Why you need to take a SABSA course

Of the numerous information security training frameworks available today, SABSA (Sherwood Applied Business Security Architecture) is one of the most beneficial.

As the world’s most sophisticated and widely implemented security architecture framework, developing a strong grasp of SABSA is a massive boost to any IT worker’s career – and not just for those in the security field. Gaining an accredited SABSA qualification can certainly boost your professional credentials and open up other career opportunities in future.

Within the top-to-bottom framework of SABSA, you’ll learn how to design, implement and manage security in a range of business models. People in a diverse range of IT roles can stand to benefit from a course – so what are some of the top learning outcomes on offer for specific individuals?

Security professionals
Obviously the main target audience for SABSA courses, this training will provide aspiring security experts with the fundamentals of the world’s leading open security architecture framework. It will equip these professionals with the skills they need to gain a greater understanding of the business and apply the most appropriate security measures.

Security professionals will learn how to collaborate with key business stakeholders, gain their support and really stamp their authority in determining the security needs of any business.

Enterprise architects

For more generalist enterprise architects, SABSA training allows them to explore a range of modelling techniques that can help them integrate security with any enterprise architecture.

Architects can obtain a greater understanding of the frameworks and standards involved in implementing security into their business’s system.

Compliance and governance professionals

In an era of increasingly tight and constantly shifting business regulations, the areas of audit and compliance are growing in focus.

Those in IT compliance and governance would do well to obtain a SABSA certification, which allow them to convey to stakeholders that IT, security and risk management are being taken care of in an appropriate manner.

International information security practices: How to ensure you stay up to date

Protecting your IT systems is no longer the sole responsibility of your company's CIO or similar C-level titled executives. In fact, many senior roles now stand to benefit from increased knowledge in this area.

The changes to ISO 27001 made in October 2013 replaced the pre-existing international standards in security – including the rules regarding online attacks, corporate governance and accident recovery. This framework is suitable for a wide variety of organisation types and sizes, from small startups to large multinationals, and covers businesses in both private and public sectors. 

After completing the Overview course, and learning about subjects such as differentiating between terms like 'information' and 'information assets', along with considerable help in changing from the 2005 to 2013 standards, you can progress to the next level of the course that is available. 

The Lead Implementer strand is an intensive five day practical course, ideal for those in an organisation who write security policies or who are responsible either wholly or in part for their everyday execution. The substantial topic area covered in this course would also be particularly relevant for those working in a project manager capacity alongside of an organisation, assisting in the implementation of IT security as part of a project.

Auditors could also stand to gain a significant amount from the implementer course, as it would allow for greater understanding of the processes involved when carrying out their own audits. As well as this, there is another specialist course of equal length, directed specifically at those on the auditing side. 

At the end of the scheduled days, participants will have learnt about performing internal audits in line with international practices, and will have received an audit kit created by experienced professionals in the industry. Background frameworks, risk factors, procedures and documenting the audit process are all course components that are analysed in detail. 

In summary, the ISO 27001 course is comprised of three elements of IT security training, that takes an individual to a general high-level knowledge base, allowing for branching out into specialisms to gain that extra expertise. 

Gartner identifies future information security technologies

Maintaining cyber security and protecting confidential data within your organisation requires a two-pronged strategy of both education and awareness. 

Not only do you need to ensure that the right people have undertaken comprehensive IT security training, but you also need to stay abreast of the latest technologies and developments that can assist in this area.

This month, research firm Gartner has released a new list of the 10 key technologies likely to drive improvements in information security over the remainder of 2014.

The list includes Cloud Access Security Brokers – specialised "enforcement points" based either on-premise or in the cloud, that serve to interject and enforce security policies before users are permitted to access cloud-based resources. 

Unsurprisingly, Big Data and the Internet of Things were both hot-button talking points on Gartner's list.

According to Gartner, businesses will continue to make greater use of the information resources available to them, investing in Big Data Security Analytics in order to determine patterns of activity and quickly detect when activity is outside the norm.

At the same time, with the Internet of Things growing in prominence, businesses are expected to invest in automating their enterprise assets using operational technology systems.

According to Gartner Fellow and Vice President Neil MacDonald, cyber security attacks continue to increase in both frequency and sophistication, despite significant investment in this area.  

"Advanced targeted attacks and security vulnerabilities in software only add to the headaches brought by the disruptiveness of the Nexus of Forces, which brings mobile, cloud, social and big data together to deliver new business opportunities," said Mr MacDonald. 

"With the opportunities of the Nexus come risks. Security and risk leaders need to fully engage with the latest technology trends if they are to define, achieve and maintain effective security and risk management programs that simultaneously enable business opportunities and manage risk."

New cyber security research centre established in Canberra

A new centre for cyber security research has opened in Australia’s capital city, and should raise awareness of the growing IT risks for Australian consumers and businesses alike.

