Top Stories
News
Microsoft launches security bounty programs for Windows 8.1 and IE 11 Preview
Apple end-to-end encryption far from bulletproof
Java 7 Update 25 fixes 40 security issues, turns on certificate revocation checking
Statistics reaffirm breach threat, but executive inaction still impeding security: Black Swan
Apple pours OS X Snow Leopard another Java fix
With faster 5G Wi-Fi coming, Wi-Fi Alliance kicks off certification program
Google asks to make surveillance orders public, citing First Amendment
Expanded '2-person rule' could help plug NSA leaks
Think like an attacker -- not a consultant
SMBs having problems with backup, recovery: study
US officials: Surveillance programs helped stop 50 terrorist plots
10 scary facts about Bitcoin
Industries
If governments clarify security expectations, vendors will follow: Huawei
AusCERT 2013: Deploying BYOD in a government environment
AusCERT 2013: Interview with Dr Lizzie Coles-Kemp
AusCERT organisation celebrates 20 years
AusCERT 2013: Police urge banks to install ATM chip technology
AusCERT 2013: Big data skills help beat the bad guys, says HP
The Ins and Outs of Cloud and Outsourcing
Australian Information Security Association issues blunt warning as National Cyber Security Awareness Week begins
Despite $1.46b furphy, 2013-14 Budget offers slim pickings for cyber security
SCADA security and understanding the risk impacts
Cyber Security and the CIO Challenge
Trend Micro's new paradigm: old (but good) advice in a new bottle
Data Protection
Statistics reaffirm breach threat, but executive inaction still impeding security: Black Swan
10 scary facts about Bitcoin
2013: new technologies pose new risks
Researcher finds latest Office zero-day was first used in 2009
Cisco impresses with first crack at next-gen firewall
In a climate of security fear, don’t forget the enemy within
Location security, app bundling helping St John of God manage mobility
The week in security: PRISM revelations show they really are watching you
CSO Roundtable : Effective Mobile Security
Executives see laptops as bigger security risk than desktops, smartphones: FireEye
External DDoS protections don’t reduce CSO collaboration onus: Akamai
Establishing a Cloud Broker Model – Part 2
Identity & Access
The week in security: AusCERT 2013 dominates Cyber Security Awareness Week
AusCERT 2013: Kill the password, says Mozilla
The week in security: Government puts its cybersecurity money where its mouth is
The week in security: Govt targets cybercrims; cybercrims target banks, unis
Business banking: Liable for trojan fraud and flying blind
The week in security: Was it the FBI's Apple data, or not?
Win8 SmartScreen nudges software sellers to buy code signing certs
Understanding identity underpins BYOD security
Standards could turn social networks into trusted ID brokers: NetIQ
Five steps to mastering identity and access management
Auscert 2012: Day 2 Roundup - Roll your sleeves up its Gala Day
AusCERT 2012 Day 1 : IDS too noisy, too demanding: Stratsec
Business Continuity
BYOD security needs total user management : LANDesk
AusCERT 2013: Interview with Dr Lizzie Coles-Kemp
AusCERT 2013: Home-electronics gear’s UPnP as insecure in Australia as rest of world: Metasploit
Symantec targets mid to large businesses with Backup Exec 3600
The week in security: Huawei, ZTE, Galaxy Tab deemed unacceptable for business use
The week in security: Govt targets cybercrims; cybercrims target banks, unis
The week in security: Was it the FBI's Apple data, or not?
Part 3 Business Continuity and implementation
How CIO's meet growing security threats
Backup, DR part of security processes: Telsyte
Storing in the cloud securely: 30 services compared
Auscert 2012: Day 2 Roundup - Roll your sleeves up its Gala Day
Physical Security
Auscert 2013: Perimeter protection has failed, encryption needs its day in the sun
CS-Cart v3.0.4 has PayPal ‘buy without paying’ glitch
Oz watchdog eyes whitelisting as “reasonable” privacy measure
Week in security: FreeBSD hacked as Facebook, Adobe redouble security efforts
Exposing insider threats
Social engineer whiz kid Cosmo gets six-year Internet ban
Aussie drug prescriptions sit pretty for health fraud
Security surveillance gets smarter
Exactly what is Homeland Security watching for on Facebook, Twitter, YouTube?
Researchers crack satellite encryption
Security Manager's Journal: Should physical security belong to us?
Carrier IQ security risks overblown?
