In a previous article, I examined Australia’s proposed Security Legislation Amendment (Critical Infrastructure) Bill 2020. This information security overhaul imposes strict reporting requirements for enterprises as well as affords the Australian government unprecedented and far-reaching powers that enables them to intervene in the operation of an organisztion’s network in the event of a threat to critical infrastructure.

The intention of the bill is to help Australian businesses fend off cyberattacks. It is also an indictment – from the Australian government – of the willingness or ability of private enterprises to appropriately secure their networks as well as the capability of operators tasked with these duties.

It represents a flashpoint in the information security ecosystem, bringing to bear the industry’s absence of workforce intelligence.

What Do You Mean, “Workforce Intelligence?”

The benefits of workforce intelligence for an organization are well-documented. It enables the establishment of succession plans, highlights leadership potential and interest, improves learning and development pathways, and fills vacancies with greater accuracy and speed. Unsurprisingly, workforce intelligence helps an organization to understand its workforce.

This bill introduces another element. It demands that an organization be capable of providing reasonable assurance to the government that their workforce is appropriately staffed and equipped to secure their network.

For several years, the public sector has been experimenting with and implementing assessment standardization practices. These ensure that the entities tasked with evaluating organizations are consistent and meet government thresholds. The purpose of this is to enhance the nation’s network security through a greater understanding of the cyber workforce. The Cybersecurity & Infrastructure Security Agency’s (CISA) Assessment Evaluation and Standardization (AES) program has paved the way for these changes and provides a roadmap that other nations will follow.

CISA’s AES is a federal government initiative that is training “assessors” nationwide to standardize the (Read more...)