A Guide to Information Security Standards  The Information Security industry has created a confusing and large variety of Information Security Standards (Cyber Security Standards), frameworks and maturity models. By the end of this blog you should understand each of the major standards cover, how it came into existence and if it is relevant to your business.  Satalyst’s experienced security team can help you on journey towards becoming certified and industry complaint. Australian Government Information Security Manual (ISM): Australian Signals Directorate produces the Australian Government Information Security Manual (ISM). This is a cyber security framework designed to comply with Australian legislation and was last updated in December 2019.  If you implement this framework in your organization, compliance certification can be done via the ASD Information Security Registered Assessors Program (IRAP). The full standard is available here: https://www.cyber.gov.au/ism If you work or want to work with Australian Government PROTECTED data, Implementing and certification to this standard is mandatory.  You are also required to comply with the Australian Attorney-Generals’ Protective Security Policy Framework (PSPF). Attorney-Generals’ Protective Security Policy Framework (PSPF) The Attorney-General’s Department maintains the PSPF and was last update in 2018 with the reissued Directive on the Security of Government Business. The...

Somewhere between updating your Disaster Recovery plan and setting up multi-factor authentication, you probably recall that it’s time you conducted a penetration test for your network. If you have the skills and the time internally to do this, I recommend that you make sure that your pen test covers the following 5 key steps. These steps work regardless of whether you are completing a small-scale web application pen test or a full network pen test for a global organisation. Footprinting / Reconnaissance Footprinting or Reconnaissance is the initial intelligence gathering performed on a target organisation. This involves identifying firewalls, routers and building a map of the network. During this step, the security tester gathers important company information. This could include org charts, company policies, physical addresses, current events and details of key personal such as email addresses, CVs and phone numbers. Once the security tester gathers this information, they can then identify key targets, potential vulnerabilities and attack vectors. Scanning Scanning adds a lot of information to your network map. It is about uncovering more detailed host information. It might consist of Operating System information and versions, hosted applications, open ports and network ranges. This information expands your network diagram...