Southern Cross Media engages CISO-as-a-service – Security

Southern Cross Media Group – owner of radio network brands Triple M and Hit – has taken over a “CISO-as-a-service” offering from Telstra Purple.

The company said today [pdf] that it appointed Telstra Purple in February this year “to provide an outsourced Chief Information Security Officer (CISO) service”.

“This agreement helps us strengthen our processes and controls to protect our systems and confidential data,” the company said.

“The CISO will continue to test and refine our systems and processes to ensure that SCA [the group] is above emerging cyber threats.

The company said Telstra Purple was also taking part in an “independent review” of the media group’s information security management system, which is described as “ongoing”.

“As part of the comprehensive review, several major work packages will be performed, including business impact analysis, information risk management framework, asset discovery, threat assessment, risk assessment and assessment of current controls,” the company said.

“This review will result in an updated information security risk register, comprehensive IT asset registers and a cybersecurity control gap assessment, which will inform the benchmarking of our cybersecurity controls and prioritize areas for future improvement and investment.”

Southern Cross Media Group was impacted by two data breaches involving third-party vendors in the past fiscal year.

The first incident involved his “preferred direct marketing platform” and resulted in “subscriber email addresses” being compromised.

The incident seemed enough to trigger a platform switch: the company said it had now “selected a replacement direct marketing platform, which will go live in the second half of 2022”.

The second incident, in January this year, saw “the personal details of a small number of Triple M club members” exposed via a third-party investigation link in an email.

Source link