Your first ISO 27001 audit is a major step in your organisation’s information security journey. It is the point where your Information Security Management System (ISMS) is formally assessed by an external auditor to determine whether it meets the requirements of the...
Summary Annual penetration tests and noisy scanners no longer cut it. To address these challenges, organisations are increasingly turning to continuous penetration testing. Horizon3.ai’s analysis of over 50,000 production pentests shows attackers are chaining...
Summary Australia’s cybersecurity industry has evolved rapidly in response to new regulations, increased attack frequency, and rising board-level accountability. In this environment, organisations are demanding proof that their cybersecurity partners operate to...
Summary Microsoft Exchange remains at the core of many organisations’ communication systems, but its widespread use makes it a top target for cyber attackers. In October 2025, the NSA, CISA, ASD’s Australian Cyber Security Centre (ACSC), and the Canadian Cyber Centre...
Summary Proton has recently launched its Data Breach Observatory, a publicly-facing, free platform that continuously monitors the dark web for data leaks and publishes them in near-real time. Key findings from Proton’s initial research: In 2025 (so far), Proton...
Summary Australia’s cyber threat environment has entered a new phase. The Australian Signals Directorate (ASD) and Australian Institute of Company Directors (AICD) have released Cyber Security Priorities for Boards in 2025–26, urging directors to take direct oversight...
Summary Cloud can harden security and resilience when you implement it the ASD way. The Australian Signals Directorate sets out a practical path: assess the provider and its services, assess your own systems, make shared responsibilities explicit, then monitor...
An internal ISO 27001 audit is one of the most important activities in maintaining an effective Information Security Management System (ISMS). It provides assurance that your organisation’s information security controls are working as intended, helps identify...
Summary Cyber incidents are no longer a “what-if”; they are a “when”. As the Australian Signals Directorate observes, malicious cyber activity against Australian national and economic interests is increasing in frequency, scale and sophistication. The right incident...
Budgeting for an ISO 27001 audit can feel like trying to predict the weather: many variables, a few surprises, and the risk of under-estimating key costs. But understanding the full cost structure and building in buffers lets you approach certification strategically...