Artwork

المحتوى المقدم من Day One. يتم تحميل جميع محتويات البودكاست بما في ذلك الحلقات والرسومات وأوصاف البودكاست وتقديمها مباشرة بواسطة Day One أو شريك منصة البودكاست الخاص بهم. إذا كنت تعتقد أن شخصًا ما يستخدم عملك المحمي بحقوق الطبع والنشر دون إذنك، فيمكنك اتباع العملية الموضحة هنا https://ar.player.fm/legal.
Player FM - تطبيق بودكاست
انتقل إلى وضع عدم الاتصال باستخدام تطبيق Player FM !

BONUS: 2023 Review of the Cyber Bible - The Australian Cyber Security Centre's (ACSC) Information Security Manual (ISM)

41:57
 
مشاركة
 

Manage episode 367336293 series 3463790
المحتوى المقدم من Day One. يتم تحميل جميع محتويات البودكاست بما في ذلك الحلقات والرسومات وأوصاف البودكاست وتقديمها مباشرة بواسطة Day One أو شريك منصة البودكاست الخاص بهم. إذا كنت تعتقد أن شخصًا ما يستخدم عملك المحمي بحقوق الطبع والنشر دون إذنك، فيمكنك اتباع العملية الموضحة هنا https://ar.player.fm/legal.

In this bonus episode, Cole Cornford chats with Toby Amodio, Chief Information Security Officer at the Department of Parliamentary Services, about the latest update of the Information Security Manual, ahead of its release in early July. The Information Security Manual is a great reference for anyone looking to understand what threats the government is looking to address, and where the cybersecurity community needs to be more vigilant.

Secured by Galah Cyber website

00:00 - Toby Amodio and Cole Cornford start their discussion about the Australian Cyber Security Centre's (ACSC) Information Security Manual (ISM) Control 2023 Updates, focusing initially on the encryption and handling of passwords.

03:38 - Toby highlights a humorous typo on a 30-character limit for "break glass" accounts, which was later corrected by the ACSC.

06:04 - Cole discusses the ISM Control 1171 update which relates to password managers. They explore the pros and cons of using these tools.

09:00 - Toby introduces a change in ISM Control 1492, which now requires password changes only when there are indications of compromise, marking a shift from regular password changes.

11:08 - Cole discusses changes in ISM Control 1428, highlighting how security is shifting towards a more risk-based approach rather than blanket mandates.

14:15 - Toby talks about Control 1371, which emphasises procurement processes and "secure-by-design" practices. However, he also acknowledges the practical challenge of enforcing such a control.

18:43 - Cole and Toby discuss ISM Control 1431 which focuses on scalability in cloud environments. They delve into how most government systems might not be architected to handle dynamic scaling.

25:46 - Toby introduces the concept of continuous real-time monitoring. They debate the removal of Control 1518, which pertains to maintaining a low-bandwidth version of a website as a form of backup.

28:51 - Cole argues against maintaining a low-bandwidth website. He emphasises the need to build more resilient applications that can handle load effectively.

31:42 - Toby and Cole discuss the practical impact of the changes, noting how it creates a competitive vector for businesses and promotes better cultural change in the security space.

33:18 - Toby summarises the overall changes in the ISM guidelines, focusing on the blend of security by design and resilience of websites and external services.

34:51 - Cole shares his viewpoint on why it's better to focus on resilience rather than having a low bandwidth backup.

36:07 - They discuss the potential negative implications of switching to a low-bandwidth version during high load, such as causing alarm and potential reputational damage.

37:41 - Toby and Cole discuss their favourite parts of the updates, appreciating the indirect promotion of better cultural change in security through the ISM.

40:46 - They conclude their conversation, expressing their gratitude to the ACSC for the constant improvement of the ISM document and its value to the cybersecurity community.

