- Australian Cyber Security Magazine
The ASX 100 Cyber health check report What’s next for your board?
T By Michael Trovato GAICD, CISM, CISA
24 | Australian Security Magazine
he Australian Stock Exchange (ASX) and Australian Securities and Investment Commission (ASIC) along with the “Big 4” accounting firms have released the ASX 100 Cyber Health Check Report ASX Report PDF to establish a baseline in cyber security via a high-level “health check”. I commend the ASX and ASIC and the other participating companies for the leadership they have shown. Efforts like these are real accomplishments of cooperation and collaboration towards a common goal of a resilient ecosystem. Although the arc of progress described in the ASX Report might be tilted towards goodness, it is also clear - much more needs to be done. After reviewing it and reflecting, I would recommend: 1. Make sure the board has sufficient cyber security expertise or advisors; 2. Encourage your Chief Information Security Officer to build governance skills in finance, risk, strategy, legal, and compliance; 3. Use the results of the ASX Report for discussion at your next board meeting; 4. Commence or update your organisation’s detailed cyber security strategy and report on the security
transformation program regularly; 5. Include cyber security as a quarterly agenda item, or more often as needed; 6. Measure your board’s performance in this critical area; and 7. Learn from peers on other boards. Today, I want to focus on the first item. Most importantly, expertise at a board level comes from knowing the that, how, and why of cyber security and having the right practical experience. This implies having an experienced cyber security person on the board, audit and risk committee, or, as an advisor. In the ASX Report, they made a clear effort to survey persons like this – but in some cases companies struggled to find a person to answer the questions, or they feared sharing details, since 24% of companies did not respond. The ASX 100 Cyber Health Check Report, as a baseline The ASX Report says that it “can act as a baseline where companies can see how they rate against their peers and can take practical steps to improve their cyber security.” I would
Published on Aug 15, 2017
The Australian Security Magazine is the country’s leading government and corporate security magazine. It is published bi-monthly and is dist...