Security Leadership
AusCERT 2013: Unmanaged, unknown privileged logins opening the door for APTs: Cyber-Ark
AusCERT 2013: Companies unaware of IPv6 security risk even if they’re not using it
AusCERT 2013: Visibility critical when selling IT security to execs, says Foxtel CSO
AusCERT 2013: NBN users need security professionals’ help, says Google
Australian Information Security Association issues blunt warning as National Cyber Security Awareness Week begins
AFP takes cyber safety to the people
Trustwave open new Security Operations Centre in Asia Pacific
Dimension Data focuses on enterprise mobility, security in 2013
Nasty Ruby on Rails vulnerabilities highlight small websites' risk to us all
IN PICTURES: Symantec revs it up at Telstra 500 (67 photos)
AISA National Conference 2012 set to repeat last year’s success
How CIO's meet growing security threats
Career Training
IT grads ambitious, but lack the security skills companies need: panel
IT security skills shortage demands training, hiring rethink: Earthwave
Trend Micro A/NZ hires new managing director from global ranks
Telstra seeks CISO to work with the Dept of Defence
Security Manager's Journal: A rush to judgment on DLP deployment
Techie seeks job by using malware, blackmail
Bruce Schneier awarded honorary degree from Westminster University
The CFO's role in the data breach war
Ethical hacking course offered by Coventry University
The Security Industry All-Stars
Where's the Steve Jobs of IT security?
ISMS Certification for Outsourced Service Providers
Risk Management
Nasty Ruby on Rails vulnerabilities highlight small websites' risk to us all
The week in security: Attacks continue; are you ready for 2013?
DSD confirms: application whitelisting is the go
Six tips for developing a security culture
Week in security: The future of security is agile
Embedding risk culture
The six pillars of security operations
Apple Security
2013: new technologies pose new risks
Researcher finds latest Office zero-day was first used in 2009
In a climate of security fear, don’t forget the enemy within
Despite Android’s malware reputation, Samsung pursues DSD EAL2 certification
AusCERT 2013: Low-level analysis can find, map data deleted from Android phones
Oracle updates Java 7 after Apple’s browser plugin block
Review: Mobile Security
Could 2013 be the year we finally sort out security?
The week in security: Attacks continue; are you ready for 2013?
The week in security: Govt targets cybercrims; cybercrims target banks, unis
Apple patches more than 160 Windows iTunes flaws
The week in security: Was it the FBI's Apple data, or not?
Open Source Security
Review : Clearswift SECURE Web Gateway 2.5
Google to auto probe Android Market for malware
Cnet de-trojans Nmap, but outrage continues
WatchGuard launches iOS-friendly security appliance
Hackers launch millions of Java exploits, says Microsoft
OpenPGP JavaScript implementation allows webmail encryption
Linuxfoundation.org, Linux.com down after security breach
Hack brings down Linux websites
Hack or no hack, the Linux kernel is well-protected
Security rundown for week ending Aug. 12
Super Glue website comes unstuck after Javascript attack
Mozilla retires Firefox 4 from security support
Opinions
Establishing a Cloud Broker Model – Part 2
Beyond BYOD: Securing the Mobile Workforce
The Ins and Outs of Cloud and Outsourcing
Protecting your organisation against DDoS attacks
Stuxnet, Ethics and the Law
Login to the real world with your Facebook account
What you should know about the Red October virus
SCADA security and understanding the risk impacts
Cyber Security and the CIO Challenge
Microsoft's Melbourne tests confirm: counterfeit software a security risk
Why acknowledging the cyber war and embracing cyber resiliency must be priority one
Establishing a Cloud Broker Model – Part 1
IPv6
SANS: Closeted IPv6 causing “angst” amongst security pros
The week in security: New threats drive cloud-security evolution
IP voice security: are you susceptible or strong?
DDoS attackers start targeting IPv6 networks
IPv6 deployment starts at the network edge
IPv6: Dual-stack strategy starts at the perimeter
Hackers target IPv6
Boost in IPv6 use is only one step to solution
IPv6: Click, Clack, Front and Back
Will the sky fall if you don't deploy IPv6?
IPv6 boosts schools' on-net security
Companies shun, hide IPv6 rollouts due to security fears
Meet the CSO Journos
Featured Resources
Twitter Feed
-
brendan_hynes Outdated security, SaaS empowered business execs demand CSO to rethink @forrester @Forrsights @CSO_Australia http://t.co/NnRJQaClXY -
Hyper_Tech_LLC 2013 #malware and #m2m communications http://t.co/TGEdLaGmGT via @CSO_Australia -
CounterTack New study: Firms can take 10 hours to spot data breaches http://t.co/sIm4oI40nC via @CSO_Australia -
EricLKlein Gartner reveals Top 10 IT security myths - http://t.co/oYmdRjZWeI via @CSO_Australia #infosec #security -
SJMcKenzie RT @zyzzyvamedia: [plug] How ME Bank moved information #security from IT to the boardroom http://t.co/dImxgu8xkN via @CSO_Australia #CSO
Training
-
CISM Certified Information Security Manager
When: 12/08/2013
The ISACA® Certified Information Security Manager is the fastest growing and arguably the most prestigious qualification available for Information Security managers today. CISM properly recognises that security is first and foremost a management rather than a technical issue. CISM defines the core competencies and international standards of performance that information security managers are expected to master. The course provides an intense environment in which participants can acquire, thoroughly and properly, the skills and knowledge expected of a world-class information security manager. In the process the course provides outstanding preparation for the CISM exam.