Resources

https://www.cyber.gov.au/resources-business-and-government/essential-cyber-security/ism

Mentioned in this episode:

Call for Feedback


This podcast uses the following third-party services for analysis:
Spotify Ad Analytics - https://www.spotify.com/us/legal/ad-analytics-privacy-policy/
  continue reading

38 حلقات

Artwork
iconمشاركة
 
Manage episode 367336293 series 3463790
المحتوى المقدم من Day One. يتم تحميل جميع محتويات البودكاست بما في ذلك الحلقات والرسومات وأوصاف البودكاست وتقديمها مباشرة بواسطة Day One أو شريك منصة البودكاست الخاص بهم. إذا كنت تعتقد أن شخصًا ما يستخدم عملك المحمي بحقوق الطبع والنشر دون إذنك، فيمكنك اتباع العملية الموضحة هنا https://ar.player.fm/legal.

In this bonus episode, Cole Cornford chats with Toby Amodio, Chief Information Security Officer at the Department of Parliamentary Services, about the latest update of the Information Security Manual, ahead of its release in early July. The Information Security Manual is a great reference for anyone looking to understand what threats the government is looking to address, and where the cybersecurity community needs to be more vigilant.

Secured by Galah Cyber website

00:00 - Toby Amodio and Cole Cornford start their discussion about the Australian Cyber Security Centre's (ACSC) Information Security Manual (ISM) Control 2023 Updates, focusing initially on the encryption and handling of passwords.

03:38 - Toby highlights a humorous typo on a 30-character limit for "break glass" accounts, which was later corrected by the ACSC.

06:04 - Cole discusses the ISM Control 1171 update which relates to password managers. They explore the pros and cons of using these tools.

09:00 - Toby introduces a change in ISM Control 1492, which now requires password changes only when there are indications of compromise, marking a shift from regular password changes.

11:08 - Cole discusses changes in ISM Control 1428, highlighting how security is shifting towards a more risk-based approach rather than blanket mandates.

14:15 - Toby talks about Control 1371, which emphasises procurement processes and "secure-by-design" practices. However, he also acknowledges the practical challenge of enforcing such a control.

18:43 - Cole and Toby discuss ISM Control 1431 which focuses on scalability in cloud environments. They delve into how most government systems might not be architected to handle dynamic scaling.

25:46 - Toby introduces the concept of continuous real-time monitoring. They debate the removal of Control 1518, which pertains to maintaining a low-bandwidth version of a website as a form of backup.

28:51 - Cole argues against maintaining a low-bandwidth website. He emphasises the need to build more resilient applications that can handle load effectively.

31:42 - Toby and Cole discuss the practical impact of the changes, noting how it creates a competitive vector for businesses and promotes better cultural change in the security space.

33:18 - Toby summarises the overall changes in the ISM guidelines, focusing on the blend of security by design and resilience of websites and external services.

34:51 - Cole shares his viewpoint on why it's better to focus on resilience rather than having a low bandwidth backup.

36:07 - They discuss the potential negative implications of switching to a low-bandwidth version during high load, such as causing alarm and potential reputational damage.

37:41 - Toby and Cole discuss their favourite parts of the updates, appreciating the indirect promotion of better cultural change in security through the ISM.

40:46 - They conclude their conversation, expressing their gratitude to the ACSC for the constant improvement of the ISM document and its value to the cybersecurity community.

Resources

https://www.cyber.gov.au/resources-business-and-government/essential-cyber-security/ism

Mentioned in this episode:

Call for Feedback


This podcast uses the following third-party services for analysis:
Spotify Ad Analytics - https://www.spotify.com/us/legal/ad-analytics-privacy-policy/
  continue reading

38 حلقات

Semua episode

×
 
Loading …

مرحبًا بك في مشغل أف ام!

يقوم برنامج مشغل أف أم بمسح الويب للحصول على بودكاست عالية الجودة لتستمتع بها الآن. إنه أفضل تطبيق بودكاست ويعمل على أجهزة اندرويد والأيفون والويب. قم بالتسجيل لمزامنة الاشتراكات عبر الأجهزة.

 

دليل مرجعي سريع