Technology for social justice
image description

News

Read the latest stories about how we’re using technology for good.

image description

This article originally appeared in Women in Security Magazine, March/April 2021. You can subscribe to the magazine for free at womeninsecuritymagazine.com.

 

The advice from local and international authorities for protecting ourselves and others from coronavirus (COVID-19) is all about washing or sanitising our hands, physical distancing, wearing masks, self isolation, quarantine, signing in at locations we visit, and cleaning our workplaces and other common areas.

The requirements to maintain security of data and IT systems in organisations are in some ways similar to these hygiene practices. The asset in each case: “data and human life”. We can draw parallels with how we have been guided to do our part to stop the spread of the coronavirus. Defence-in-depth equates to mask wearing, hand washing and the other practices listed above. Least privilege equates to leaving your home only for specific reasons when restrictions are in place, or isolating if you have symptoms. 

 

“It should come as no surprise that the hygiene practices we apply in the physical world have parallels in the digital world”

 

Security is not a state, but a process (Cyber Leadership, Mansur Hasib, p2) with risk management at its core. Organisations must assess their level of risk regularly in light of changes in internal and external factors that influence their security posture. Risk scenarios promote discussion around events that could compromise the security of an organisation. Standards and frameworks, such as ISO/IEC 27001 and NIST CSF, detail multiple security measures that can be applied to people, processes and technology.

Similarly, risk assessments have been performed in workplaces across Australia based on COVID-19 government advice, and COVID-Safe workplans have been developed and implemented to keep employees and customers safe.

For example, one measure to create a COVID-safe workplace is the requirement for visitors to a location to register their contact details so health authorities can conduct contact tracing, protect others and limit the spread of the virus. In the information security realm we maintain an inventory of our assets, in particular organisational data, to understand where it is and how it is protected, and create a baseline for security practices. 

A critical initial step to maintaining the confidentiality, integrity and availability of IT systems and information is to identify the key assets that require protection. To this end COBIT (Control Objectives for Information and Related Technologies), a framework for the governance and management of enterprise information and technology, may prove useful. COBIT is an IT management framework developed by ISACA to help businesses develop, organise and implement strategies around information management and governance.

COBIT references components of a governance system and can be used to understand how asset management, as a process, works in an organisation. Its application to specific practices within an organisation will, over time, increase the efficiency and effectiveness of those practices. 

An overview of the contribution of COBIT’s components to asset management is outlined here:

  • Principles, policies and procedures: documented information outlining practices and activities for managing technology assets and nformation.
  • Organisational structures: roles and responsibilities allocated to ownership and administration of assets.
  • Processes: business processes dependent upon and depended on by key assets.
  • Information: details recorded about assets that facilitate their lifecycle management.
  • Services, infrastructure and applications: asset management systems or repositories.
  • People, skills and competencies: staff awareness and training on asset management practices.
  • Culture, ethics and behaviour: information security is a part of the operational practices of the organisation.

By applying the COBIT framework an organisation should be able to: identify and understand the assets to which information security hygiene practices are applicable; perform risk assessments linked to those assets; apply protection measures using defence-indepth, least privilege and separation of duties.

As we move more of our lives and organisational activities into the digital world, the physical and virtual worlds begin to merge. So it should come as no surprise that the hygiene practices we apply in the physical world have parallels in the digital world.

In this guest post for International Women’s Day 2021, Infoxchange Group Director and award-winning social entrepreneur Amy Orange shines a light on the role of women’s leadership in the tech for good space.

A new Digital Transformation Hub will help Australian not-for-profits build digital capability and resilience for a post COVID-19 world. 

We're getting behind Safer Internet Day 2021 because we believe we all have a role to play in ending cybercrime, misinformation and hate speech.
 

In this post, we’re delighted to introduce you to PAG member and youth advocacy worker Tameika.

In our twelfth and final report in this series, we present the key emergent themes around how COVID-19 impacted the services searched for by vulnerable people in Australia on Ask Izzy.

We’ve broken down some of the latest data on how COVID-19 impacted searches for culturally and linguistically diverse, refugee and asylum seeker support services on Ask Izzy, in our eleventh of a series of 12 reports.

In the tenth of a series of 12 reports, we’ve broken down some of the latest data on how COVID-19 impacted the way people in Australia search for drug and alcohol support services on Ask Izzy.

How has COVID-19 affected searches for Aboriginal and Torres Strait Islander support services on Ask Izzy? Find out in our latest report.

In the eighth of a series of 12 reports, we’ve broken down some of the latest data on the way COVID-19 affected the way people in Australia searched for food assistance on Ask Izzy.

In the seventh of a series of 12 reports, we’ve broken down the latest data on how the COVID-19 lockdown impacted the way people in Australia searched for housing and homelessness support on Ask Izzy.

I’d like to know more