-
CISSP Certified Information Systems Security Professional
When: 17/06/2013 - 18/11/2013
The ISC(2) CISSP® (Certified Information Systems Security Professional) Certification is one of the most sought-after security certifications available today. It is based on the CBK (Common Body of Knowledge) which comprises ten subject domains that the (ISC)2 compiles and maintains through ongoing peer review by subject matter experts. The goal of this 5-day accelerated course is to provide information security professionals with a fully-immersed, minimum-distraction CISSP CBK training and certification experience. The course will broaden and deepen your understanding of all ten CBK domains as required for the (ISC)2 CISSP accreditation examination.
-
SABSA Foundation
When: 08/07/2013 - 11/11/2013
SABSA is the world’s leading open security architecture framework and methodology. SABSA is a to-to-bottom framework and methodology to conceive, conceptualise, design, implement and manage security in a business-driven model. The term ‘business-driven’ is the key to SABSA’s power, and its acceptance. SABSA is all about empowering the organisation to do business as it needs and wants to do, while ensuring that it is secured and fully enabled. SABSA is an open and inclusive standard that readily integrates with other frameworks and tools such as ITIL, 17799/27000 series, COBIT and the like. It can be used as a compliance and governance framework for complex sets of standards. SABSA is used commonly as the security parallel and tool set for organisations using the world’s leading IT Architecture Framework – Zachman.
-
Social Engineering Training for Pen Testers and Others
When: 02/12/2013
Course Overview There are dozens of classes designed to help people in the career of penetration testing, but there has not been any course that focuses on teaching you the skills, mindset and tools needed to be a social engineering penetration tester... until NOW the skill set needed to be a professional social engineer blends a person's mental skills of influence, persuasion and psychological tactics with technical skills such as mastering elicitation and pretexting. The Social-Engineer.com Social Engineering Penetration Testers course is a week-long immersion into the world of a professional social engineer.
-
Cloud Computing Security Knowledge (CCSK) Plus
When: 17/05/2012 - 08/10/2012
The CCSK Plus training course enables the proactive management of the threats associates with Cloud Computing adoption
Whitepapers
-
Power of Three: Building Mobile Initiatives Guided by Business Goals, Technology and Governance
The use of powerful mobile devices has become so widespread industry leaders in almost every sector ...
-
Enterprise Mobility Management: Embracing BYOD Through Secure App and Data Delivery
The transformation of computing through mobility, consumerisation, bring-your-own device (BYOD) and flex-work offers powerful benefits for ...
-
Best Practices to Make BYOD Simple and Secure
As consumerisation continues to transform IT, organisations are moving quickly to design strategies to allow bring-your-own ...
Galleries
Latest Blog Posts
Top IT Security Bloggers
Videos & Podcasts
-
Play video
AusCERT 2013: Introduction to Network Security Monitoring with Security Onion - AusCERT Presentation
-
Play video
Hackers around the world hack NASA data for good
-
Play video
Mobile Malware Development Continues To Rise, Android Leads the Way. Part Three
-
Play video
Mobile Malware Development Continues To Rise, Android Leads the Way. Part Two
CSO Corporate Partners
Get exclusive access to CSO, invitation only events, reports & analysis. Most Read
CSO Directory
Media Releases
Latest Jobs
Solution Centres
Security Awareness Tip
Incident handling is a vast topic, but here are a few tips for you to consider in your incident response. I hope you never have to use them, but the odds are at some point you will and I hope being ready saves you pain (or your job!).
- Have an incident response plan.
- Pre-define your incident response team
- Define your approach: watch and learn or contain and recover.
- Pre-distribute call cards.
- Forensic and incident response data capture.
- Get your users on-side.
- Know how to report crimes and engage law enforcement.
- Practice makes perfect.
Security ABC Guides
Warning: Tips for secure mobile holiday shopping
I’m dating myself, but I remember when holiday shopping involved pouring through ads in the Sunday paper, placing actual phone calls from tethered land lines to research product stock and availability, and actually driving places to pick things up. Now, holiday shoppers can do all of that from a smartphone or tablet in a few seconds, but there are some security pitfalls to be aware of.
