Story image

Victorian Government welcomes the State's first CISO

10 Oct 17

The State of Victoria has its very first chief information security officer (CISO) under the Andrews Labor Government as it seeks to protect government services and information from cyber threats.

John O’Driscoll has taken up the CISO role and joins from his previous position as senior manager of Information and Technology Risk at ANZ. He has more than 20 years' experience in IT, cybersecurity in financial services and the public sector.

O’Driscoll will lead collaboration across all of Victoria’s government departments and agencies. He will also help to assess, monitor and respond to cybersecurity risks, in addition to engaging with Commonwealth and private sector experts to deliver a resilient and cohesive security environment.

According to Special Minister of State Gavin Jennings, O’Driscoll’s extensive experience in the field makes him ideal for the state’s first CISO.

“As organised crime and others become more sophisticated in hacking and disrupting digital services, it’s crucial government steps up to better protect our public services and information – John will help us do just that,” Jennings comments.

The state’s Labor Government released its Cyber Security Strategy in August, and part of its requirements was the appointment of a CISO.

The strategy also centralises cybersecurity initiatives across a ‘whole-of-government’ approach, rather than a siloed agency-by-agency approach. According to the government, this will better protect public services and information.

The Strategy aims to develop and implement cyber security capabilities to preserve and improve the:

- Protection of sensitive citizen and other data against loss, malicious alteration, and unauthorised use
- Resilience of government services, systems and infrastructure to cyber threats 
- Continuity of government during and following serious cyber incidents
- Protection and security of new digital services for citizens
- Coordination of our response to threats against infrastructure
- Security and viability of Victorian Government core infrastructure.

The Government is most concerned about cyber attacks not just by lone cyber hackers, but also political ‘hacktivists’ and state-sponsored attacks.

O’Driscoll will also lead a number of key actions from the Cyber Security Strategy. These include:

- Developing cyber emergency governance arrangements with Emergency Management Victoria, so that risks are better understood and planned for as part of ongoing work to protect government assets and services
- Strengthening partnerships across all levels of government and the private sector to share best practice, intelligence and insights
- Rationalising and better co-ordinating the procurement of proven cyber security services
- Developing a workforce plan to attract, develop and retain skilled cyber security public sector workers
- Presenting a quarterly cyber security briefing to the Victorian Secretaries Board and the State Crisis and Resilience Committee, so government is better informed of cyber security issues and assessments.

How healthcare can prepare for My Health Record roll-out - Proofpoint
Australia’s healthcare sector is the continent’s biggest cybercrime target, according to a July report from the Australian Information Commissioner.
How DEX aims to guide process-enabled automation strategies
"Although automation is gaining a lot of momentum, there are many instances where early adopters have failed to achieve their business transformation and ROI goals."
Penten & Cyber Security CRC to research 'advanced cyber traps'
The research centres on how advanced cyber traps, which are used to identify data breaches as they happen, can be used in conjunction with tools such as artificial intelligence.
Achieving cyber resilience in the telco industry - Accenture
Whether hackers are motivated by greed, or a curiosity to assess a telco’s weaknesses; the interconnected nature of the industry places it in a position of increased threat
The CISO view on DevOps: How to protect privileged access in the cloud
While security strategies should address privileged access and the risk of unsecured secrets and credentials, they should also closely align with DevOps culture and methods.
Nasuni receives AWS competency status for primary storage
The recognition certifies that Nasuni Cloud File Services meet AWS's strict technical proficiency requirements for primary storage.
How mass data fragmentation impacts business growth and compliance readiness
"About 44% of Australian businesses use six or more solutions to try to manage fragmented data sources and repositories."
LogicMonitor launches container monitoring solutions
Kubernetes monitoring and LM Service Insight provide performance analytics and data retention for microservices and containerised applications.