You are here

Cybersecurity Activities Update

NAUDIT Cybersecurity Community of Practice

The second NAUDIT Cybersecurity CoP meeting was held at Western Sydney University on 9th November and a call for the NAUDIT Cybersecurity CoP Chair will be issued shortly, with several members already expressing an interest in this role.  The next meeting will be in February 2019 at the Sydney JCSC.  If you are in a security role in a NSW/ACT CAUDIT member organisation and would like more information on the group please feel free to contact CAUDIT Cybersecurity CoP Chair Tim Lane tim.lane@griffith.edu.au

WAUDIT Cybersecurity Community of Practice

As part of the plan to establish a federated model of Cybersecurity Communitues of Practice based on a national and state structure, the next CoP will be established in Western Australia, aiming for Q1 2019.

CAUDIT Cybersecurity Benchmarking Initiative

The CAUDIT Cybersecurity Benchmarking initiative is in its final stages, with a recommended set of benchmarking questions being consolidated ready to provide to CAUDIT by the end of 2018for review.  Acknowledgement and thanks goes to the CAUDIT CoP working party lead by Marc Blum from the University of Queensland for persevering with this initiative which has been both valuable and challenging.

AARNet Security Operations Centre (SOC) Workshops

As part of AARNet’s national roadshow of engagement with its shareholders (Australian university members plus CSIRO) regarding potential for a SOC offering, the CAUDIT Cybersecurity CoP Chair has coordinated with AARNet to facilitate a QUDIT CoP based requirements workshop as well as encouraging NAUDIT CoP members to be involved in contributing towards the November AARNet SOC requirements workshop.

CAUDIT Cybersecurity Initiative – Cybersecurity as a Service (CaaS) Working Party

The CAUDIT Cybersecurity CoP Chair as well as another CoP volunteer will be participating in a small working group to further identify requirements and deliverables as part of a proposed CaaS offering from CAUDIT which would collectively benefit all members.  Further information on this Initiative can be directed to CAUDIT CEO Anne Kealley on anne.keally@caudit.edu.au .  Anne is engaging with AusCERT, AARNet and the AAF to ensure a cohesive proposal is developed.

CAUDIT Cybersecurity Awareness and Training Initiative

The CAUDIT Cybersecurity Awareness and Training initiative has now been completed with CAUDIT providing an innovative solution to attract vendor offerings via an ‘Open and Ongoing Tender’ offer.  This is open for vendors who specialise in CBT based Awareness and Training, Phishing and other professional services related to cyber security awareness and training. So far in the first week we have already had six vendors who have submitted an offering for review and these will be evaluated by the end of November and published on the CAUDIT website following the evaluation.

The benefit of this approach for members is that vendor offerings that specialise in cyber security awareness and training will be received, evaluated and listed on the CAUDIT web site, with discounted pricing for members in one or more of the three identified areas (CBT, Phishing Simulation and Professional Services).  This will save a significant amount of ground work for members who will be able to directly contact the shortlisted vendors for these specific services.

Acknowledgement and thanks goes to the CAUDIT CoP working party led by Stephanie James from the Australian Catholic University who have worked for several months to go through a rigorous process of evaluation of options and identification of this solution as being highly beneficial to members.

Details of new procurement offerings can be accessed on the CAUDIT website under https://www.caudit.edu.au/new-procurement-deals

New CAUDIT Cybersecurity Procurement Deals

With a continued focus on improving Cybersecurity related Procurement offerings for members, the A/CAUDIT Procurement Manager and the Cybersecurity CoP Chair have been working with a number of vendors on securing additional price effective and quality offerings.

Recently, in addition to Cofense Phishing and Tenable.IO vulnerability management (both extremely good deals), CAUDIT has added YellIT and Alcorn Group for penetration testing (both groups also provide a wide range of other cyber security consultancy services).

YellIT and Alcorn Group have very competitive pricing for pen testing and also will add in one free day of consultancy on any topic you like with every 10 days of service ordered (in addition YellIT includes a post remediation re-test as part of any pen test).

Details of procurement offerings can be accessed on the CAUDIT website under Procurement.  These services can be provided to all CAUDIT members regardless of location.

ASIO Cyber Security Briefing

The Cybersecurity CoP Chair Tim Lane recently attended an ASIO briefing in Canberra headquarters on cybersecurity specific to the Australian High Education and Research sector.  It was noted that the Australian Higher Education and Research sector is increasingly being targeted by both traditional and non-traditional actors.  The activities and impacts associated with cyber espionage and foreign interference, as well as the various roles that the Department of Defence agencies such as ACSC, ASD, ASIO etc. undertook in cybersecurity was discussed.  It is more essential than ever that all CAUDIT members actively and ongoingly focus on their institution’s cyber security resiliency capability and strategic framework for managing cybersecurity.  This also strengthens the case for the CAUDIT Cybersecurity Initiative.