In my last article, I looked at the growing confusion many Australian businesses are facing when it comes to cyber security standards. There is no shortage of guidance. Between ISO 27001, Essential Eight, the ISM, CIRMP, VPDSS, RACGP guidance, legal sector expectations and SMB1001, most businesses are not struggling because there is nothing available. They are struggling because there is too much to take in, and not enough plain-English advice on where to start. That is where

Over the last 12 months, I have spent a lot of time looking at different cyber security standards, frameworks and sector requirements. The more you look, the more one thing becomes obvious: Australian businesses are not short on guidance. They are drowning in it. There is ISO/IEC 27001 , still one of the best-known information security management system standards. There is the ASD’s Essential Eight and the ASD’s Information Security Manual (ISM) . There is CIRMP for critica