Security Frameworks

On 27/10/2020

The following is a reasonably comprehensive list of each major global security framework. Their presence here is not an endorsement, just a resource if you are looking for references. Links are provided but may become broken over time if source sites modify page addresses. Where this is the case the frameworks may be easily found […]

Credit Card Fraud

On 14/10/2020

Opportunity Costs of Card Fraud and Corruption While credit card fraud rates have recently trended down, the issue continues to be a threat to businesses and the economy, and it is crucial that merchants continue to implement effective fraud controls. A recent report by AusPayNet highlighted that, in 2019, over $819b dollars was transacted via […]

Industry Risk welcomes security veteran Mark Jarratt, CPP

On 10/06/2020

Industry Risk is pleased to welcome to the fold security industry veteran, SCEC Security Zone Consultant and long-time ASIS International Australia Region volunteer security leader Mark Jarratt CPP. Mark is the only SCEC Zone Consultant in Australia with a direct background in leading security for a Government Agency. NORTH SYDNEY, 10th June 2020 Industry […]

Security Clearances

On 06/07/2019

What Is Security Clearance & Vetting? With some exceptions, security clearances are issued by the Australian Security Government Vetting Agency (AGSVA), representing the Australian Government, to personnel whose duty involves accessing sensitive official information and documents. Personnel working within, or for a Government agency that receives, processes, and sends such information, requires a security clearance […]

What’s in a Good Security Risk Assessment?

On 04/07/2019

If you’ve ever undertaken a security risk assessment (SRA) yourself, you may have wondered whether it was as comprehensive as it could be and if could it withstand serious scrutiny. Part of the notion of completing a diligent risk assessment is to first understand where the rest of the industry is at, so that we […]

Risk Assessment Matrix

On 01/07/2019

What Is a Risk Assessment Matrix? A risk assessment matrix is the basis for measuring potential risks based on two intersecting factors: the likelihood (or probability) of a security risk-based event occurring, and the consequence (or impact) of its impact to an entity if it did. A risk assessment matrix completes the risk assessment template […]

Risk Management Frameworks

On 27/06/2019

This is a generic (i.e. not security risk-specific) article and is included for its close links to security risk governance. Section 4 of ISO31000 opens with the simple statement that “The success of risk management will depend on the effectiveness of the management framework providing the foundations and arrangements that will embed it throughout the organization […]

Risk Assessment Templates

On 27/06/2019

What is a Risk Assessment Template? A risk assessment template is a tool that is used to document the systematic analysis of types of security risks that exist within the scope/area of an assessment, the likelihood and consequence of those risks being realised, and the recommended control measures to reduce risk to acceptable levels. A […]

The Health of NSW Hospital Security

On 20/03/2019

Commenced in mid-November 2018, NSW Health recently released an interim report prepared by ex-NSW Police Officer and Minister, Peter Anderson, titled “Improvements to security in hospitals”. Containing 48 recommendations, this report follows several major security initiatives within the sector in recent years, many of which were triggered by the 2016 shooting of a police officer […]

Commonsense Prevails in Relation to Huawei and ZTE

On 23/08/2018

The sigh of relief from those who hold an interest in Australia’s security was almost audible as news hit the press this morning that Huawei and ZTE would be blocked from rolling out the national 5G network [1]. Both entities have been in the media extensively over reported links back to, and control exercised by, […]

Top 10 Security Risk and Governance Recommendations

On 15/08/2018

Top 10 Security Risk Recommendations for Enterprise and Government Entities We’ve consulted with innumerable enterprises and Government entities over the years, and several common themes continue to arise in relation to both cybersecurity and protective security risk assessments (SRAs). Straight to it…here are the top 10 security risk and governance-related issues that we have found, […]

10 things to like about the “Universal Security Management System Standard” out of the Netherlands

On 11/07/2018

We love security standards – they give us a baseline and enable us to consciously diverge from defined industry practice where it suits us. This morning we became aware of a security standard that looks like it will make for very interesting reading. It seems that the Netherlands are leading the way in enterprise security […]

ANAO Protective Security Audits

On 27/05/2018

We recently noted what we thought to be a slight uptick in risk compliance activity by the Australian National Audit Office (ANAO), relating to security within Government entities. While on review this turned out to be minor, the content of ANAO’s website held our attention, especially in relation to protective security-related audits. So much so […]

Industry Risk media launch

On 24/05/2018

We are very pleased with the recent public launch of our security risk and business resilience consulting and software services to the market via the region’s premier security media channels. As part of our continuing efforts to assist in increasing security risk and resilience capability and competencies across industries, this initiative will go a long […]

Risk Management and the 2018 PSPF

On 08/05/2018

When the PSPF was launched in 2010, it was a significant reform that sought to adopt a more risk-based approach to protective security than did its predecessor (the Protective Security Manual). It achieved its immediate aims and Government practitioners, and those who supported them, started talking (and doing) more about security risk management. Notwithstanding this, […]

Musings on security risk assessments

On 06/05/2018

Taking into consideration 400-odd Government Departments, Agencies and Commissions, and that there were (conservatively) upwards of 4,000 companies employing more than 200 people in early 2017 [1], plus security consultants, then there is a fair base of security risk practitioners across Australian sectors. It is admittedly a conservatively educated guess, but let’s suggest that each […]

Corporate Security Governance

On 05/05/2018

If you’re an Australian corporate security manager you would be amply aware of the absence of a recommended corporate security framework in the standards sense. There are a few helpful management or governance systems that can be adopted, and indeed the Commonwealth Government has long led the charge in the form of the Protective Security […]

Toronto Van Attack

On 24/04/2018

For any one who's watched video of the confrontation stage of the very recent Toronto van attack, you might ask why the first Police Officer on-scene didn't discharge his weapon when confronted with the suspected driver? The person claimed that he had a gun in his pocket, repeatedly reached and quick-drew an object as if to shoot at the...

Much more to do in support of locking down

On 09/12/2014

Business contingency planning for a truly ‘effective’ lockdown security regime is a complex and challenging issue, especially within Australian workplaces, where building design has historically not been predicated upon security concerns. Perhaps because of this, and despite the heightened threat of terrorism within the community, many organisations have done little in preparation for a serious […]

Best practice security risk software

On 08/12/2014

Industry Risk recently launched its signature security risk management platform for live beta testing. A web-based/SaaS (software as a service) platform, SECTARA enables security managers and consultants to perform and then manage / export (to MS Word) advanced security risk assessments of any description. The security software system is hosted within an Australian Amazon Web Services […]