacy Act7 June 2012Some seven months after a highly publicised incident involving a flaw in First State Super’s members online application, the Australian Privacy Commissioner Timothy Pilgrim released the findings from its investigations – which found...



Dr Jodie Siganto talking about the proposed new data breach notification laws.

August 29th, 2016

  AISA's Policy Chair Dr Jodie Siganto speaks with AISA Advocacy member Lani Refiti on the proposed Mandatory breach reporting bill            

The Australian Cyber Security Strategy 2016: Where is the money going?

May 3rd, 2016

The government has announced it will spend $233.1 million over 4 years as part of its new Cyber Security Strategy.[1]  About $190 million was new money, with the remaining funds being previously allocated as part of the Innovation and Science Agenda. [2] This previous allocation included the...

Sony breach settlement: What would have happened if Sony was an Australian company?

April 14th, 2016

Sony has reportedly reached a settlement with its present and former employees over the loss of employee SSN's and other personally identifiable information resulting from the 2014 hack attributed to the North Koreans:  see link.  But what would have happened if Sony had been an...

Notification of Serious Data Breaches in Australia

December 31st, 2015

Author: Jodie Siganto December 2015 With the recent release of a new draft bill, Privacy Amendment (Notification of Serious Data Breaches) Bill 2015,[1] it seems that mandatory notification will soon be introduced into Australia.  The draft bill requires entities covered by the Privacy Act...

Australian Cyber Security Centre Threat Report 2105

September 9th, 2015

The ACSC’s first public Threat Report, released in July 2015, refers to an increasing number of threats, including growing use of ransomware and DDoS for extortion, from an increasing range of actors. It advises that implementation of its Top 4 mitigations should address most threats...

New Data Retention Obligations and Privacy

August 26th, 2015

Author: Jodie Siganto 25 August 2015   The new Australia meta-data retention obligations come into force on 13 October 2015.  This note provides a broad overview of those obligations, their interaction with existing Privacy Act obligations and reference to some of the advice made...



There are currently no new articles. Check back here soon!

White Paper

There are currently no new articles. Check back here soon!
Subscribe to ITSTA News