Earlier this month, ZDNet Australia held a panel discussion in Sydney, bringing five high-ranking IT officers together to talk about the most pertinent security issues facing their organisations. The ability to trust people in the organisation was identified as a significant issue for all, but each security guru had their own idea of what measures help them sleep at night.
Whether it's taking a physical approach by using Australia's best Department of Defence hackers to show what could happen in an attack, or an analytical view by projecting the cost to business from previous outages, we sat down with each of them for a quick one-on-one discussion to find out what really makes them tick.
As the CIO behind the nation's Treasury Department, Alexander calls on the best minds of the information security industry. It's necessary, too, because Treasury is one of the strictest departments when it comes to security. It has implemented almost all of the Australian Signals Directorate's (ASD) security strategies, while other departments struggle to achieve the mandatory top four.
Alexander also shares with ZDNet how the ASD's security spooks walk into Treasury and, armed with nothing but a laptop, show how attackers would work at attacking infrastructure in a matter of minutes.
Deloitte Touche Tohmatsu's national lead partner for security, Tommy Viljoen, has consulted with businesses across multiple industries, and believes that there is a significant gap between what a business thinks its risk profile is and what IT is actually delivering. He talks to ZDNet about why this gap exists, who should be taking responsibility for it, and how it should be addressed.
Harbour City Ferries' Adam O'Halloran may have IT manager as his title, but he is also the top-tier security man in the organisation. He believes that people are the biggest problem in security, and he has the experience to back that up; with his organisation placing much of its IT out of house, he is constantly having to manage others and make sure they understand the business' appetite for risk.
Transport for NSW's general manager for security and risk Ajoy Ghosh is in the fortunate position of having a clean record when it comes to online attacks on infrastructure. So far, none have been successful, but with no events, how do you convince the board that you need to invest in security? Ghosh answers that question by saying he learns from outages that aren't related to an attack, building a case for what could happen, down to the economic impact if an attack were successful.