Latest News

Our APAC Cyber Security Advisor, Shamane Tan, was on the panel for the ISACA Summit in Sydney this week. Shamane shared her views on skill shortage in the industry and good hiring practices. Here are a few tips from Shamane:

  • Look beyond the obvious.
  • Look for transferable skills, potential, passion, curiosity, resilience, integrity in the individual candidate. 
  • Look for candidates with the ability to pick up new skills on the job.

Other panellists provided their take on the topic, notable mentions include:

  • Create diverse teams, consider beyond ethnicity, gender, colour etc.
  • Mentoring programs for those with potential to learn and grow into the role. 
  • Every individual brings something different to the role so keep an open mind when hiring.

A special thanks to the ISACA team for arranging another fantastic event.

Shamane ISACA

The Payment Card Industry Data Security Standard (PCI DSS) is mandated by the major payment brands (MasterCard, Visa, Amex, JCB and Discover) for organisations that handle payment card data. The PCI DSS defines the minimum security controls needed to protect cardholder data. If you process, store, or transmit payment card data, you are required to comply with PCI DSS. Merchants that accept payment via debit or credit cards and service providers that process payment card data are required to comply with the standard.

Compliance with PCI DSS enables your organisation to meet its contractual obligations whilst protecting payment card data and reducing risks relating to fines and reputational damage.

Achieving PCI DSS compliance can be a challenging, confusing, and for some, expensive experience. Privasec can guide you through the process of understanding what to do and give you pragmatic choices about how to minimise compliance costs. Our PCI DSS Health Check is a high level assessment, led by a registered PCI Qualified Security Assessor (QSA).

Call us now to learn how we can help

AU: 1800 996 001, NZ: +64 9 222 4725, SG: +65 6631 8375.

payment post

Even some of the most accomplished IT professionals are not sure about the difference between a vulnerability scan and a penetration test. Here are three basic differences between the two terms:

1. A vulnerability scan detects and classifies system weaknesses in computers, networks and communications equipment. A penetration test on the other hand is the practice of testing a computer system, network or web application to identify insecure business processes, poor security settings, or other weaknesses that a hacker could exploit.

2. While a vulnerability scan informs the stakeholders about the system vulnerabilities, a penetration test shows how these vulnerabilities could be exploited to cause harm to the organisation.

3. A vulnerability scan could be performed by an organisation's IT department using tools such as OpenVas and Nessus. A wide range of tools are available for use during a penetration testing but it’s the skill of an experienced pen-tester that is needed to identify ways in which vulnerabilities can be exploited.

#penetrationtesting #vulnerabilityscanning #privasec

Privasec’s COO, Karan Khosla has been invited to participate in the panel discussion at the Australian Utility Week, the leading digital utility expo in the Australasia region. The discussion will address emerging cloud business models for the utility sector and issues related to ensuring tactical agility for cybersecurity, product evolution and effective partner integration. Privasec’s Senior Security Consultant James Cristofaro will cover security implications of managing “Behind the Meter” devices in a hostile operating environment.

Come and say hello if you are attending the conference. Check out the event details here:

utility week

According to the OAIC (Office of the Australian Information Commissioner) report, 36% of all cyber-attacks in Australia are caused by human error, this is the phenomenon known as PEBKAC (Problem Exists Between Keyboard And Chair). Thus, employees are our greatest assets, and our weakest link by potentially falling victim cyber-attacks in various forms. They are also our first line of defence, hence continuous education, training and awareness are needed to remain vigilant against cyber-attacks.

Give us a call at 1800 996 001 and talk to our highly experienced security consultants to discuss your company’s cybersecurity priorities and discover how we can help.