Blog
A Beginner’s Guide to CORIE
The CORIE Framework – is a new approach to assessing cyber maturity and resilience and you definitely need to be investigating it this year.
Cyber Resilience Summit NSW 2021
Privasec is a proud sponsor for the Cyber Resilience Summit NSW 2021 at Dockside Darling Harbour in June. It was an enjoyable event organised by Forefront Events, where the team from Privasec met and learned from senior security and cyber risk professionals in the industry. We heard perspectives from multiple sectors around the theme of improving cyber posture to manage threats. A strong lineup of CISOs and security speakers explored common cross-industry security challenges and potential solutions to safeguard organisations’ integrity, technology and assets. Speaker Jacqueline Jayne, who is the Security Awareness Advocate at KnowBe4, covered the 7 dimensions of security culture: Attitude, Behaviours, Understanding, Knowledge & Awareness, Communication, Policies, Unwritten Rules of Conduct. The question she left everyone with, was: “Do your people understand why cyber security is everyone’s responsibility ? Do they know that everyone has a critical role to play?”. Some of the other highlights from from the CISOs and industry leaders such as Bradley Busch, Mark Smink, Dave Cowan, Saleshni Saleshni, Wilson Chiu, Daminda Kumara, Ajay Dua, and Dali Kaafar include: The importance of simplifying staff and customer experience with security; How we can lean on our partners and suppliers for scale and availability if an organisation …
Red Team Incognito War Stories: Crashing down the castle wall through deception
The impact from a lack of security awareness training through the eyes of a recent red team engagement performed by the Privasec Red team.
A Dummy’s Guide to SOC 2
SOC 2® reporting solves the issue of how a business leader can trust that a service provider is taking its obligations seriously by conducting a SOC 2® Type 1 and Type 2 report to evaluate data protection systems and procedures.
ZenTao CMS – A Monkey’s journey to Priv Esc & Remote Code Execution
This article explores Zentao, understanding how its routing works, and identifying several vulnerabilities that lead to an attack chain that an attacker can execute in order to achieve remote code execution.
Managing Third-Party Risk in 2021
It is always in a company’s best interest to protect itself from vendor risks – before entering, during, and even after the vendor relationship has been established.
Former Service NSW Chief Security Tech Officer Speaks on Security Partners Engagement
Get to know the former Chief Security & Technology Officer at Service NSW as he shares in under 5 minutes his views on how companies can leverage their security partners and gain the most value in partner engagement.
APRA CPS 234 Compliance Assessment / Gap Assessment
At the conclusion of the assessment, Privasec will provide a set of recommendations on how to address any identified gaps against APRA CPS 234.
A look at the NSW Government 2021 Cyber Security Strategy
The NSW Government released an update of its Cyber Security Strategy in May 2021. This new strategy encompasses focus areas for both the public and private sector, continuing to strengthen and improve on the NSW Government’s previous strategic planning.
Red, Blue, Purple, White, Black & Gold Team
For everyone who’s asking, what are the differences with a Red team, Blue and Purple, Black, White and Gold? Find out more here!
Privasec and Shamane Tan Named Finalists for ARN Women In ICT Awards
“ARN congratulates Team Privasec on becoming a finalist in the Diversity& Inclusion Champion 2021 category,” said Cherry Yumul, vice president of Strategic Partnerships and Innovation at IDG. “We applaud your standout contribution in helping to set an industry benchmark for female achievement across Australia.
Network And Information Systems (NIS Directive) Impact On Australian Businesses
Adopting the NIS Directive formulated by the European Union appears to be an excellent decision by Australia to elevate the security level of critical infrastructure networks and information systems.