Assistant Minister for Defence Stuart Robert announced on June 16 the launch of the Australian Centre for Cyber Security (ACCS), a new research arm of the University of New South Wales. Based at Canberra’s Australian Defence Force Academy (ADFA), the centre will bring together cyber security experts from government and some of the leading Australian researchers in the field.

Mr Robert explained that formal, academic research in the area was necessary given the increasing frequency and sophistication of cyber attacks.

“I am very encouraged to see academia engaging in research on cyber security issues and contributing to the wider efforts to protect Australia from cyber threats that pose a significant challenge to national security,” he stated.

“The centre’s research will cover issues such as cyber ethics, law and justice as well as those issues that affect the everyday lives of people and businesses, such as computer and network security.”

In total, the centre will focus on five broad areas of cyber security: computer and network security, risk management, international politics and ethics, law and big data analytics.

As business technologies become ever more sophisticated and complex, cyber criminals are upping their efforts to match. The foundation of the ACCS should shed more light on the prevalent risks and ultimately benefit industries across Australia.

As an extra measure, businesses can take advantage of information security training courses to ensure their IT team is equipped with the latest skills and knowledge to deflect such threats.

“The cyber threat facing our nation comes from a wide range of sources, including individuals, issue-motivated groups, criminal syndicates and state-based actors,” Mr Robert concluded.

“We are lucky to have this centre located at ADFA where our future leaders will have access to state-of-the-art research on this significant issue.”

New cyber security research centre established in Canberra

A new centre for cyber security research has opened in Australia's capital city, and should raise awareness of the growing IT risks for Australian consumers and businesses alike.

Assistant Minister for Defence Stuart Robert announced on June 16 the launch of the Australian Centre for Cyber Security (ACCS), a new research arm of the University of New South Wales. Based at Canberra's Australian Defence Force Academy (ADFA), the centre will bring together cyber security experts from government and some of the leading Australian researchers in the field.

Mr Robert explained that formal, academic research in the area was necessary given the increasing frequency and sophistication of cyber attacks.

"I am very encouraged to see academia engaging in research on cyber security issues and contributing to the wider efforts to protect Australia from cyber threats that pose a significant challenge to national security," he stated.

"The centre's research will cover issues such as cyber ethics, law and justice as well as those issues that affect the everyday lives of people and businesses, such as computer and network security."

In total, the centre will focus on five broad areas of cyber security: computer and network security, risk management, international politics and ethics, law and big data analytics. 

As business technologies become ever more sophisticated and complex, cyber criminals are upping their efforts to match. The foundation of the ACCS should shed more light on the prevalent risks and ultimately benefit industries across Australia.

As an extra measure, businesses can take advantage of information security training courses to ensure their IT team is equipped with the latest skills and knowledge to deflect such threats.

"The cyber threat facing our nation comes from a wide range of sources, including individuals, issue-motivated groups, criminal syndicates and state-based actors," Mr Robert concluded.

"We are lucky to have this centre located at ADFA where our future leaders will have access to state-of-the-art research on this significant issue."

Why you need to take a SABSA course

Of the numerous information security training frameworks available today, SABSA (Sherwood Applied Business Security Architecture) is one of the most beneficial.

As the world's most sophisticated and widely implemented security architecture framework, developing a strong grasp of SABSA is a massive boost to any IT worker's career – and not just for those in the security field. Gaining an accredited SABSA qualification can certainly boost your professional credentials and open up other career opportunities in future.

Within the top-to-bottom framework of SABSA, you'll learn how to design, implement and manage security in a range of business models. People in a diverse range of IT roles can stand to benefit from a course – so what are some of the top learning outcomes on offer for specific individuals?

Security professionals

Obviously the main target audience for SABSA courses, this training will provide aspiring security experts with the fundamentals of the world's leading open security architecture framework. It will equip these professionals with the skills they need to gain a greater understanding of the business and apply the most appropriate security measures.

Security professionals will learn how to collaborate with key business stakeholders, gain their support and really stamp their authority in determining the security needs of any business.

Enterprise architects

For more generalist enterprise architects, SABSA training allows them to explore a range of modelling techniques that can help them integrate security with any enterprise architecture.

Architects can obtain a greater understanding of the frameworks and standards involved in implementing security into their business's system.

Compliance and governance professionals

In an era of increasingly tight and constantly shifting business regulations, the areas of audit and compliance are growing in focus.

Those in IT compliance and governance would do well to obtain a SABSA certification, which allow them to convey to stakeholders that IT, security and risk management are being taken care of in an appropriate manner.

