All posts by: Mike Thompson

Why you should be concerned about the Australian Cyber Security Strategy

Australia’s Cyber Security Strategy has just been released and promises a significant funding boost and new initiatives to improve Australia’s Information Security, which is great news. While the increased funding...
Continue Reading →

Where do I start?

Last year I stumbled upon a concerning reality for many IS professionals. For many of the people I spoke to, the responsibility for Information Security had been unceremoniously dumped on...
Continue Reading →

How much should you spend on Information Security?

I was recently part of an AISA Discussion Panel on investing in Information Security. It was an interesting session, bringing together a range of perspectives on how to answer a...
Continue Reading →

It’s NOT about the Threats

As always, last week’s AISA Conference was a unique opportunity to liaise with some of the great minds of Information Security, identify innovations in the field, and gauge how the...
Continue Reading →

Information security policy – the top three mistakes to avoid

One of the most common recommendations I hear in the Information Security industry is ‘the first thing you need to do is create an Information Security policy,’ a set of...
Continue Reading →

Fighting the wrong Information Security fire

One of the key reasons why Information Security is often poorly aligned with the business is the ‘siege’ mentality trap that Information Security practitioners have a propensity to fall into....
Continue Reading →

Defusing the Security Bomb – Part 2

In Part 1, I took a business perspective on the challenges involved in trying to achieve a balanced security approach and the pitfalls of poor alignment between IT and the...
Continue Reading →

Defusing the Security Bomb – Part 1

I often come across Business Managers who are nervous about their Information Security exposures, yet completely reliant on their IT or Security departments to ‘fix the problem’. With any IT...
Continue Reading →

Are standards worth the paper they are printed on? – Part 2

In Part 1 of this blog, I argued that relying solely on Standards as your blue-print for information security will leave you exposed, as they only offer generalised considerations, are...
Continue Reading →

Are Standards worth the paper they are printed on – Part 1

There are several Information Security Standards in the marketplace that are designed to assist information technology security (ITS) practitioners in protecting their organisation’s information and systems. I argue, and have...
Continue Reading →