Guest: Ivano Bongiovanni, General Manager / Sr Lecturer, AusCERT / UQ
On LinkedIn | https://www.linkedin.com/in/ivano-bongiovanni-cybersecurity-management/
At AU Cyber Con | https://melbourne2024.cyberconference.com.au/speakers/ivano-bongiovanni-ibtpp
Hosts:
Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]
On ITSPmagazine | https://www.itspmagazine.com/sean-martin
Marco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society Podcast & Audio Signals Podcast
On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli
____________________________
Episode Notes
This AISA Cyber Con 2024 On Location podcast episode recorded in Melbourne spotlights critical discussions led by Ivano Bongiovanni, General Manager for AUSCERT and Senior Lecturer in Cybersecurity at the University of Queensland. The dialogue centers on pivotal issues shaping organizational approaches to cybersecurity, from decision-making factors to data governance and regulatory influences.
Bongiovanni discusses his research on decision-making in cybersecurity, conducted across six large organizations. By interviewing professionals at operational, tactical, and strategic levels, the study examines the multifaceted factors driving decisions, such as configuring security systems or choosing cyber insurance. The research identifies four primary influence levels: industry, organizational, team, and individual. Key drivers include regulations at the industry level, organizational culture, and access to collaborative professional forums. These insights aim to provide decision-makers with a reflective framework to ensure comprehensive and informed choices.
Another prominent focus is data governance. Bongiovanni emphasizes its role as both a foundation for robust cybersecurity and a potential avenue for organizational value creation. He highlights the challenges organizations face in mapping, managing, and securing their data. While traditionally viewed through a lens of loss prevention, he argues that effective data governance can unlock operational efficiencies and new business opportunities. This aligns with a broader industry shift to link cybersecurity investments to strategic value creation, rather than purely protective measures.
The episode also touches on evolving regulatory landscapes. Bongiovanni outlines the increasing scrutiny on board members and CISOs (Chief Information Security Officers) regarding cybersecurity accountability. While Australia is still catching up with global trends, parallels are drawn to the U.S., where regulations like the SEC’s proposed cyber disclosures link leadership liability to organizational cybersecurity practices. In Australia, existing duties of care under the Corporations Act are becoming focal points for regulatory expectations.
Information-sharing frameworks, such as ISACs (Information Sharing and Analysis Centers), also feature in the discussion. Bongiovanni underscores their importance in fostering collaboration, particularly in sectors like higher education and healthcare. He notes the ongoing cultural shift encouraging organizations to share threat intelligence securely, which is essential for collective resilience.
Through Bongiovanni’s contributions, this episode highlights both the challenges and opportunities in cybersecurity decision-making, emphasizing a nuanced understanding of regulatory, cultural, and technical dynamics.
____________________________
This Episode’s Sponsors
Threatlocker: https://itspm.ag/threatlocker-r974
____________________________
Resources
Future is now: Cautious reflections and bold predictions on cyber security in the years to come (Session): https://melbourne2024.cyberconference.com.au/sessions/session-FsEVnuge9u
How do we make decisions in cybersecurity? Operational, tactical, and strategic decision-making in the age of AI (Session): https://melbourne2024.cyberconference.com.au/sessions/session-BdOGZjahUe
The executive playbook: Elevate your cyber security through data governance (Workshop): https://melbourne2024.cyberconference.com.au/workshops/workshop-rxAAQPTLUJ
Learn more and catch more stories from Australian Cyber Conference 2024 coverage: https://www.itspmagazine.com/australian-cyber-conference-melbourne-2024-cybersecurity-event-coverage-in-australia
Be sure to share and subscribe!
____________________________
Catch all of our event coverage: https://www.itspmagazine.com/technology-cybersecurity-society-humanity-conference-and-event-coverage
To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcast
To see and hear more Redefining Society stories on ITSPmagazine, visit:
https://www.itspmagazine.com/redefining-society-podcast
Want to tell your Brand Story Briefing as part of our event coverage?
Learn More 👉 https://itspm.ag/evtcovbrf
Redefining Society and Technology Podcast