Cyber security compliance, explained
Plain English guides related to IRAP, Essential Eight, ISO 27001 and 42001, SOC 2 and vCISO.
Browse by framework
Start here: the six framework guides
The pillar guide for each framework, the best place to begin.
Latest Guides
-
The IRAP Documents You Need: What to Prepare Before an Assessment
The documents an IRAP assessment runs on, from the System Security Plan annex to the SRMP, monitoring and incident response plans, and…
-
IRAP for Defence: Do You Need It for DISP and Defence Contracts?
IRAP is not a DISP requirement. DISP sets an Essential Eight Maturity Level 2 ICT baseline; IRAP assesses a specific system against…
-
How Long Does an IRAP Assessment Take?
ASD sets no fixed length for an IRAP assessment. A moderately complex system runs about 12 to 16 weeks once readiness is…
-
vCISO Pricing Models: How Virtual CISO Services Are Priced
How virtual CISO services are priced: the common retainer, tiered and day rate models, what drives the fee, and how Cybernion scopes…
-
What Does a Virtual CISO Do? The Scope of the Role
A virtual CISO owns the direction and accountability of your security programme, not the hands on build. Here is exactly what the…
-
Virtual CISO for Startups and Scaleups: Do You Need One?
Whether a startup or scaleup needs a virtual CISO, the real trigger, and when to move to a full time hire.
-
vCISO vs an MSSP: What’s the Difference and Which Do You Need?
A vCISO and an MSSP solve different problems. A virtual CISO owns your security strategy, risk decisions and board reporting. A Managed…
-
What Is a Virtual CISO? An Australian Guide
A virtual CISO is the CISO role engaged part time on a retainer. It carries full accountability for security strategy, risk and…
-
When Do You Need a Virtual CISO?
A virtual CISO is the right move when cyber security needs an accountable owner at management level and a full time CISO…
-
vCISO vs a Full Time CISO: Which Does Your Business Need?
A vCISO and a full time CISO are the same role at different capacity. When a part time retainer is enough, and…
-
SOC 2 Readiness Checklist for Australian Companies
What to prepare before a SOC 2 audit: scope the Trust Services Criteria, stand up the controls, and collect the evidence a…
-
The SOC 2 Trust Services Criteria Explained
The five SOC 2 Trust Services Criteria explained: Security, Availability, Processing Integrity, Confidentiality and Privacy, and which ones you actually need.
