[ I grizzle interminably about OAIC's failure to establish baseline security requirements, or even to offer useful data security guidance.
[ Is the guidance from ACSC, specifically relating to data held in the small-scale (consumer) cloud, any good, I wonder: https://www.cyber.gov.au/acsc/small-and-medium-businesses/small-business-cloud-security-guides [ I did some work on a specific aspect of this a few years back - the need for, and capability to actually arrange, backup and recovery. [ I ought to squeeze out some time to check the guidance out. [ I've just done one, very superficial check - a search for the strings 'recover' and 'restor'. [ Yes, it includes mentions, and a *little* in the way of guidance. https://www.cyber.gov.au/acsc/view-all-content/publications/technical-example-regular-backups Can Small Users Recover from the Cloud? (2017) http://www.rogerclarke.com/EC/PBAR-SP.html SaaS Backup Fails the Fitness for Purpose Test (2015) http://www.rogerclarke.com/EC/FPTB.html Practicable Backup Arrangements for Small Organisations and Individuals http://www.rogerclarke.com/EC/PBAR.html (2016) -------- Forwarded Message -------- Subject: ACSC releases Small Business Guides for Cloud Security Date: Fri, 16 Dec 2022 01:14:40 +0000 From: Australian Cyber Security Centre <[email protected]> Reply-To: Australian Cyber Security Centre <[email protected]> To: [email protected] High Alert - Act Quickly Friday 16 December Good morning, Cyber security incidents can affect any business, at any time. With the average cyber security incident costing over $39,000 for small businesses, organisations cannot afford to overlook investing in their cyber security. Investing in preventative measures is usually less expensive than responding to an incident, so it will help minimise the costs for impacted organisations. With the increased prevalence of cloud computing, the ACSC has created a series of 8 guides on securing cloud environments specific for small businesses. _*What are the Small Business Cloud Security Guides? *_ The Small Business Cloud Security Guides are designed to help businesses secure their systems and data and are accessible to organisations with limited resources and cyber security expertise. The ACSC’s Small Business Cloud Security Guides provide small businesses with advice on how to securely configure Microsoft 365 and Intune-managed endpoints. The guides will help small business strengthen their cyber posture and resilience. *_Where can I find the guides?_* You can access the Small Business Cloud Security Guides from cyber.gov.au https://www.cyber.gov.au/acsc/small-and-medium-businesses/small-business-cloud-security-guides. _*Which guide is best for my organisation? *_ To find out which guide is best for your organisation, refer to the ACSC Business Guidance Breakdown in the Small Business Cloud Security Guides – Introduction. Kind regards, ACSC -- Roger Clarke mailto:[email protected] T: +61 2 6288 6916 http://www.xamax.com.au http://www.rogerclarke.com Xamax Consultancy Pty Ltd 78 Sidaway St, Chapman ACT 2611 AUSTRALIA Visiting Professor in the Faculty of Law University of N.S.W. Visiting Professor in Computer Science Australian National University _______________________________________________ Link mailing list [email protected] https://mailman.anu.edu.au/mailman/listinfo/link
