Image: Getty Images
Telstra has warned organisations to not rely purely on technological capabilities when defending against cyber threats, pointing to a need for “the other parts of cybersecurity” such as cyber risk management programs also be prioritised.
“An information security management system that is driven by managing cyber risk provides the governance of cybersecurity that’s required to go along with all of the technology components that are regularly found to be in place,” said John Powell, Telstra Purple principal security consultant.
In terms of how organisations should undertake the development of cyber risk management programs, Powell said the approach for each organisation would need to be sector-specific rather than focusing on creating “bank-level security”.
“[There’s] this misconception that there is ‘bank-level security’. The key to cyber risk management and information security management is the understanding of your contextual risk,” Powell explained.
“So we look at the organisation’s threat landscape, we look at the organisation’s assets, and that helps us to determine what the organisation’s risks are. From that point, we then work with the organisation to understand what controls they need to put in to deal with their risks so understanding the risk of the organisation itself is what