#policy
24 stories taggedpolicy.

From Unusual Path to the Top: What Tarah Wheeler's Career Tells Us About Who Gets to Lead in Cybersecurity
Tarah Wheeler is now a chief security officer at a firm that advises some of the highest-stakes organisations in the world. Her route there looked nothing like the standard playbook.

Why Cybersecurity Teams Are Starting to Speak the Language of Business
Security programmes built around technical checklists often fail to show executives what is actually at risk. A growing push asks teams to tie every control directly to business outcomes.

Tasmania Becomes Last Australian State to Outlaw Non-Consensual Sharing of Intimate Images
After years of victims being turned away by police with no clear law to apply, Tasmania's government has announced it will criminalise the sharing — or threatening to share — intimate images without consent, including AI-generated fakes.

Australia Raises Alarm Over AI Scribes Listening In on Doctor Visits
Federal health officials are warning that AI tools recording patient conversations in GP clinics may pose serious privacy risks — and regulators are now weighing whether new rules are needed.

Five Eyes spy chiefs warn AI is shrinking the window to stop cyberattacks — and boards need to act now
The heads of five Western cybersecurity agencies say artificial intelligence is already changing how fast criminals can strike. Waiting is no longer an option, they say — and the warning is aimed squarely at company boards, not IT teams.

American Tech Is Quietly Powering the Global Scam Machine
A joint investigation by AP and FRONTLINE found that tools built by US companies are helping criminals run fraud operations at industrial scale — and most victims never see it coming.

Australians Are Safer Online Than Last Year — Unless They Run a Small Business
A new government survey found cybercrime fell across Australia in 2025, but small business owners are facing more legal and staffing fallout than ever before.

Chris Inglis on the Snowden Era: What NSA Got Wrong, and What CISOs Should Still Be Asking
The former NSA Deputy Director reflects on institutional failures, insider threat detection, and why 'enculturation' may matter more than access controls.

Citizen Lab: Cellebrite UFED Used on Pivovarov iPhone Three Months After Russia Sales Halt
Forensic traces and a Russian court filing place a UFED extraction on the activist's device in June 2021, raising hard questions about post-sale controls on dual-use forensic kit.

Compliance Theatre Has a Reckoning Coming. FedRAMP 20x Is the Opening Act.
Most SOC 2 and ISO 27001 reports audit a curated version of history, not operational reality. A federal cloud-security overhaul is forcing the question nobody wanted to answer: does passing audits actually mean anything?

RSnake's Case for a CISO Code of Ethics
Robert Hansen argues that kickbacks, no-show jobs, and shelfware deals aren't just embarrassing — they're a national security problem.

When Legacy Infrastructure Becomes the Soft Underbelly of Your AI Agent Stack
Governance frameworks like NIST AI RMF and the EU AI Act assume the pipes under the model are secure. They often aren't.

Macron Pushes Wealthy Democracies Toward a Unified AI Regulatory Front
The French president wants the G7 crowd to stop freelancing on AI governance and start coordinating. Whether that translates into anything enforceable is a different question entirely.

Feds Pull the Plug on CFAKE and SOCFAKE in First TAKE IT DOWN Act Domain Grab
DOJ seizes two deepfake nude sites that pulled tens of millions of visits a month, marking the first public test of the new federal statute.

Voluntary AI Security Rules: The Industry Already Knows What That Means
Trump's AI cybersecurity executive order drew polite applause from vendors and quiet skepticism from practitioners. The gap between those two reactions is where the real story lives.