My SME's journey to SMB1001 certification: Is cybersecurity certification worthwhile for your SME?

Thursday
 
28
 
November
2:40 pm
 - 
3:20 pm
Topic
Cyber Security Fundamentals for Board Directors / SME / NFP
Agenda
Sign in to add this session to your agenda
Add to My AgendaAdded to My Agenda
Location
Room 212
Theme
Leadership & Governance in Cyber Security

Speakers

Jodie Miners
Jodie Miners

Jodie Miners

Jodie Miners

Director
The Detail Department

Synopsis

As the director of a company providing services in the information security industry I'm always very conscious of walking the talk, and following the same best practice as my larger company peers. However, there is just not the possibility to buy tools to help with cybersecurity best practices, because they don't sell to companies as small as mine. My company is even too small for many MSSPs to look after my devices.

So often, we hear from experts in the cybersecurity industry that the minimum baseline is Essential Eight. However Essential Eight is not for everyone, and is completely daunting for companies that are cloud-first, and / or don't use Microsoft 365 which is fully controlled by a Microsoft security specialist, either in-house, or via an MSSP. So many aspects of Essential Eight are just not relevant to my business, or other Small to Medium Enterprises.

So when the CSCAU (Cyber Security Certification Australia) released SMB1001 it seemed like the best fit for my company. There are three levels (Bronze, Silver, and Gold) that are self assessed, and two that require an external auditor. The Bronze level has 6 controls and most businesses could pass that easily. The Gold level is where I wanted my business to be, at a minimum.

The talk will be about my journey to get to Gold Certification, the changes I had to make in my business, the difficult changes I needed to implement, and the help I needed to get there.

There will be an overview of the Standard, the Certification, and the tools to help achieve the certification.

I will compare the new Standard with the Small Business Cyber Security Guide from the Australian Cyber Security Centre (ACSC), and the Cyber Wardens program supported by the Council of Small Business Organisations Australia (COSBOA)

I will talk about the software tool that I used to help me though understanding and documenting each of the controls, but note that this is not required and you can follow the DIY model, but for me the tool was worth it.

Summing up with, in the end is it worth it? Do I feel more secure? Did it impact my Cybersecurity insurance? Do I need to go to the next level of external audit? Do I recommend other SMEs undertake this journey? What are the next steps for the participant to walk out of this talk, and get started on. 

Back to Program

Acknowledgement of Country

We acknowledge the traditional owners and custodians of country throughout Australia and acknowledge their continuing connection to land, waters and community. We pay our respects to the people, the cultures and the elders past, present and emerging.

Acknowledgement of Country