Executives have wrong perception of cyber threats, survey finds

As the business world shifts and evolves at breakneck pace, organisations are constantly facing new sources of risk. Whether it's corruption, fraud or other forms of corporate crime such as cyber attacks, the board in particular needs to develop strategies to combat these emerging threats.

Cybercrime is one of the fastest growing risks to businesses today – but are executives around the world suitably concerned by it? As a recent global survey from EY found, the answer may be no.

According to the consulting firm's 13th Global Fraud Survey, entitled 'Overcoming compliance fatigue: reinforcing the commitment to ethical growth', many executives around the world recognise that threats such as fraud, bribery and cybercrime are increasing around the world, but do not treat them as sources of concern. While the majority believed the emergence of cybercrime is on a "significant scale", barely half (48 per cent) said it represents "a very or fairly low risk to their business".

The survey involved in-depth interviews with almost 3,000 business leaders from 59 countries, around half (48 per cent) identified hackers as the biggest cybercrime concern. However, worryingly high proportions of executives do not appreciate the true extent of such threats and underestimate the risk presented.

Brian Loughman, EY Americas leader of fraud investigation and dispute services (FIDS), said that company boards simply need to assume a greater role in understanding the scale of these threats and suitably monitoring them.

"Cybercrime and other emerging threats are becoming more prevalent, and with the US Securities and Exchange Commission increasingly focusing on cyber risks as they relate to the integrity of financial statements, boards and audit committees need to be vigilant in monitoring these risks," he stated.

It is therefore essential that those at the head of an organisation appreciate that cybercrime is now a rampant business threat, and one that will only grow into the future. Taking steps such as offering information security training for staff is the best way to protect your business from these risks, today and tomorrow.

Dell highlights the high costs of IT security breaches

A recent survey from computing giant Dell has demonstrated the skyrocketing financial costs of IT security breaches – and pointed out that many organisations still aren't doing enough to protect themselves from this threat.

Earlier this year, Dell surveyed more than 1,400 IT decision makers around the world – including 60 in Australia – from organisations with at least 500 employees or end users. It revealed that although security breaches place a staggering cost burden of AUD$27.5 billion per year on US organisations alone, there is still a high proportion of firms around the world that aren't factoring in the IT security risks from "unknown threats".

This new wave of threats stems from the rapid rise of new business technologies, including mobility, bring your own device (BYOD) policies, cloud computing and increasingly prevalent internet usage. Threats are also coming from internal sources, both accidental and malicious.

While Dell found that almost three-quarters of global organisations said they suffered from a security breach within the last year, fewer than one in five said they consider predicting and detecting these risks a top priority for security. Of particular worry is the finding that only around a third (37 per cent) of respondents felt these unknown threats would be a major security concern over the next five years.

Despite this apparent apathy towards one of the biggest risks to business, it appears that organisations are at least recognising the importance of appropriately training staff to meet these challenges. In fact, the survey revealed that two-thirds (67 per cent) of respondents said they increased funds for information security training and education over the last 12 months, while half stated that "security training for both new and current employees is a priority".

As the risks and consequences of IT security breaches becomes more advertised through such studies, it is likely that companies will up their security investment – with accredited staff training likely to be one of the wisest steps to implement.

The growing threat of cybercrime in Australia

New research suggests that incidents of economic crime – including cybercrime – are on the rise in Australia, highlighting the need to invest in information security training for your IT team.

Consulting group PwC recently released the Australian edition of its '2014 Global Economic Crime Survey', which drew attention to the rising number of professional misdemeanours such as procurement fraud and cybercrime. Of particular concern was that criminals are increasingly using IT as an avenue through which to attack businesses.

And if figures published by PwC are to believed, being the victim of a corporate cyber attack can be costly indeed.

In the 2014 edition of the survey, cybercrime was identified as the second biggest economic crime threat around the world, behind asset misappropriation in first place and ahead of procurement fraud. According to PwC, one in 10 organisations in Australia suffered losses of more than AUD$1 million from cybercrime within the last two years.

Almost half (43 per cent) of respondents said that if they were the victim of a cyber attack, the theft or loss of personal identifiable information would be their main concern.

The rise of economic crime, whether of a cyber nature or otherwise, does not appear to be abating any time soon. PwC revealed that well over half (57 per cent) of Australian businesses experienced economic crime at some point in the last 24 months – an increase from the 45 per cent recorded in the 2012 survey.

Richard Bergman, a partner at PwC, said it was encouraging to see the entire organisation – not just the IT department – taking cybercrime seriously.

"Cybercrime is not just an IT issue. Recent high profile data breaches such as the US Target breach have increased the level of awareness and concern among senior management and the board," he said.

"Information is valuable and attackers are determined to get it. Many of the attacks we've recently investigated have targeted merger and acquisition information, and what surprises many organisations is how long attackers are inside their networks before the attack occurs."

