AusCert, GovCert vie for technology space
- 25 July, 2005 12:00
- Comments
Roles and responsibilities in the Australian IT security landscape are in confusion following the formation of yet another official IT security organisation.
GovCert, the federal government's latest IT security progeny has created a national "computer emergency readiness team". Part of the critical infrastructure protection branch of the Attorney General's department, it will test existing incident response, harm minimisation, law enforcement and recovery arrangements for critical IT infrastructure.
However, just how or if the new organisation will work with self-funded IT security service provider, the Australian Computer Emergency Response Team (AusCert) remains unclear, with relations between the two security shops more cordial than friendly.
So far no one is saying whose idea it was to create a new organisation which uses the same base acronym but different words to an existing organisation.
Managing director of AusCert, Graham Ingram, said his organisation is still defining whether GovCert will have a relationship with AusCert, and on what terms.
"At this stage we are still talking to the commonwealth government about the relationship between AusCert and GovCert," Ingram said.
"There is a requirement for GovCert in the sense that critical issues will be addressed at government level, which AusCert is not well placed to do. "We have clear indications that the Commonwealth government is eager to support AusCert in its current role."
Asked if GovCert risked duplicating some of AusCert's functions, Ingram admitted his organisation was "not exactly popping champagne" over the new name - but denied relations were strained.
A statement provided to Computerworld by the Attorney General's Department, says GovCert will work with the Defence Signals Directorate (DSD), ASIO, the Australian Federal Police, the Protective Security Coordination Centre - as well as AusCert.
A spokesperson from the Attorney General's department said GovCert "is not an operational response agency, but one of planning and testing and will complement" both AusCert and the Defence Signals Directorate.
IDC security analyst Megan Dahlgren said AusCert's work in Australia is as important to Australia as the Standards Board, which provides minimum IT security standards.
"Everyone can benefit from the work of AusCert without paying for it its advice gives an organisation the ability to run and manage themselves," Dahlgren said.
Dahlgren added AusCert's cost recovery funding model was valuable because it provided a view independent of the commercial objectives of vendors.
AusCert member and IT solutions firm Melbourne IT says there is room for both government and industry-related emergency response or readiness teams.
Melbourne IT's CTO, Bruce Tonkin, said AusCert represents a local branch of an international security network.
"There is room for both AusCert - which is industry orientated - and GovCert which is government orientated and would exchange information with other governments on terrorist threats, which would use some of the vulnerabilities identified in postings from AusCert," Tonkins said.
Tonkin added the arrangement would work best if AusCert handled the "how" of IT security threat while GovCert pursued the "who".
Australia's IT securocracy
- AFP - Australian Federal Police
- AHTCC - Australian High Tech Crime Centre
- ASIO - Australian Security Intelligence Organisation
- AusCert - Australian Computer Emergency Response Team
- CIAC - Critical Infrastructure Advisory Council
- DIO - Defence Intelligence Organization
- DSD - Defence Signals Directorate
- DSTO - Defence Science and Technology Organisation
- EAG - Expert Advisory Group
- GovCert - Australian Government Computer Emergency Readiness Team
- IAAG - Infrastructure Assurance Advisory Groups
- ITSEAG - IT Security Advisory Group
- SETU - Science Engineering and Technology Unit for Counter-Terrorism
- TISN - Trusted Information Sharing Network
Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.
- Bookmark this page
- Share this article
- Got more on this story? Email CIO
- Follow CIO on twitter
-
BYOD security: How to protect your business on the move
-
Face Time - Interview with John Brennan and Robert DiStefano
-
Face Time - Interview with John Brennan and Robert DiStefano
-
IT service management going social
-
PC users admit to pirating software - $US63 billion worth of it
-
Enterprise Buyers Guide for Printers
Every enterprise owns, and regularly replaces, printers, copiers, multifunctional products and fax machines. The problem most face is not too few choices, but too many. How do you even begin to select the right one? Here is the Computerworld guide to buying a printer for the enterprise. -
Protecting Against the Leading Causes of Data Breach
This whitepaper was written for the organisation that wants to focus on prevention of data loss and doesn’t have millions to spend, but needs affordable solutions that can be implemented today to protect millions of sensitive records and dollars worth of intellectual property. This whitepaper addresses: - What organisations can do to prevent the four leading causes of data breaches - Why dedicated (pure-play) DLP solutions may not protect you from all four leading causes of data breaches - How to get prevent sensitive data leaving your organisation -
Optimised License Management for the Datacenter
Optimised license management is a necessity for all licenses owned by the enterprise. While organisations are starting to understand their license position for the desktop estate, the reality is that licensing in the datacenter presents a daunting set of challenges that require a robust, automated license management solution. Learn about how to address the unique license management requirements of all enterprise IT environments including the desktop and the datacenter.
-
Software Design
-
ALS Security+ Certification
-
Teach Yourself Visually Computers, 5th Edition
-
World of Warcraft Programming
-
Access 2000 VBA Handbook
-
Practical Risk Assessment for Project Management
-
Mastering Microsoft Exchange Server 2007 Sp1
-
Microsoft Sharepoint 2007 for Dummies
-
Business Intelligence for Dummies
Get exclusive access to Invitation only events CIO, reports & analysis. 
Comments
Post new comment