Director Cyber Security Dept. Finance
Services and Innovation NSW
2:20 PM PANEL DISCUSSION: Examining the Cloud as a Divergent Digital Landscape Instigating New Security Risks for Data
Government departments and agencies are trending towards aggregation critical systems. Unlike on premise data storage, the cloud produces a superior capacity, greater savings, convenience and increased data access flexibility. However, cloud services have created a systematic economic risk which requires reliance on vendors as a second party supply chain; reducing data control. Subsequently, a new environment requires new methods of defence.
- Exploring vendor inspection frameworks to ensure a trustworthy and secure cloud solution.
- Defining cyber security risk management and insurance as cloud service providers are not accountable for breaches.
- Exploring cloud innovation and encouraging staff to have a positive attitude and active training participation towards the cloud.
Security operations are independent to departments and agencies which inhibits a strengthened and connected cyber front. This roundtable will focus on:
- Aligning incentives more cooperatively across departments for more effective cyber security management.
- Assessing how to maximise the recently implemented and innovative Australian Cyber Security Centres.
1:20 PM CASE STUDY: Cyber Security and Governance: Questions Boards and Committees Should Ask About Cyber Security
Charlotte will provide an overview of the Office of the NSW Government Chief Information Security Officer (GCISO), which aims to provide ‘A cyber safe NSW: connected, protected and trusted.’ The Office of the GCISO takes an integrated approach to preventing and responding to cyber security threats across NSW safeguarding our information, assets, services and citizens. As the NSW Government leads the way on streamlined digital service delivery, we must also increase cyber resilience and invest to protect against cyber threats. Charlotte discusses that need for clarity of communication in regards to cyber security and the importance of asking questions to gain an understanding of cyber security risk. This will include:
- Creating greater transparency and engagement on cyber security risk.
- Assisting boards to ensure there is understanding and consistency with what needs to be asked of the cyber security team to mitigate risks.
- Identifying gaps in creating a cyber security governance framework to create a comprehensive risk management approach.