position
Top Stories
News
AusCERT wrap-up, day two: Attack vectors will multiply faster than defences
AusCERT 2012: Sense of Security demoes Android-based spy application
AusCERT 2012: Can Android ever be safe?
AusCERT 2012: “You can survive” a hacktivist attack: Tal Be’ery
How to start a business continuity program
Disaster recovery is a success just waiting to happen
AusCERT 2012: Australian quantum crypto firm plots NASA test deployment
AusCERT 2012: US Army Cyber Command has never seen a cyber attack
AUSCERT 2012 : Day 1: Wednesday 16th May RoundUp
AusCERT 2012 Day 1 : IDS too noisy, too demanding: Stratsec
AusCERT 2012 in pictures: Exhibitors at large
AusCERT 2012 Day 1 : Is security growing up at last?
Industries
AusCERT 2012 Day 1 : Is security growing up at last?
Security concerns over Australia’s e-health records
The FBI and the DOJ want you to report suspicious people and monitor social networks. Goodbye liberty
Eight tips to defend against online financial fraud threats
Is your definition of security holding you back?
Security experts ask House for light a regulatory touch
EU to stengthen its cybersecurity watchdog
Copyright lawsuit targets owners of non-secure wireless networks
Barclays launches internet banking in wake of Postbank cyberheist
Brain drain: Protecting your organization's IP
Patent trolls in our midst
How to protect online transactions
Data Protection
AusCERT 2012: Sense of Security demoes Android-based spy application
AusCERT 2012: Can Android ever be safe?
AusCERT 2012: “You can survive” a hacktivist attack: Tal Be’ery
AusCERT 2012: US Army Cyber Command has never seen a cyber attack
AUSCERT 2012 : Day 1: Wednesday 16th May RoundUp
AusCERT 2012 Day 1 : IDS too noisy, too demanding: Stratsec
AusCERT 2012 in pictures: Exhibitors at large
AusCERT 2012 Day 1 : Is security growing up at last?
Cyber-war debate moving too slowly: Bill Caelli
Virus hitting Aussie PCs disables ‘most’ AV software
10k Aussie PCs hit by Windows Ramnit botnet
After outcry, Adobe says it will patch CS5
Identity & Access
AusCERT 2012 Day 1 : IDS too noisy, too demanding: Stratsec
Adobe learns that security is a numbers game
Advanced Persistent Threats (APTs) — a Synopsis
Start-up Click Security debuts with threat-detection product
Attackers have all they need from leaky cellphone networks to track you down
The FBI and the DOJ want you to report suspicious people and monitor social networks. Goodbye liberty
Eight tips to defend against online financial fraud threats
Microsoft Security Essentials update blocks Google.com
Building an IDPS without big iron
How to get the IRS' attention: Forge nearly $8 million in tax returns, steal identities
Researchers crack satellite encryption
Brain drain: Protecting your organization's IP
Business Continuity
The in-depth guide to data destruction
Symantec releases faster next-gen NetBackup, Backup Exec software
Windows 8 can scrub data from disk, but not up to tough security specifications
How to implement a successful security and disaster recovery plan
Reloaded: Paying Lip Service to Incident Response
Security Manager's Journal: A rush to judgment on DLP deployment
Naming names in APT
USB sticks still being used insecurely, Ponemon study finds
BC/DR spending not a top budget priority
Review: Self-Encrypting External Hard Disk Drives
Security roundup: BlackBerry blows up; the 'dual-persona' mobile device?; more on the RSA hack
Survey finds dangerous gap in prevention
Physical Security
Security surveillance gets smarter
Exactly what is Homeland Security watching for on Facebook, Twitter, YouTube?
Researchers crack satellite encryption
Security Manager's Journal: Should physical security belong to us?
Carrier IQ security risks overblown?
Cyber-thieves using DDoS to distract banks and victims from spotting fraud
The typical fraudster - the threat from within.
Barack Obama’s security circus arrives in Oz: In Pictures
Lethal medical device hack taken to next level
Destroying data to protect against fraud
Ex-CIA boss "in awe" of Chinese hackers as RSA boss defends SecurID attack
Biometrics scares most people
Security Leadership
Information Security Awareness — why isn’t it working?
Cisco's John Stewart on the latest security threats … and what enterprises can do to fight back
Is your definition of security holding you back?
