<?xml version="1.0" encoding="UTF-8"?><rss version="2.0"
	xmlns:content="http://purl.org/rss/1.0/modules/content/"
	xmlns:dc="http://purl.org/dc/elements/1.1/"
	xmlns:atom="http://www.w3.org/2005/Atom"
	xmlns:sy="http://purl.org/rss/1.0/modules/syndication/"
	
	>
<channel>
	<title>
	Comments on: CIA offers information security plan to Australian CIOs	</title>
	<atom:link href="https://istart.com.au/news-items/cia-offers-information-security-plan-australian-cios/feed/" rel="self" type="application/rss+xml" />
	<link>https://istart.com.au/news-items/cia-offers-information-security-plan-australian-cios/</link>
	<description>iStart keeping business informed on technology</description>
	<lastBuildDate>
	Mon, 15 Jun 2026 23:46:54 +0000	</lastBuildDate>
	<sy:updatePeriod>
	hourly	</sy:updatePeriod>
	<sy:updateFrequency>
	1	</sy:updateFrequency>
	
			<item>
				<title>
				By: Andrew Bycroft				</title>
				<link>https://istart.com.au/news-items/cia-offers-information-security-plan-australian-cios/#comment-23321</link>
		<dc:creator><![CDATA[Andrew Bycroft]]></dc:creator>
		<pubDate>Tue, 13 Sep 2016 23:31:50 +0000</pubDate>
		<guid isPermaLink="false">https://istart.com.au/?post_type=news-items&#038;p=17435#comment-23321</guid>
					<description><![CDATA[Personally, I don&#039;t think we should be promoting &quot;security&quot;. Security has connotations with prevention, and prevention is not always possible. In fact this is one of the reasons the cyber security industry is in a mess today. It has invested all of its efforts in prevention, and when that fails, detection, response and recovery are ill conceived and bungled, costing either taxpayers (for government cyber breaches) or shareholders (for private sector cyber breaches) money. 

I think we should be promoting &quot;resilience&quot; which is the ability to have four shots at reducing cyber risk through:

1. discovery and remediation of vulnerabilities; 
2. prediction and prevention of threats;
3. detection of, and response to, attacks; and
4. confirmation and recovery from breaches

Mindset and the cultural shift that will follow is what the plan needs to revolve around.]]></description>
		<content:encoded><![CDATA[<p>Personally, I don&#8217;t think we should be promoting &#8220;security&#8221;. Security has connotations with prevention, and prevention is not always possible. In fact this is one of the reasons the cyber security industry is in a mess today. It has invested all of its efforts in prevention, and when that fails, detection, response and recovery are ill conceived and bungled, costing either taxpayers (for government cyber breaches) or shareholders (for private sector cyber breaches) money. </p>
<p>I think we should be promoting &#8220;resilience&#8221; which is the ability to have four shots at reducing cyber risk through:</p>
<p>1. discovery and remediation of vulnerabilities;<br />
2. prediction and prevention of threats;<br />
3. detection of, and response to, attacks; and<br />
4. confirmation and recovery from breaches</p>
<p>Mindset and the cultural shift that will follow is what the plan needs to revolve around.</p>
]]></content:encoded>
						</item>
			</channel>
</rss>
