by Paul Friend, MBA | ISO Lead Auditor | Feb 18, 2026 | Blog, Essential 8
The Australian Government Information Security Manual is the foundational cybersecurity framework for protecting Australian government systems, applications, and data. The Australian Signals Directorate (ASD) publishes and maintains the ISM. It sets the information...
by Paul Friend, MBA | ISO Lead Auditor | Feb 17, 2026 | Blog
Managed Security Service Provider (MSSP) security services represent a strategic partnership with an outsourced, expert cybersecurity team. This goes beyond software; an MSSP provides 24/7 monitoring, advanced threat detection, and expert incident response, leveraging...
by Paul Friend, MBA | ISO Lead Auditor | Jan 15, 2026 | Blog, Penetration Testing
Summary Web application penetration testing is one of the most important controls any organisation can apply to reduce real cyber risk. As web-facing applications, APIs, and microservices power more business outcomes, attackers increasingly target them to gain access...
by Paul Friend, MBA | ISO Lead Auditor | Jan 13, 2026 | Blog, ISO 27001
How long does ISO 27001 certification take? For Australian organisations, timelines typically range from three months to over twelve months from initial preparation through to certification issuance. The primary variables are organisational size, existing security...
by Paul Friend, MBA | ISO Lead Auditor | Jan 13, 2026 | Blog
Summary Cybersecurity audits are no longer optional for Australian organisations. Boards, regulators, insurers, and customers now expect audits that validate not only documented controls, but also real control effectiveness across people, processes, and technology. At...
