In this episode, Cole Cornford is joined by cybersecurity experts and IRAP assessors, Kat McCrabb and Toby Amodio, to unpack the latest updates to the Protective Security Policy Framework (PSPF) for 2024. They explore the significant changes introduced in the PSPF, such as the heightened emphasis on IRAP assessments, the potential strain on resources due to increased demand for assessors, and the impact on government agencies' compliance efforts. The discussion delves into the restructuring of the PSPF domains, including the separation of information and technology, and the challenges this presents for reporting and governance. They also address issues with self-attestation in agencies, insights from ANAO reports, and the critical importance of managing legacy IT systems. Kat and Toby offer valuable perspectives and practical advice for organisations navigating these new requirements, highlighting the need for proactive planning and adaptation in the evolving cybersecurity landscape.
Timestamps01:27 - What is the PSPF? Toby explains the framework
03:07 - Kat discusses the biggest changes in the PSPF 2024 updates
04:20 - Challenges with IRAP assessments: time, cost, and limited assessors
06:18 - When are IRAP assessments required? Clarifications
08:13 - Changes in PSPF domains: splitting information and technology
10:08 - Implications of the changes for reporting and governance
12:15 - Comparison with NIST framework and governance considerations
13:38 - Issues with self-attestation and insights from ANAO reports
15:09 - Strategies for improving reporting and assessments in agencies
17:36 - Managing legacy IT systems under the new PSPF requirements
18:52 - Key takeaways and final thoughts from Kat and Toby
Mentioned in this episode:
Call for Feedback
This podcast uses the following third-party services for analysis: Spotify Ad Analytics - https://www.spotify.com/us/legal/ad-analytics-privacy-policy/