Episode Summary

In this episode, Cole Cornford is joined by cybersecurity experts and IRAP assessors, Kat McCrabb and Toby Amodio, to unpack the latest updates to the Protective Security Policy Framework (PSPF) for 2024. They explore the significant changes introduced in the PSPF, such as the heightened emphasis on IRAP assessments, the potential strain on resources due to increased demand for assessors, and the impact on government agencies' compliance efforts. The discussion delves into the restructuring of the PSPF domains, including the separation of information and technology, and the challenges this presents for reporting and governance. They also address issues with self-attestation in agencies, insights from ANAO reports, and the critical importance of managing legacy IT systems. Kat and Toby offer valuable perspectives and practical advice for organisations navigating these new requirements, highlighting the need for proactive planning and adaptation in the evolving cybersecurity landscape.

Timestamps

01:27 - What is the PSPF? Toby explains the framework

03:07 - Kat discusses the biggest changes in the PSPF 2024 updates

04:20 - Challenges with IRAP assessments: time, cost, and limited assessors

06:18 - When are IRAP assessments required? Clarifications

08:13 - Changes in PSPF domains: splitting information and technology

10:08 - Implications of the changes for reporting and governance

12:15 - Comparison with NIST framework and governance considerations

13:38 - Issues with self-attestation and insights from ANAO reports

15:09 - Strategies for improving reporting and assessments in agencies

17:36 - Managing legacy IT systems under the new PSPF requirements

18:52 - Key takeaways and final thoughts from Kat and Toby

Mentioned in this episode:

Call for Feedback

This podcast uses the following third-party services for analysis:

Podtrac - https://analytics.podtrac.com/privacy-policy-gdrp
Spotify Ad Analytics - https://www.spotify.com/us/legal/ad-analytics-privacy-policy/