Category: Risk Management & Compliance

Protective Security Policy Framework Release 2026: the changes that matter

PSPF Release 2026 took effect in July 2026. Agilient explains what has changed across the six security domains and what entities and suppliers must do.
READ MORE

The Essential Eight is being retired: what the Essentials series means for your organisation

ASD is retiring the Essential Eight and replacing it with the Essentials series. Agilient explains the change and what it means for your governance posture.
READ MORE
Security operations centre team collaborating, illustrating Essential Eight cyber governance

Where the Essential Eight Sits in Your Security and Governance Posture

An explainer on the Essential Eight, its maturity model, and where it fits within a broader security and governance posture alongside the PSPF and ISM.
READ MORE
Two consultants working through the security risk assessment process in an Australian office

The Security Risk Assessment Process: A Step-by-Step Guide for Australian Organisations

The security risk assessment process is a structured way to identify the security risks an organisation faces, analyse how serious each one is, and decide what to do about it, so that limited resources are directed at the risks that…
READ MORE
Auditor inspecting access control and CCTV during security audit procedures in an Australian building

Security Audit Procedures: A Step-by-Step Guide for Australian Organisations

A step-by-step guide to security audit procedures for Australian organisations, from scoping to reporting, aligned to AS ISO 31000:2018 and the PSPF.
READ MORE
security audit

What a Security Risk Assessment Template Should Include

What a security risk assessment template should include, how it aligns to AS ISO 31000:2018, and how to use one without turning risk into a checklist.
READ MORE

Operational Resilience and the SOCI Act: Shifting to Adaptive Infrastructure Protection in 2026

Why Traditional Protection Models Fail Under Stress Traditional critical infrastructure protection models were designed around known threats and static risk profiles. This historical approach is increasingly ineffective in today’s interconnected environment. As Dr Jill Slay AM noted in the landmark…
READ MORE
Australian electricity transmission substation, illustrating SOCI Act critical infrastructure obligations

SOCI Act Compliance: A Leader’s Roadmap to Critical Infrastructure Resilience

Disclaimer: The information contained in this article is general in nature and does not constitute legal advice. Readers are encouraged to obtain legal advice that applies to their particular circumstances. Why SOCI Matters to Boards and Executives For Australia’s infrastructure…
READ MORE

Security Compliance in Medicinal Cannabis: A Licence-to-Operate Requirement

Author: Mark Bezzina Medicinal cannabis is regulated as a Schedule 8 controlled drug in Australia, placing it under heightened scrutiny from multiple regulators. Security compliance is not an operational afterthought; it is a core requirement for licensing, ongoing approvals and…
READ MORE
security consultant

When Should Your Organisation Engage A Security Consultant?

A strong security strategy is critical for any organisation that seeks to safeguard their assets, systems and people. But when is it time to engage a security consultant, rather than running it in-house? Expertise and Knowledge Security consultants possess specialised…
READ MORE
security audit

Does Your Business Need To Undertake A Security Audit?

When a company conducts a security audit, it typically involves a thorough evaluation of the business’s information systems, policies and procedures, in order to identify potential security vulnerabilities and risks. The following are some of the key steps involved in…
READ MORE
critical infrastructure

Security Legislation Amendment 2022 to Critical Infrastructure

Australia has been facing an increase in cyber security threats to essential services, businesses, and all levels of governments. In recent years we have seen cyber-attacks on federal Parliamentary networks, logistics, the medical sector and universities. While owners and operators…
READ MORE

Risk Management and Cybersecurity Obligations for Critical Infrastructure

The Security Legislation Amendment (Critical Infrastructure) Act 2021 was submitted and enacted on 2 December 2021, and a new set of amendments will be submitted in early 2022, to form a second Bill. A draft version of the Bill discusses…
READ MORE
house-of-representatives-bill-2021

Amendment to Security Legislation โ€“ Bill 2021

Recently, the Security of Critical Infrastructure Act 2018 was amended in the House of Representatives. This article will discuss and explain the Security Legislation Amendment (Critical Infrastructure) Bill 2021 which was passed and came into effect on the 2nd December…
READ MORE
cybersecurity critical infrastructure

Australiaโ€™s Critical Infrastructure Law Reform

Last month, Australiaโ€™s ongoing law reform aimed at protecting critical infrastructure assets and systems of national significance took a major step towards achieving Australia’s Cyber Security Strategy 2020, The Exposure Draft of the Security Legislation Amendment (Critical Infrastructure) Bill 2020…
READ MORE

Concern For Cybersecurity Across Government Agencies

โ€œThe baseline adoption of the Essential Eight across the Australian Government still requires further improvement to meet the rapidly-evolving cyber security threat environmentโ€. The Commonwealth Cyber Security Posture in 2019 – Report to Parliament, March 2020 itNews recently reported that…
READ MORE
credit card payments

Implementation of PSD2 Measures for Credit Card Payment Operators

The EU Payment Services Directive enforcement is gaining momentum across the European Economic Area (EU states plus Iceland, Norway and Liechtenstein) to implement Strong Customer Authentication (SCA) for card-not-present transactions via credit card payment operators. This was legislated as of…
READ MORE

BlueKeep Flaw Still Affecting Outdated Medical Equipment

Early last year, a vulnerability now known as BlueKeep (CVE-2019-0708) was published that affected Microsoft Windows Remote Desktop Services. It could be exploited via Remote Desktop Protocol (RDP), and had the potential to allow an attacker to execute arbitrary code…
READ MORE
water droplet

Understanding the Importance of Water Security in Australia and Globally

Australians live on the driest inhabited continent on Earth. With around 70% of the countryโ€™s landmass defined as arid or semi-arid and a highly variable water cycle, itโ€™s no wonder that since the 1860s Australia has experienced at least nine…
READ MORE
malicious insider

Understanding and Detecting the Malicious Insider

These days, most people you meet will be well aware of the prevalence of typical threats such as hacking, malware, social engineering and more. But what about the attacks that occur from the inside? More specifically, the threat posed by…
READ MORE