Security experts ask House for light a regulatory touch
EU to stengthen its cybersecurity watchdog
Data breach: Only 16 per cent self-identified
Kaspersky Lab CEO backs out of IPO plans
Security culture begins at the top
Black Swans for 2012 (and a good read)
Super-threats: The Six Steps You Need to Take to Protect Your Business
5 principles of selling security initiatives to executives
Murder retrial ordered after court records destroyed by virus
Career Training
Telstra seeks CISO to work with the Dept of Defence
Security Manager's Journal: A rush to judgment on DLP deployment
Techie seeks job by using malware, blackmail
Bruce Schneier awarded honorary degree from Westminster University
The CFO's role in the data breach war
Ethical hacking course offered by Coventry University
The Security Industry All-Stars
Where's the Steve Jobs of IT security?
ISMS Certification for Outsourced Service Providers
Awareness, awareness, awareness ... “stop eating dirt with dog sprinkles on it”
8 ways to become a cloud security expert
When ignorance isn’t bliss
Risk Management
Embedding risk culture
Embedding risk culture
The six pillars of security operations
Security Operations the Final Frontier – Part III
Reloaded: Paying Lip Service to Incident Response
VoIP hacking is phreaking expensive
How to have real risk management
Hybrid clouds the eventual reality for risk management
Got cyber insurance?
IT Audit Survey Exposes Weak Risk Assessment
How to create a risk register
Managing risk comes from communicating to the business: ISACA
Apple Security
Kaspersky kills flawed FlashBack removal tool
Does FlashBack really have 600k Macs?
Mac OS X tool sniffs out iOS contact-snoop apps
Security Manager's Journal: Hackers phone home -- on our dime
How does mobile device management (MDM) work?
Blogger exposes major Google Wallet security flaw
Mobile device management: Apple's extra little tricky requirement
Apple FileVault 2 encryption cracked by forensic software
Google to auto probe Android Market for malware
The week in security: A bitter bar of SOPA
How much new Mac malware arrived in 2011?
H1Siri Brings Siri to iPhone 4, But Is One Hack to Avoid
Open Source Security
Review : Clearswift SECURE Web Gateway 2.5
Google to auto probe Android Market for malware
Cnet de-trojans Nmap, but outrage continues
WatchGuard launches iOS-friendly security appliance
Hackers launch millions of Java exploits, says Microsoft
OpenPGP JavaScript implementation allows webmail encryption
Linuxfoundation.org, Linux.com down after security breach
Hack brings down Linux websites
Hack or no hack, the Linux kernel is well-protected
Security rundown for week ending Aug. 12
Super Glue website comes unstuck after Javascript attack
Mozilla retires Firefox 4 from security support
Opinions
Part 1:The business drivers and technology basics of two-factor or multi-factor authentication
Security complexity threatens enterprises
Security surveillance gets smarter
Embracing the Cloud – A Decision Framework
Safeguard security with gateway consolidation
Embedding risk culture
Penetration Testing — Achieving Better Outcomes
Information Security Awareness — why isn’t it working?
Crypto researcher Arjen Lenstra shares thoughts on paper blasting RSA cryptosystem
Trend Micro Develops Advanced Cloud-Based Mobile App Scanning Technology
The top three causes of security breaches: Part 1 of 2
Data centres need to lift their standards
IPv6
The week in security: New threats drive cloud-security evolution
IP voice security: are you susceptible or strong?
DDoS attackers start targeting IPv6 networks
IPv6 deployment starts at the network edge
IPv6: Dual-stack strategy starts at the perimeter
Hackers target IPv6
Boost in IPv6 use is only one step to solution
IPv6: Click, Clack, Front and Back
Will the sky fall if you don't deploy IPv6?
IPv6 boosts schools' on-net security
Companies shun, hide IPv6 rollouts due to security fears
Security stasis as NBN Co, Telstra consider how to move customers to IPv6
Featured Resources
Twitter Feed
-
Abigail_Swabey #auscert2012 winners of today's r2d2 draw are Eshan dissanayake and christoph from origin energy please collect your prize @CSO_Australia -
CSO_Australia #auscert2012 http://t.co/lyNjjr0c -
CSO_Australia #auscert2012 Rebecca Thompson: Doctor, I seem to have lost my medical identity. Can you prescribe a new one? http://t.co/5HLTkisQ
-
CSO_Australia #auscert2012 John Leisoboer: Real Cryptographers are Mathematicians, Beware of Everyone Else http://t.co/WXSwkNIA
-
Abigail_Swabey #AusCERT2012 at the watchguard stand just about to draw the winner for the ipad3 opposite the prince room quickly enter @CSO_Australia
Training
-
Cloud Computing Security Knowledge (CCSK) Plus
When: 17/05/2012 - 08/10/2012
The CCSK Plus training course enables the proactive management of the threats associates with Cloud Computing adoption
Whitepapers
-
Endpoint Buyers Guide
It takes more than antivirus to stop today’s advanced threats. Protecting corporate assets requires a complete ...
