- Job title of nominated professional: Telstra Security Operations Team
- Company (where nominated professional or team is working): Telstra Corporation
- Website: https://www.telstra.com.au/
- Company size (employees): 36,000 employees across the globe
In 3 bullets, summarize why this professional or team deserves recognition:
• The result of this project has seen 12 in-depth reviews by individual business units conducted across the entire business, and up to 200 recommendations were produced to strengthen Telstra’s cyber security measures. Using the Five Knows, the Telstra Security Operations Team conducted a thorough review of the entire Telstra business. This involved engaging over 100 employees from each of the 12 business units within Telstra, and many other stakeholders including contractors, support staff and third party partners, over a six-month period and resulted in up to 200 recommendations, of which all have been accepted and many have been implemented. The Team also conducted reviews of 30 of Telstra’s external partners that have access to Telstra’s customer or sensitive corporate or data. After the review, the Telstra Security Operations Team produced 12 reports that were then given back to each business unit to allow them to accept and manage the risks to drive actions and next steps.
• Telstra Security Operations Team has produced a framework that is driving unprecedented conversations on cyber security with senior executives within the Telstra business, and effectively mitigating potential security issues. However, this framework is not limited to Telstra and is being used by security teams throughout the world, within many different industries, to empower people inside their own organisations to take accountability in managing security risks.
• Through the development of The Five Knows of Cyber Security, Telstra is lifting the industry standard in terms of guiding and helping businesses navigate the complexities of the cyber threat landscape and is ultimately raising awareness of how cyber security should be viewed and addressed by the entire business, right up to the board level, not just the IT department.
In less than 300 words, summarize the achievements of the professional or team in the nominated category
Cyber-attacks are an escalating threat to today’s digital businesses and can accelerate at an unprecedented pace, with the potential to erode customers’ trust and ruin an organisation’s reputation overnight. When confronting this challenge, many businesses struggle to see cyber security as anything more than an IT issue and place their emphasis on technical solutions. But, as recent, high profile public breaches have demonstrated, they supersede being an IT problem and can impact every element of an organisation’s operations and negatively impact on the customer’s experience.
Even the most sophisticated of IT-focused measures can lose their effectiveness when staff operating in that organisation either lack awareness of simple, yet crucial, cyber-safety details or make human errors.
The Telstra Security Operations Team recognised a need to frame the complex problem of cyber security in a way that all staff can engage in; from senior executives, right through to on the ground staff. So they developed and introduced the Five Knows of Cyber Security – a simple guide designed to shift the focus of the cyber security discussion from one of technology, to a business-wide consideration.
The Five Knows of Cyber Security:
1. Know the value of your data
2. Know who has access to your data
3. Know where your data is
4. Know who is protecting your data
5. Know how well your data is protected
The Five Knows not only gained traction in Telstra by creating a greater understanding of cyber security risks with senior level executives within the business, but also in the wider security community. The Telstra Security Operations Team then collaborated with Telstra Risk and Compliance Teams and used the Five Knows as the backbone for an enterprise-wide program to manage the security risk in all business units within Telstra, including the CEOs office, over a six-month period.