Insider Threat Insider threat is the misuse by a trusted person of privileged access to assets and operations. The trusted person’s actions may be unintentional or they may be intentional. In either instance the harm caused can be the same. Organisations make a choice to grant trust to a person when they decide to employ […]
Insider Threat: Australian lawyer charged with misconduct Read More »
The fire at Viva Energy’s Geelong refinery should be treated as more than an industrial incident. Initial media reporting points to equipment failure stemming from inadequate maintenance. There is, as of 17 April 2026, no public evidence of sabotage. But focusing on cause alone risks missing the broader point. For operators of critical infrastructure — and for
In March 2026, the Commonwealth Government published the Independent Review of the Security of Critical Infrastructure Act 2018. The intent of the Review, conducted by Dr Jill Slay between November 2025 and January 2026, was to assess whether Australia’s Security of Critical Infrastructure Act 2018 (SOCI Act) is achieving its intended objectives, functioning as intended,
Observing the absence of usual and the presence of unusual Introduction: The Illusion of Sudden Insider Risk Insider incidents are often described as unexpected. A data breach occurs. A policy is violated. Sensitive information is disclosed. The event appears sudden, and the question that follows is predictable: How did this happen? However, in most cases, the
Trusted Workforce: Why Behavioural Change Is the Earliest Warning Signal of Insider Risk Read More »
Organisations responsible for protecting government resources or critical infrastructure assets have, over time, built increasingly sophisticated security architectures. Policies are codified, controls are implemented, monitoring capabilities are expanded, and compliance frameworks are strengthened. These mechanisms are necessary, and in many cases, highly effective. They provide structure, consistency, and a defensible basis for managing security risk
The decision by the United States and Israel to attack Iran in February 2026 reportedly was a surprise to America’s allies (Israel excepted). Irrespective of the calamities the war may visit upon its intimate participants, the rest of us will suffer consequences from this war. The consequences are, superficially, restricted and more expensive oil and
In the national interest: War with Iran – energy shock, with Australia running on empty Read More »
Understanding how personnel risk develops over time Organisations responsible for protecting critical infrastructure invest significant effort in pre-employment screening. Background checks, security clearances, verification processes and role-suitability assessments help ensure that individuals entrusted with sensitive systems, operational technology or critical information demonstrate the integrity, judgement and reliability required for high-trust roles on which the organisation
Trusted Workforce: The Seven Risk Factors Behind Insider Vulnerability Read More »
Iran attacked – global consequences The military actions undertaken by the United States of America and Israel against Iran, commencing on 28 February 2026, which follow up their attacks on Iran’s nuclear program and air defence infrastructure over 13 – 24 June 2025, have irrevocably changed the political and military landscape of the Middle East.
Introduction Across Pentagram Advisory’s engagements with critical infrastructure entities nationwide, we have observed a persistent structural imbalance in how security risk is governed and resourced — one that warrants Board-level attention. Cyber security functions are comparatively established, well resourced, visible and structured. Yet outside cyber, responsibility for the security of critical infrastructure assets is generally
In today’s security environment, organisations that operate critical infrastructure cannot afford to treat workforce screening as a transactional HR activity. Workforce assurance is the structured, risk-based process of understanding, governing and continuously reviewing trust in people with access to critical assets, data and operations. It must be embedded as a long-term organisational capability. For many