-
Protecting Generation Web
From data privacy to personal safety issues, cyber-bullying, inappropriate content and malware, schools are facing an ...
-
Six tips for choosing a unified threat management (UTM) solution
As network security grows more complex, businesses are demanding the simplicity of unified threat management (UTM). ...
Galleries
Latest Blog Posts
Vendor Blogs
Videos & Podcasts
-
Play video
Hackers around the world hack NASA data for good
-
Play video
Mobile Malware Development Continues To Rise, Android Leads the Way. Part Three
-
Play video
Mobile Malware Development Continues To Rise, Android Leads the Way. Part Two
-
Play video
Mobile Malware Development Continues To Rise, Android Leads the Way. Part One
CSO Corporate Partners
Get exclusive access to CSO, invitation only events, reports & analysis. Most Read
CSO Directory
Media Releases
-
BlackBerry 7 and 7.1 Operating Systems Approved for Use by Australian and New Zealand Governments
-
Matrox Launches Mura MPX Series 2.01 Driver for Enhanced Functionality and New Maximum Configurations of Flagship Video Wall Controller Boards
-
McAfee Aims to Protect Critical Infrastructure from Increased Attacks
-
Highly Collaborative Matrox Mura-Powered Video Wall to Display Military Simulation Prowess at ITEC 2012
-
Security Powerhouses McAfee and CloudShield Offer a New Sensor-based Approach to Detect and Defend Against Advanced Persistent Threats
Latest Jobs
- FTiPhone App DeveloperNSW
- CCAvaya Engineer - ERS 8600 4.1NSW
- FTSenior Citrix EngineerNSW
- FTSenior Network Engineer - Cisco / Nexus / UCS / - Routing / Switching / WirelessNSW
- FTSenior Network Field Engineer - Cisco R&S / Wireless SolutionsNSW
- FTASP.NET Developer (Digital)NSW
- CCSystem Engineer - Lync and Exchange - CONTRACTSWA
- FTTechnical Services Engineer - ShoreTel/MitelVIC
- FTChange Management ProfessionalsNSW
- FTSenior Network Field Engineer - Cisco R&S / Wireless SolutionsNSW
- FTiPhone App DeveloperNSW
- CCIT Project Co-ordinatorNSW
- FTiPhone Developer DeveloperNSW
- FTSenior Network Engineer - Cisco / Nexus / UCS / - Routing / Switching / WirelessNSW
- FTTechnical Consultant (VB.NET Developer)NSW
- FTSenior Citrix EngineerNSW
- CCSystem Engineer - Exchange - CONTRACTSWA
Solution Centers
Security Awareness Tip
Software security company www.clearswift.com gives some advice this holiday season to make sure employees don’t end up on Santa’s naughty list!
At a fundamental business level, social media is a useful additional tool for communicating and collaborating with customers, colleagues and new business prospects. From an HR point of view, the social web is not only useful for recruitment but also as a knowledge network. At an employee level, social media is changing the way we work: Employees increasingly expect to be able to access personal technology and services in the workplace. As the lines between work and home life blur, staff are looking for greater flexibility in their roles; working from home is an increasing trend, but so too is ‘home-ing from work’, where staff expect to be able to perform personal tasks at work.
But social media brings risk and reward to business in equal measure. Information security is a key concern: Many organisations view social media channels as yet another route along which sensitive data can escape from the business, whether accidentally or maliciously. On top of this, senior management may be concerned about the amount of time employees spend on social networks.
This cultural shift raises new questions about trust in the workplace, the balance of power in employer / employee relationship and levels of control over people and content.
Organisations using content and web security technology can manage the way their staff use email and the internet without having to resort to a default position of mistrust. With a whopping third of ANZ employers completely blocking social media access at work, there’s a real danger of throwing the benefits of collaboration out with the risks.
It doesn’t have to be that way.
Trust breeds responsibility: People underestimate the amount of company time they spend on personal browsing. Allow staff to view their own web usage and foster more responsible behaviour without undermining trust.
Know limits: Set clear limits on personal surfing and communicate them to users. Alert them when they are approaching their limit. Help your people to play by the rules.
Share the load: Spread responsibility for usage reporting among managers and department heads so everyone gets to see how their usage impacts on the rest of the organisation. This also gives managers greater control and visibility into usage.
Need to know: Yes, you need reports and visibility. What you don’t need is employee data becoming common knowledge. Access control means reporting can be adjusted on a need-to-know basis.
Security ABC Guides
7 Ways to Protect Your Business Printers
Can a hacker burn down your business by remotely setting one of your printers on fire? Researchers at Columbia University have recently proposed such a scenario, although HP quickly denied that it's possible. However, even if your printers can't be used as remote firestarters, there are many risks involved in networking a printer.
Market Place
