Story image

Victorian Government welcomes the State's first CISO

10 Oct 17

The State of Victoria has its very first chief information security officer (CISO) under the Andrews Labor Government as it seeks to protect government services and information from cyber threats.

John O’Driscoll has taken up the CISO role and joins from his previous position as senior manager of Information and Technology Risk at ANZ. He has more than 20 years' experience in IT, cybersecurity in financial services and the public sector.

O’Driscoll will lead collaboration across all of Victoria’s government departments and agencies. He will also help to assess, monitor and respond to cybersecurity risks, in addition to engaging with Commonwealth and private sector experts to deliver a resilient and cohesive security environment.

According to Special Minister of State Gavin Jennings, O’Driscoll’s extensive experience in the field makes him ideal for the state’s first CISO.

“As organised crime and others become more sophisticated in hacking and disrupting digital services, it’s crucial government steps up to better protect our public services and information – John will help us do just that,” Jennings comments.

The state’s Labor Government released its Cyber Security Strategy in August, and part of its requirements was the appointment of a CISO.

The strategy also centralises cybersecurity initiatives across a ‘whole-of-government’ approach, rather than a siloed agency-by-agency approach. According to the government, this will better protect public services and information.

The Strategy aims to develop and implement cyber security capabilities to preserve and improve the:

- Protection of sensitive citizen and other data against loss, malicious alteration, and unauthorised use
- Resilience of government services, systems and infrastructure to cyber threats 
- Continuity of government during and following serious cyber incidents
- Protection and security of new digital services for citizens
- Coordination of our response to threats against infrastructure
- Security and viability of Victorian Government core infrastructure.

The Government is most concerned about cyber attacks not just by lone cyber hackers, but also political ‘hacktivists’ and state-sponsored attacks.

O’Driscoll will also lead a number of key actions from the Cyber Security Strategy. These include:

- Developing cyber emergency governance arrangements with Emergency Management Victoria, so that risks are better understood and planned for as part of ongoing work to protect government assets and services
- Strengthening partnerships across all levels of government and the private sector to share best practice, intelligence and insights
- Rationalising and better co-ordinating the procurement of proven cyber security services
- Developing a workforce plan to attract, develop and retain skilled cyber security public sector workers
- Presenting a quarterly cyber security briefing to the Victorian Secretaries Board and the State Crisis and Resilience Committee, so government is better informed of cyber security issues and assessments.

Symantec releases neural network-integrated USB scanning station
Symantec Industrial Control System Protection Neural helps defend against USB-borne cyber attacks on operational technology.
Ramping up security with next-gen firewalls
The classic firewall lacked the ability to distinguish between different kinds of web traffic.
Gartner names LogRhythm leader in SIEM solutions
Security teams increasingly need end-to-end SIEM solutions with native options for host- and network-level monitoring.
Cylance makes APIs available in endpoint detection offering
Extensive APIs enable security teams to more efficiently view, enrich, and contextualise real-time intelligence collected at the endpoint to keep systems secure.
SolarWinds adds SDN monitoring support to network management portfolio
SolarWinds announced a broad refresh to its network management portfolio, as well as key enhancements to the Orion Platform. 
JASK prepares for global rollout of their AI-powered ASOC platform
The JASK ASOC platform automates alert investigations, supposedly freeing the SOC analyst to do what machines can’t. 
Pitfalls to avoid when configuring cloud firewalls
Flexibility and granularity of security controls is good but can still represent a risk for new cloud adopters that don’t recognise some of the configuration pitfalls.
Securing hotel technology to protect customer information
Network security risks increase exponentially as hotels look to incorporate newer technologies to support a range of IoT devices, including smart door locks.