Top Stories
News
10 scary facts about Bitcoin
Security intelligence maps out Wotif.com’s online journey
Researcher finds latest Office zero-day was first used in 2009
Yahoo discloses user data requests from US law enforcement agencies
Proposed e-license plates can be altered remotely and may be used to track you
Why we can't stop malicious insiders
Google funds campaign against child porn online
UK spy agency reportedly intercepted email of delegates at G20 meetings in 2009
Most Data Breaches Caused by Human Error, System Glitches
US NSA can access data without court approval, leaker says
European trust in US compromised, says EU data protection head
Companies unprepared for data breaches, says security survey
Industries
If governments clarify security expectations, vendors will follow: Huawei
AusCERT 2013: Deploying BYOD in a government environment
AusCERT 2013: Interview with Dr Lizzie Coles-Kemp
AusCERT organisation celebrates 20 years
AusCERT 2013: Police urge banks to install ATM chip technology
AusCERT 2013: Big data skills help beat the bad guys, says HP
The Ins and Outs of Cloud and Outsourcing
Australian Information Security Association issues blunt warning as National Cyber Security Awareness Week begins
Despite $1.46b furphy, 2013-14 Budget offers slim pickings for cyber security
SCADA security and understanding the risk impacts
Cyber Security and the CIO Challenge
Trend Micro's new paradigm: old (but good) advice in a new bottle
Data Protection
10 scary facts about Bitcoin
Researcher finds latest Office zero-day was first used in 2009
Cisco impresses with first crack at next-gen firewall
In a climate of security fear, don’t forget the enemy within
Location security, app bundling helping St John of God manage mobility
The week in security: PRISM revelations show they really are watching you
CSO Roundtable : Effective Mobile Security
Executives see laptops as bigger security risk than desktops, smartphones: FireEye
External DDoS protections don’t reduce CSO collaboration onus: Akamai
Establishing a Cloud Broker Model – Part 2
Public comment open as ISP association updates icode for new security threats
Google outlaws facial recognition apps on Glass for now
Identity & Access
The week in security: AusCERT 2013 dominates Cyber Security Awareness Week
AusCERT 2013: Kill the password, says Mozilla
The week in security: Government puts its cybersecurity money where its mouth is
The week in security: Govt targets cybercrims; cybercrims target banks, unis
Business banking: Liable for trojan fraud and flying blind
The week in security: Was it the FBI's Apple data, or not?
Win8 SmartScreen nudges software sellers to buy code signing certs
Understanding identity underpins BYOD security
Standards could turn social networks into trusted ID brokers: NetIQ
Five steps to mastering identity and access management
Auscert 2012: Day 2 Roundup - Roll your sleeves up its Gala Day
AusCERT 2012 Day 1 : IDS too noisy, too demanding: Stratsec
Business Continuity
BYOD security needs total user management : LANDesk
AusCERT 2013: Interview with Dr Lizzie Coles-Kemp
AusCERT 2013: Home-electronics gear’s UPnP as insecure in Australia as rest of world: Metasploit
Symantec targets mid to large businesses with Backup Exec 3600
The week in security: Huawei, ZTE, Galaxy Tab deemed unacceptable for business use
The week in security: Govt targets cybercrims; cybercrims target banks, unis
The week in security: Was it the FBI's Apple data, or not?
Part 3 Business Continuity and implementation
How CIO's meet growing security threats
Backup, DR part of security processes: Telsyte
Storing in the cloud securely: 30 services compared
Auscert 2012: Day 2 Roundup - Roll your sleeves up its Gala Day
Physical Security
Auscert 2013: Perimeter protection has failed, encryption needs its day in the sun
CS-Cart v3.0.4 has PayPal ‘buy without paying’ glitch
Oz watchdog eyes whitelisting as “reasonable” privacy measure
Week in security: FreeBSD hacked as Facebook, Adobe redouble security efforts
Exposing insider threats
Social engineer whiz kid Cosmo gets six-year Internet ban
Aussie drug prescriptions sit pretty for health fraud
Security surveillance gets smarter
Exactly what is Homeland Security watching for on Facebook, Twitter, YouTube?
Researchers crack satellite encryption
Security Manager's Journal: Should physical security belong to us?
Carrier IQ security risks overblown?
