Women In Security Magazine Issue 3

Page 99

F E AT U R E

BACK TO BASICS by Stuart Corner

Why can’t we get this stuff right?

A LITANY OF CYBERSECURITY FAILURES The title of Jess Dodson’s presentation at AusCERT2021, held in the Star Hotel on Queensland’s Gold Coast and online, was framed as a question: “Back to Basics - why can’t we get this stuff right?” She didn’t answer it. What she did was deliver an impassioned speech detailing the multiple failures in basic security practice and policy — yes even keeping

Dodson then presented a comprehensive list of failures in security practice and policy, broken down according to the categories in the NIST Cybersecurity Framework: identify, protect, detect, respond, recover. A summary of the basic security measures she described can be found on her blog. Here’s some of what she had to say.

username and password as ‘admin’ and ‘admin’ (more

IDENTIFY

of that later) — she has seen time and time again in

You can’t protect what you don’t know you have. “I

her 15 years as a Windows system administrator.

am yet to go into an organisation that has an asset

“I’m pretty miffed about some of the stuff I keep seeing when I’m going into organisations and businesses and companies,” Dodson said. “I feel like a lot of this is very much common sense. But if it is

system and an audit system that is up to date, and they know all of their inventory. Without having that inventory, without knowing what you’ve got, it’s incredibly difficult for you to protect your systems.”

common sense, and why isn’t it being done.” Good

Beware the single source of truth. “One person who

question.

knows everything and is the single point and source

Suspecting that many in her audience were likely guilty of the sins she was about to reveal, she warned them: “There are going to be things in here that will make you squirm. And I’m very sorry about that. But that is my intention. Think of this more as teaching you to reaffirm those beliefs that you have about

of truth for everything is not a good place to be. … But on the flip side, if everyone is responsible, then no one is responsible. So you need to make sure that your business owners and your system owners are actually owning their own risk and owning the risk of their systems.”

the things that you should be doing properly in your

Have a risk register. “Business owners will take risks

organisation.”

and they will accept those risks until things go wrong.

WOMEN IN SECURITY MAGAZINE

99

Turn static files into dynamic content formats.

Create a flipbook

Articles inside

Surviving a crisis - a view from the trenches

6min
pages 120-123

Are you doing enough to protect your organisation’s IT security?

2min
pages 118-119

Take me to cuba

6min
pages 111-113

Whose afraid of Zero Day

6min
pages 114-117

How to embrace the coming technology revolution

4min
pages 108-110

Linking data privacy to security

3min
pages 106-107

transforms cybersecurity

8min
pages 102-105

Back to basics

6min
pages 99-101

AusCERT plenary panel

6min
pages 96-98

Hackers are not who you think they are

2min
pages 91-95

Celebrating information security excellence in 2021

9min
pages 86-89

Factors threatening effective partnerships in crisis situations

2min
page 90

AWSN returning to in-person events around Australia

3min
pages 84-85

Building relationships in the security and risk suite and why it matters

4min
pages 80-81

fighting for women in STEM

8min
pages 76-79

Ten top tips to secure your website

3min
pages 74-75

How SiteMinder’s product and technology teams stayed motivated and innovative during the pandemic, while servicing the traditional hotel industry

5min
pages 72-73

Top 5 digital parenting tips for parents with teens

2min
pages 64-65

Lisa Jiggetts

5min
pages 54-57

Could inclusivity expand the cybersecurity talent pool in australia?

3min
pages 60-61

A Tuesday in the life of a Regional Technical Support Manager

5min
pages 62-63

How to make a midcareer move into cybersecurity

3min
pages 58-59

Gergana Winzer

7min
pages 46-49

Noushin Shabab

4min
pages 52-53

Christina Keing

4min
pages 50-51

Dr Lesley Seebeck

6min
pages 40-41

Anna Liebel

4min
pages 32-33

Jo Stewart-Rattray

5min
pages 34-36

Daniella Traino

6min
pages 30-31

Giulia Traverso

3min
page 37

Shelly Mills

5min
pages 38-39

How to create a culture of belonging and why it matters

8min
pages 18-21

Beware of ransomware

2min
pages 16-17

more diverse workforces

4min
pages 12-15
Issuu converts static files into: digital portfolios, online yearbooks, online catalogs, digital photo albums and more. Sign up and create your flipbook.