Articles and opinion pieces

Building Assurance: A Framework for Risk-Based Supply Chain Mapping and Categorisation

A supply chain is only as strong as its weakest known link Australia’s critical infrastructure sectors depend on complex and interlinked supply chains that now sit at the centre of national resilience. This article describes an eight-step framework for risk-based supply chain mapping and categorisation aligned with theSecurity of Critical Infrastructure Act 2018 (SOCI Act) and its […]

Building Assurance: A Framework for Risk-Based Supply Chain Mapping and Categorisation Read More »

A creative depiction of eggs with facial expressions in a tray, symbolizing diversity.

Establishing a Critical Worker Identification and Risk Management Framework

Article / pentagramadvisory

The challenge of identifying critical workers Across Australia’s critical infrastructure sectors, one of the most persistent challenges in implementing the Security of Critical Infrastructure Act 2018 (SOCI) and its subordinate Rules has been identifying and managing critical workers – those individuals whose absence, compromise, or misconduct could disrupt essential services or cause significant harm to the operations of

Establishing a Critical Worker Identification and Risk Management Framework Read More »

In the National Interest: China’s Cognitive Warfare

Article / pentagramadvisory

Prologue “… what a fool believes, he sees …” The Doobie Brothers, 1978 The first week of September 2025 showcased the (current) high watermark of the Chinese Communist Party’s (CCP) cognitive warfare campaign against Western democratic nations. The 3 September 2025 China Victory Day Parade in Beijing, staged as the 80th celebration of the CCP’s claimed victory against

In the National Interest: China’s Cognitive Warfare Read More »

When Trust Breaks, Free Will Decides: How the Psychological Contract Shapes Insider Threat and Cyber Security Compliance

Article / pentagramadvisory

Despite years of investment in cyber security policies, controls and monitoring, insider threats remain one of the toughest risks to manage. Firewalls and detection tools can block opportunity, but they cannot eliminate people’s intent. At the heart of the issue is not just cyber security systems, but people. What drives employee behaviour is often nested in the psychological

When Trust Breaks, Free Will Decides: How the Psychological Contract Shapes Insider Threat and Cyber Security Compliance Read More »

wolf in sheep's clothing, wolf, sheep, sheepskin, wool, danger, threat, nature, animal, predator, carnivores, dangerous, fable, cracked, behind list, cunning, insidious, wolf, wolf, wolf, wolf, wolf, sheep, sheep

Countering Foreign Interference: Insider Threat Programs for Australia’s Critical Infrastructure

Article / pentagramadvisory

Foreign interference: an identified and recognised threat Australia’s intelligence and security community has delivered an unequivocal warning. In the 2024 Annual Threat Assessment, ASIO Director-General Mike Burgess stated that espionage and foreign interference sit at CERTAIN – the highest level on the scale. By 2025, ASIO assessed that hostile regimes were increasingly willing to disrupt or destroy critical infrastructure to impede

Countering Foreign Interference: Insider Threat Programs for Australia’s Critical Infrastructure Read More »

ESG and the Human Factor: Why personnel security must be a core feature of ESG strategy

Article / pentagramadvisory

Prologue Environmental, Social, and Governance (ESG) is now a decisive force in investment and corporate strategy. The Global Sustainable Investment Review 2022 reported that ESG investing has captured more than US$30 trillion in assets. Setting aside debates about ideology and contemporary drivers, ESG’s practical purpose is to balance risk and return in external investment choices, while

ESG and the Human Factor: Why personnel security must be a core feature of ESG strategy Read More »

Foreign Interference – Iran in Australia

Article / pentagramadvisory

In August 2025, the Australian Government announced it had evidence that the Iranian Government had directed violent criminal activities in Australia. The activities were cited as the attacks on two Jewish sites in Australia in 2024. In response to this evidence, the Australian Government expelled the Iranian ambassador and senior diplomatic staff, and will proscribe Iran’s Islamic

Foreign Interference – Iran in Australia Read More »

Foreign Interference: China interfering in Australia, and in your workplace

Article / pentagramadvisory

Prologue More instances of Chinese foreign interference in Australia were made public in August 2025. In this article, Pentagram Advisory (Pentagram) will recount these instances and discuss each case, reflecting on how foreign interference could affect colleagues in your workplace. It is important to understand that the actions of an adversary nation, such as China, can cause

Foreign Interference: China interfering in Australia, and in your workplace Read More »

Clorox-Cognizant Breach – Insider Threat in the Supply Chain

Article / pentagramadvisory

The Clorox–Cognizant breach shows how insider threat in the supply chain can cripple critical operations. Learn lessons for SOCI Act compliance and risk mitigation.

Clorox-Cognizant Breach – Insider Threat in the Supply Chain Read More »

CIRMP Turns Two: How to Strengthen the Annual Review, Board Engagement, and Enterprise Risk Integration

Article / pentagramadvisory

August 2025 marks the second anniversary of the Critical Infrastructure Risk Management Program (CIRMP) requirements under the Security of Critical Infrastructure Act 2018 (SOCI Act). Over the past two years, Australia’s critical infrastructure sectors have worked hard to embed CIRMPs as structured, proactive approaches to managing four key hazard vectors: cyber and information security, personnel, supply chain, and physical

CIRMP Turns Two: How to Strengthen the Annual Review, Board Engagement, and Enterprise Risk Integration Read More »

Thinking