Security Leadership
AusCERT 2013: Unmanaged, unknown privileged logins opening the door for APTs: Cyber-Ark
AusCERT 2013: Companies unaware of IPv6 security risk even if they’re not using it
AusCERT 2013: Visibility critical when selling IT security to execs, says Foxtel CSO
AusCERT 2013: NBN users need security professionals’ help, says Google
Australian Information Security Association issues blunt warning as National Cyber Security Awareness Week begins
AFP takes cyber safety to the people
Trustwave open new Security Operations Centre in Asia Pacific
Dimension Data focuses on enterprise mobility, security in 2013
Nasty Ruby on Rails vulnerabilities highlight small websites' risk to us all
IN PICTURES: Symantec revs it up at Telstra 500 (67 photos)
AISA National Conference 2012 set to repeat last year’s success
How CIO's meet growing security threats
Career Training
IT grads ambitious, but lack the security skills companies need: panel
IT security skills shortage demands training, hiring rethink: Earthwave
Trend Micro A/NZ hires new managing director from global ranks
Telstra seeks CISO to work with the Dept of Defence
Security Manager's Journal: A rush to judgment on DLP deployment
Techie seeks job by using malware, blackmail
Bruce Schneier awarded honorary degree from Westminster University
The CFO's role in the data breach war
Ethical hacking course offered by Coventry University
The Security Industry All-Stars
Where's the Steve Jobs of IT security?
ISMS Certification for Outsourced Service Providers
Risk Management
Nasty Ruby on Rails vulnerabilities highlight small websites' risk to us all
The week in security: Attacks continue; are you ready for 2013?
DSD confirms: application whitelisting is the go
Six tips for developing a security culture
Week in security: The future of security is agile
Embedding risk culture
The six pillars of security operations
Apple Security
Researcher finds latest Office zero-day was first used in 2009
In a climate of security fear, don’t forget the enemy within
Despite Android’s malware reputation, Samsung pursues DSD EAL2 certification
AusCERT 2013: Low-level analysis can find, map data deleted from Android phones
Oracle updates Java 7 after Apple’s browser plugin block
Review: Mobile Security
Could 2013 be the year we finally sort out security?
The week in security: Attacks continue; are you ready for 2013?
The week in security: Govt targets cybercrims; cybercrims target banks, unis
Apple patches more than 160 Windows iTunes flaws
The week in security: Was it the FBI's Apple data, or not?
CSO: the art of catching the board's ear
Open Source Security
Review : Clearswift SECURE Web Gateway 2.5
Google to auto probe Android Market for malware
Cnet de-trojans Nmap, but outrage continues
WatchGuard launches iOS-friendly security appliance
Hackers launch millions of Java exploits, says Microsoft
OpenPGP JavaScript implementation allows webmail encryption
Linuxfoundation.org, Linux.com down after security breach
Hack brings down Linux websites
Hack or no hack, the Linux kernel is well-protected
Security rundown for week ending Aug. 12
Super Glue website comes unstuck after Javascript attack
Mozilla retires Firefox 4 from security support
Opinions
Establishing a Cloud Broker Model – Part 2
Beyond BYOD: Securing the Mobile Workforce
The Ins and Outs of Cloud and Outsourcing
Protecting your organisation against DDoS attacks
Stuxnet, Ethics and the Law
Login to the real world with your Facebook account
What you should know about the Red October virus
SCADA security and understanding the risk impacts
Cyber Security and the CIO Challenge
Microsoft's Melbourne tests confirm: counterfeit software a security risk
Why acknowledging the cyber war and embracing cyber resiliency must be priority one
Establishing a Cloud Broker Model – Part 1
IPv6
SANS: Closeted IPv6 causing “angst” amongst security pros
The week in security: New threats drive cloud-security evolution
IP voice security: are you susceptible or strong?
DDoS attackers start targeting IPv6 networks
IPv6 deployment starts at the network edge
IPv6: Dual-stack strategy starts at the perimeter
Hackers target IPv6
Boost in IPv6 use is only one step to solution
IPv6: Click, Clack, Front and Back
Will the sky fall if you don't deploy IPv6?
IPv6 boosts schools' on-net security
Companies shun, hide IPv6 rollouts due to security fears
Meet the CSO Journos
Featured Resources
Twitter Feed
-
SJMcKenzie RT @zyzzyvamedia: [plug] How ME Bank moved information #security from IT to the boardroom http://t.co/dImxgu8xkN via @CSO_Australia #CSO -
zyzzyvamedia [plug] How ME Bank moved information #security from IT to the boardroom http://t.co/dImxgu8xkN via @CSO_Australia #CSO -
Mister_Lupus Does #encryption really shield you from government's prying eyes? -- CSO | http://t.co/9o12kJnjad via @CSO_Australia -
Mister_Lupus #Prism doesn't have CIOs in a panic -- yet -- CSO | The Resource for Data Security Executives http://t.co/80oezeYtVs via @CSO_Australia
-
ThreatMetrix One in ten new user accounts created to perpetrate fraud: @ThreatMetrix http://t.co/WX2DBXXRQl via @CSO_Australia
Training
-
CISM Certified Information Security Manager
When: 12/08/2013
The ISACA® Certified Information Security Manager is the fastest growing and arguably the most prestigious qualification available for Information Security managers today. CISM properly recognises that security is first and foremost a management rather than a technical issue. CISM defines the core competencies and international standards of performance that information security managers are expected to master. The course provides an intense environment in which participants can acquire, thoroughly and properly, the skills and knowledge expected of a world-class information security manager. In the process the course provides outstanding preparation for the CISM exam.
