Data Breach Notification

The 5 things you need to know about the Notifiable Data Breach scheme

Mandatory Data Breach Disclosure and the Notifiable Data Breach (NDB) scheme are both really hot topics at the moment. There is a number of experts from the legal, cyber security and business community all providing their advice, many providing guidance in forensic detail on what should be done to prepare an organisation for this change. […]

Information Security Report – February 2018

Over the past month, we have seen a number of threats, vulnerabilities, and spear phishing attacks affecting organisations worldwide. Read on for a summary of these events to help you assess their implication on your environment. Current Threats and Exploits Refined Exploits Targeting Legacy Windows Servers and PCs: – The vulnerabilities discovered in SMBv1 servers […]

Information Security Report – January 2018

Current Threats and Exploits Meltdown? Spectre? Where Can We Find Out More? – Early January saw the industry start the year with a bang as rumors of an Intel bug being released online. Google’s Project Zero quickly announced on the 3rd of January that nearly all modern processors are affected by a vulnerability that when […]

December Security Report

Information Security Report – December 2017

Over the past month, we have seen a number of threats, vulnerabilities, and spear phishing attacks affecting organisations worldwide. Read on for a summary of these events to help you assess their implication on your environment. Threats and Exploits Mailsploit Mailsploit Allows Spoofed Mails to Fool DMARC. Mailsploit is a collection of vulnerabilities in various […]

Vulnerability Management

How to set up the right Vulnerability Management processes

Managing your network vulnerabilities and identifying the right vulnerability management processes can be complex. Whilst finding and prioritising vulnerabilities are the responsibility of the security leader, the speed at which these vulnerabilities are remediated is dependent on other people in your organisation. System architects and administrators, IT managers and system owners all play a part […]

Phriendly Phishing Review in ITWire

No matter the protections you have in place, the last defence for cyber security rests with the end user. But how do you educate in a respectful, engaging way? David M Williams, CIO, tried out Shearwater’s Phishing Awareness Training & Simulation Solution, Phriendly Phishing, built on this very premise, finding it reduced risk and exposure to phishing […]

IRAP Assessment Microsoft

A Milestone for Microsoft Australia and Shearwater

We are very excited about Microsoft’s announcement that the Australian Signals Directorate (ASD) has certified a number of Microsoft’s Australian based online services offerings. The majority of these newly certified services are simply not available from any other cloud service. With these certifications, Australian hospitals, educators and government agencies at federal, state and local level […]

Ten things you should know about ISO/IEC 27001

By Shannon Lane 1.    What it ISO 27001 ISO 27001 is an international standard for information security management. 2.    Why is ISO 27001 important to me? Information is the lifeblood of most contemporary organisations’. It provides intelligence, commercial advantage and future plans that drive success. Most Organisation store these highly prized information assets  electronically. Therefore, […]

What should I look for in a Threat Intelligence Solution?

This blog article is part of a series: Part 1 | Part 2 | Part 3 In this final article in this series, I provide some guidance on what to look for in a CTI solution. The four important questions when assessing CTI should be: How current is the Threat Intelligence Provided? How broad is […]

ASD Essential 8 Summary

ASD Essential 8 Summary

So you have mastered the ASD Top 4? What do you need to tame the Essential 8?  In this ASD Essential 8 Summary, we will answer: What has stayed the same? What has changed? What that means? What do I need to do to achieve this baseline standard? When do I need to complete it […]