Versions Compared

Version Old Version 7 New Version Current
Changes made by

Jodie Miners

Jodie Miners

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

So here is some the FUD, so you can get it all in one place, and we don’t need to talk about it much again, except where it raises questions specifically related to your business. (NOTE: There is far too much FUD online to list it all here, so I’m sticking with government and industry resources).

I could go on and on and on with the contents on this page, but what I’ve listed is already too much. So just skim the words, or pick one or two articles to read.

Director and Boards

ASIC, AICD, and the Governance Institute, along with many others are really honing in on the director and board’s responsibilities for cybersecurity.

...

Now, most small business won’t need to know anything about it, but if you have a Web App of any kind, or even just a website where users log in, then this is when you need to start knowing about these risks. I’m including it here because you may have heard someone techy mentioning the name OWASP Top Ten or Cros Site Scripting (XSS) or Injection Attacks. But this is where you will need a Trusted Advisor to help you out with this level of detail.

War Words

As you start to read about cybersecurity, especially articles trying to raise feelings of FUD, you will come across many examples of “war words” being used. Yes, we sort of have to use the words cyber attack, and cyber crime, but we don’t need to get into the rhetoric that Australian businesses are targeted and under attack from nation state ATP adversaries (just to throw all the buzzwords in there). Yes, there is some fact in these stories, but you can get the facts from elsewhere without having to read words that are really not helpful. When you come across these articles, just move on, and get some information in a much more friendly way.

Hacker Focused Words

If you are seeing articles about Advance Persistent Threats, Remote Code Execution, Zero Day, Command and Control move on. Yes, you may need to know these things if you are a cybersecurity professional, but leave it up to us to explain it when and if you need to. You have enough to think about with just getting the basics right before you need to be worried about Nation State Actors (hopefully).

Here’s a glossary if you are really interested though.

Legislation and Regulation

...