Articles

Field notes from the audit room.

Practical writing on information security, GRC and digital transformation — imported from Medium and republished here.

Read on Medium
Article14 July 2026

The Essential Eight Is Getting a Reboot

Eight years is a long time in cybersecurity. ASD has confirmed the Essential Eight is being replaced — gradually — by a new principles-based Essentials series. Here's what's changing, what it means for IRAP and transformation roadmaps, and what to pre-empt now.

Read article
Article8 Dec 2025

ACSC ISM Roadmap (2025 → 2026)

High-level, minimal wording, easy to present March 2025 Focus: Restructure & Modernisation New ISM format released (section renumbering). Clean separation of principles, controls, guidance. Initial movement toward modern…

Read article
Article11 Sept 2025

ACSC ISM Roadmap & Alignment with NIST 800–53 Rev 2

In the ever-evolving landscape of cybersecurity, frameworks like the Australian Cyber Security Centre’s (ACSC) Information Security Manual (ISM) and the U.S. National Institute of Standards and Technology’s (NIST) Specia…

Read article
Article10 Sept 2025

HOW ACSC ISM ROADMAP IS FOLLOWING NIST 800–52 REV 2

HOW ACSC ISM ROADMAP IS FOLLOWING NIST 800–52 REV 2 1. March 2025 ISM Update Key Changes (based on available context and trends): Strengthened Secure by Design principles, emphasizing secure software development and supp…

Read article
Article14 Mar 2025

Meaningful and Cost-Effective — NOT FOR PROFIT WAY OF TECH & SECURITY

Meaningful and Cost-Effective — NOT FOR PROFIT WAY OF TECH & SECURITY Building a Secure and Scalable Software System for Not-for-Profits: A Structured Approach to ASD Essential 8, ISO 27001, and IRAP Compliance Introduct…

Read article