Articles
Field notes from the audit room.
Practical writing on information security, GRC and digital transformation — imported from Medium and republished here.
Read on MediumThe Essential Eight Is Getting a Reboot
Eight years is a long time in cybersecurity. ASD has confirmed the Essential Eight is being replaced — gradually — by a new principles-based Essentials series. Here's what's changing, what it means for IRAP and transformation roadmaps, and what to pre-empt now.
Read articleACSC ISM Roadmap (2025 → 2026)
High-level, minimal wording, easy to present March 2025 Focus: Restructure & Modernisation New ISM format released (section renumbering). Clean separation of principles, controls, guidance. Initial movement toward modern…
Read articleACSC ISM Roadmap & Alignment with NIST 800–53 Rev 2
In the ever-evolving landscape of cybersecurity, frameworks like the Australian Cyber Security Centre’s (ACSC) Information Security Manual (ISM) and the U.S. National Institute of Standards and Technology’s (NIST) Specia…
Read articleHOW ACSC ISM ROADMAP IS FOLLOWING NIST 800–52 REV 2
HOW ACSC ISM ROADMAP IS FOLLOWING NIST 800–52 REV 2 1. March 2025 ISM Update Key Changes (based on available context and trends): Strengthened Secure by Design principles, emphasizing secure software development and supp…
Read articleMeaningful and Cost-Effective — NOT FOR PROFIT WAY OF TECH & SECURITY
Meaningful and Cost-Effective — NOT FOR PROFIT WAY OF TECH & SECURITY Building a Secure and Scalable Software System for Not-for-Profits: A Structured Approach to ASD Essential 8, ISO 27001, and IRAP Compliance Introduct…
Read article