An annual mandatory security education and awareness training program keeps everybody up to date on cyber security threats. This could be the difference between whether or not a criminal gains access to your money, accounts or data.
Invoice fraud is a major threat to businesses, large and small. It involves tricking your employees into paying fake invoices or changing bank details on real invoices to divert funds to a fraudster’s account. This scam can lead to significant financial losses and damage your business’s reputation. Understanding and preventing it is crucial for your business’s safety.
What is AI? How is it defined, how is it applied and how is it being used across various industries? This article provides an overview of Artificial Intelligence (AI), from its definition, how people interact with it today and in the future and its potential impacts.
Artificial Intelligence (AI) has rapidly transformed the world, enabling automation, efficiency, and new insights in various sectors. However, the growing prominence of AI has also attracted the attention of cybercriminals, leading to a surge in attacks on AI systems. In this article, we delve into some of the latest security breaches that have exposed the vulnerabilities of AI technology.
Essential steps to embrace ethical AI: acknowledge the need, assemble a diverse task force, define principles, incorporate ethics throughout, create transparency, prioritise data privacy, train employees, engage stakeholders, and leverage existing frameworks.
What are the benefits of a adopting a risk-based approach to assessing cybersecurity controls? Why is aligning to a Cyber Security Standard or Framework important and is either model better? At InfoSecAssure we helps businesses and their advisors assess the security of their business with an easy-to-use, simple assessment process, with guided help that supports both internal risk management decisions and independent audit activities against a range of well known global standards.
Given the Robodebt system’s disastrous implications, it is clear that a rigorous ethical assessment of any Automated Intelligence (AI) decision-making process should be mandatory before and during implementation. This article looks at the ethical flaws of the Robodebts systems and models news ways for us to think about assessing automated systems using IEEE AI Ethical Standards which is systematic and in-depth approach to protecting the well-being and values of our community in system design and operation.
With technology becoming increasingly portable the risk of lost data is increased. In this article, we'll explore some of the secure destruction techniques you can use to properly protect your companies important information
Cyber security assessments are a critical element of any organisation’s cyber security strategy.
Compliance with various security standards can be confusing and time-consuming. Here we help you understand the relationships between cybersecurity risk, controls, and compliance so you can make informed decisions about protecting your business.
As a business owner, it’s important to stay up-to-date with the latest information risk identification and assessment process. This process involves identifying your business’s physical devices, software, data flows, external information systems and organisational roles in order to assess the criticality of these assets. After that, you need to identify the threats that could harm these assets. Finally, you must identify the vulnerabilities of your identified assets. Let’s explore this further.
Get to know the different types of data masking types commonly used to secure sensitive data during testing.
The ACSC released a new version of the Essential Eight in July 2021. Contrary to its title the Essential Eight has more than eight controls defined within its framework. Read this article for as summary of what the Essential Eight is and keys changes made in 2021
Nine years after it’s last publication, in 2013, ISO 27001 has been updated. InfoSecAssure has completed an in-depth and loving review of the changes made to ISO 27001 in 2022
Are you kids breaking the rules? Here is some plain advice from a security expert on how to find the right balance.
Well it was only a matter of time before another company was breached and this time it was Optus. It can happen to the best companies and the worst. If you are worried check out our helpful guide to understanding what to do to protect your identity and learn about what to watch for in case your information is misused.
How would you react if your company experiences a significant data breach? Is your business prepared to respond to the barrage of questions that would come at you from every corner?
To avoid becoming a victim of malware check out this article on how you can stop malware in its tracks.
Through diligent background checks, companies can create a safe workplace, guard against liability claims, comply with federal, state, and industry laws, and most critically protect their assets and hard-earned reputation.
After eight years, ISO 27002 has been updated. ISO 27001 is expected to be updated late in 2022.
Increasingly, hackers are selling medical records for profit on the black market. Having the right set of security policies and processes in place will protect your practice and your patients.
Whilst small business is facing increased cyber security challenges there is good news.
Increasingly educational institutions are being targeted by cyber criminals. What lessons are being learned?
What threats are emerging and how can you protect your business and the data that you collect and store?
An outage of technology that supports aged care services can impact their health if doctors and nurses may not be able to access patient records or provide critical health care.
The reason that your password or passphrase is probably not good enough is that it lacks something called entropy. You can think of entropy as randomness, and it’s one of the most important concepts in cryptography. It turns out humans are a species of patterns, and they are incapable of doing anything in a truly random fashion.
Read this article to understand more about how the scope of a ISO 27001 Certification Audit is defined and what types of evidence your auditor will be looking for when they conduct the audit.
Audit reports and certifications can be a useful investment in your overall security governance strategy to enable your company to: maintain adequate security controls for your company and clients; provide appropriate levels of assurance to clients that you are governing security in line with their expectations; or deliver to specific contractual certification/audit requirements in agreed contracts with clients.
Practically Perfect Patching does not exist. How do you ensure patches are deployed in a timely fashion to reduce the number of vulnerabilities in your network and software to protect your organisations from ongoing threats? One size does not fit all.
Not every one of your suppliers will have be operating in a defence grade building with anti ballistic windows! What do you measure? Read our article on the top 6 things you should consider before starting supply chain assurance.
The estimated losses from cyber attacks and data breaches in 2019 for the healthcare industry are $25 billion with the average cost of ransomware attacks on businesses being $133,000. The Health sector is increasingly being targeted by criminal organisations, individuals and state actors with attacks up 151% in the last ten years and 15% of all breaches involving Healthcare organisations.
Regulation strengthens when market forces fail to address government and societal concerns. Although cyber security has been on the agenda of senior leaders for more than a decade it continues to demand increased investment and attention. Perhaps the greatest challenge faced by organisations is understanding the risk, and understanding the controls necessary to appease regulators, and deliver the real cyber resilience organisations need to thrive in uncertain times.
The increased use of cloud-based collaboration tools across many organisations brings new security challenges. Supporting the use of collaboration tools with the right design considerations early on so your company gets the right security controls in place before it is too late.
One of your major customers wants to know how you protect their information. This is a challenge may security and risk professionals face every day. Here are our Top 7 Tips to approaching this the right way, every time!
How you ensure that your suppliers have good information security governance? How do you ensure they are meeting the requirements you are obliged to meet for your industry regulators or for your customers?
Small business are increasingly being asked by customers to prove that they manage their Information security well and are compliant with all the relevant regulations.