-
CISSP Certified Information Systems Security Professional
When: 17/06/2013 - 18/11/2013
The ISC(2) CISSP® (Certified Information Systems Security Professional) Certification is one of the most sought-after security certifications available today. It is based on the CBK (Common Body of Knowledge) which comprises ten subject domains that the (ISC)2 compiles and maintains through ongoing peer review by subject matter experts. The goal of this 5-day accelerated course is to provide information security professionals with a fully-immersed, minimum-distraction CISSP CBK training and certification experience. The course will broaden and deepen your understanding of all ten CBK domains as required for the (ISC)2 CISSP accreditation examination.
-
SABSA Foundation
When: 08/07/2013 - 11/11/2013
SABSA is the world’s leading open security architecture framework and methodology. SABSA is a to-to-bottom framework and methodology to conceive, conceptualise, design, implement and manage security in a business-driven model. The term ‘business-driven’ is the key to SABSA’s power, and its acceptance. SABSA is all about empowering the organisation to do business as it needs and wants to do, while ensuring that it is secured and fully enabled. SABSA is an open and inclusive standard that readily integrates with other frameworks and tools such as ITIL, 17799/27000 series, COBIT and the like. It can be used as a compliance and governance framework for complex sets of standards. SABSA is used commonly as the security parallel and tool set for organisations using the world’s leading IT Architecture Framework – Zachman.
-
Social Engineering Training for Pen Testers and Others
When: 02/12/2013
Course Overview There are dozens of classes designed to help people in the career of penetration testing, but there has not been any course that focuses on teaching you the skills, mindset and tools needed to be a social engineering penetration tester... until NOW the skill set needed to be a professional social engineer blends a person's mental skills of influence, persuasion and psychological tactics with technical skills such as mastering elicitation and pretexting. The Social-Engineer.com Social Engineering Penetration Testers course is a week-long immersion into the world of a professional social engineer.
-
Cloud Computing Security Knowledge (CCSK) Plus
When: 17/05/2012 - 08/10/2012
The CCSK Plus training course enables the proactive management of the threats associates with Cloud Computing adoption
Whitepapers
-
Advanced Malware Exposed
This handbook shines a light on the dark corners of advanced malware, both to educate as ...
-
Enterprise Mobility Management: Embracing BYOD Through Secure App and Data Delivery
The transformation of computing through mobility, consumerisation, bring-your-own device (BYOD) and flex-work offers powerful benefits for ...
-
Tolly Report: Performance Survey of Virtual Environment Security
This report by Tolly tests the system resource requirements of competing vendor solutions when performing on-demand ...
Galleries
Latest Blog Posts
Top IT Security Bloggers
Videos & Podcasts
-
Play video
AusCERT 2013: Introduction to Network Security Monitoring with Security Onion - AusCERT Presentation
-
Play video
Hackers around the world hack NASA data for good
-
Play video
Mobile Malware Development Continues To Rise, Android Leads the Way. Part Three
-
Play video
Mobile Malware Development Continues To Rise, Android Leads the Way. Part Two
CSO Corporate Partners
Get exclusive access to CSO, invitation only events, reports & analysis. Most Read
- 1
How ME Bank moved information security from IT to the boardroom
- 2
7 essentials for defending against DDoS attacks
- 3
One in ten new user accounts created to perpetrate fraud: ThreatMetrix
- 4
Aussie cops: Silk Road TOR anonymity 'not guaranteed'
- 5
Does encryption really shield you from government's prying eyes?
CSO Directory
Media Releases
Latest Jobs
Solution Centres
Security Awareness Tip
Incident handling is a vast topic, but here are a few tips for you to consider in your incident response. I hope you never have to use them, but the odds are at some point you will and I hope being ready saves you pain (or your job!).
- Have an incident response plan.
- Pre-define your incident response team
- Define your approach: watch and learn or contain and recover.
- Pre-distribute call cards.
- Forensic and incident response data capture.
- Get your users on-side.
- Know how to report crimes and engage law enforcement.
- Practice makes perfect.
Security ABC Guides
Warning: Tips for secure mobile holiday shopping
I’m dating myself, but I remember when holiday shopping involved pouring through ads in the Sunday paper, placing actual phone calls from tethered land lines to research product stock and availability, and actually driving places to pick things up. Now, holiday shoppers can do all of that from a smartphone or tablet in a few seconds, but there are some security pitfalls to be aware of.