Big data driving a big push towards security

One of the most revolutionary trends to hit the IT sphere in recent times, big data is radically transforming the way organisations are handling their information. The use of powerful analytics tools simply means that no data set is too large, and the ability to quickly and accurately extract meaningful insights from large reams of data is no longer a pipe dream.

However, Gartner warns the explosion in big data analytics does raise a very important issue – namely, the importance of maintaining IT security in this large-scale data framework.

In anticipation of its Security & Risk Management Summit, the technology research firm warned that chief information security officers (CISOs) around the world need to ensure they have measures in place to protect data that is constantly "expanding in volume, variety and velocity". This is important to keep in mind because, according to Gartner, more than 80 per cent of organisations in 2016 are not expected to have consolidated data security policies in place.

Brian Lowans, principal research analyst at Gartner, said that the nature of big data sets – which are often broken up and dispersed across silos – is a major worry.

"The advent of big data and cloud storage environments is transforming the way in which data is stored, accessed and processed, and CISOs need to develop a data-centric security approach," he asserted.

"Unfortunately this is not common practice today, and its planning is critical to avoid uncoordinated data security policies and management."

Some of the potential consequences of failing to have stringent data security policies include noncompliance, security breaches and financial liabilities, Gartner stressed.

As a result, Mr Lowans said that collaboration across the organisation is going to be key, in addition to ensuring security staff take advantage of appropriate IT security training.

"Business stakeholders may not be accustomed to having strong relations with security teams, and CISOs will need to build partnerships with them to develop new management structures for data security accountability and to identify cross-functional training needs," he concluded.

Gartner: Digital workplace will bring new security implications

The modern workplace is evolving rapidly, with more businesses moving towards a 'consumersation' of internal IT in order to cater to an increasingly tech-savvy workforce. 

In fact, a new report from Gartner – entitled Prepare for the Security Implications of the Digital Workplace – predicts that 25 per cent of large businesses will have implemented a strategy specifically designed to 'consumerise' their corporate computing environments by the year 2018. 

While this shift is bringing a number of significant collaboration and productivity benefits, it is also leading to security implications that today's organisations and IT professionals need to be aware of.

"Employee digital literacy has led to a growing consumerisation movement within most enterprises, with employees using a wide variety of consumer-oriented apps for business purposes," explained Gartner vice president Tom Scholtz.

According to Mr Scholtz, this movement towards an increasingly digital workplace is seeing IT departments lose control over servers and business networks, as well as devices and applications that employees use day-to-day. 

"In a fully consumerised workplace, the information layer becomes the primary infrastructure focal point for security control. This reality necessitates a shift toward a more information-focused security strategy," he said.

Gartner has suggested that the best way for businesses to adapt their IT security policies in light of this change is to start showing greater trust in employees, casting out restrictive security controls in the process.

By taking a "people-centric approach" to IT security, organisations can encourage employees to take on individual accountability. 

Mr Scholtz has suggested that organisations look to combine comprehensive information security education programs with greater collaboration between employees and managers in order to maximise security performance. 

This suggestion is further evidence of the ever-changing nature of cybersecurity and the modern digital environment, and highlights the importance of continued training and education in this field.

Understanding evolving cybersecurity threats

Organisations need to take the initiative and defend themselves against the full scope of modern cybersecurity threats, or risk malicious parties having a direct impact on their business and reputation. 

That's the message of high-ranking US cybersecurity expert Michael S. Rogers, who recently sat down with Trish Regan of Bloomberg Television to address the evolving nature of cybercrime and IT governance

According to Mr Rogers, the first step towards achieving greater cybersecurity is acknowledging that these threats exist. 

"When I look at the problem set, I'm struck by a couple things that I highlight with my business counterparts," said Mr Rogers, who serves as director of the National Security Agency and chief of the Central Security Service.

"Traditionally, we've largely been focused on attempts to prevent intrusions. I've increasingly come to the opinion that we must spend more time focused on detection."

Mr Rogers has emphasised that businesses and government agencies need to come together in order to combat modern cybersecurity threats, noting that this strategic partnership "is where we will become very powerful".

Although he was addressing a US-based audience, Mr Roger's words have implications for Australian organisations and IT professionals as well.

The 2013 CERT Australia Cyber Crime and Security Survey has revealed that Australian organisations are seeing a significant increase in cyber security incidents per annum. As a result, they are showing a growing awareness regarding the dangers that modern cybersecurity threats can pose.

With cybercriminals and cybercrime rings becoming increasingly sophisticated and organised, we can expect this trend to continue in the near future. IT professionals should take note of this fact, and think about how qualifications in this critical area will benefit them moving forward. 

Expanding your skillset by undertaking further training in evolving fields such as IT governance and information security is a great way to improve your value to your organisation while also improving your ongoing employability.