position
Top Stories
News
Symantec: disable pcAnywhere until fully patched
Microsoft plucks Kelihos botnet coder from AV industry
EU eyes board with 24 hr data breach notifications
ASIC: clients should "urgently" review online trading account security
The week in security: A bitter bar of SOPA
McAfee fixes hosted-service spam flaw
Facebook outs Koobface worm crew
Super-threats: The Six Steps You Need to Take to Protect Your Business
How much new Mac malware arrived in 2011?
Obama spikes anti-piracy SOPA over DNSSEC
Aussie-founded PC Tools stars in Symantec ‘scareware’ suit
Attackers spoof US-CERT phish alert to lure victims
Industries
ASIC: clients should "urgently" review online trading account security
Obama spikes anti-piracy SOPA over DNSSEC
DigiNotar looming large, new guidelines clarify certificate authority obligations
Europe’s maritime cyber security "non-existent"
iCode flag-bearer defends ISP malware notifications
Defence win backs Citrix desktop virtualisation security claims
What is Critical National Infrastructure?
Feds launch cloud security standards program
Symantec confirms Flash exploits targeted defense companies
SANS Institute slags Australia's anti-botnet iCode
Cyber-thieves using DDoS to distract banks and victims from spotting fraud
Medical data breaches soar, according to study
Data Protection
Symantec: disable pcAnywhere until fully patched
Microsoft plucks Kelihos botnet coder from AV industry
EU eyes board with 24 hr data breach notifications
ASIC: clients should "urgently" review online trading account security
The week in security: A bitter bar of SOPA
McAfee fixes hosted-service spam flaw
Facebook outs Koobface worm crew
Super-threats: The Six Steps You Need to Take to Protect Your Business
How much new Mac malware arrived in 2011?
Obama spikes anti-piracy SOPA over DNSSEC
Aussie-founded PC Tools stars in Symantec ‘scareware’ suit
Attackers spoof US-CERT phish alert to lure victims
Identity & Access
Obama spikes anti-piracy SOPA over DNSSEC
5 principles of selling security initiatives to executives
HP admits LaserJet flaw, refutes flaming printer hack
Australia crawls towards its answer to identity fraud
Security roundup for week ending Nov. 11
Security roundup: virtualization is key to public cloud security; China, Russia accused of cyber-espionage; More Duqu for you
Don't let your data suffer from Miss Taken Identity
Security roundup for Oct. 28: Cloud security holes; Facebook vulnerable?; China hackers lambasted
Siri open to anyone even when iPhone 4S locked
Duqu, Son of Stuxnet, has arrived
Destroying data to protect against fraud
German jailed for Bluetooth-enabled PIN stealing kit
Business Continuity
Windows 8 can scrub data from disk, but not up to tough security specifications
How to implement a successful security and disaster recovery plan
Reloaded: Paying Lip Service to Incident Response
Security Manager's Journal: A rush to judgment on DLP deployment
Naming names in APT
USB sticks still being used insecurely, Ponemon study finds
BC/DR spending not a top budget priority
Review: Self-Encrypting External Hard Disk Drives
Security roundup: BlackBerry blows up; the 'dual-persona' mobile device?; more on the RSA hack
Survey finds dangerous gap in prevention
Security on a shoestring budget
Hackers reverse engineer German cop trojan
Physical Security
Carrier IQ security risks overblown?
Cyber-thieves using DDoS to distract banks and victims from spotting fraud
The typical fraudster - the threat from within.
Barack Obama’s security circus arrives in Oz: In Pictures
Lethal medical device hack taken to next level
Destroying data to protect against fraud
Ex-CIA boss "in awe" of Chinese hackers as RSA boss defends SecurID attack
Biometrics scares most people
Prototype "Rapid DNA" technology exhibited; could bolster forensic investigations
Will advanced biometrics automate future war machines?
Facial recognition security, privacy issues grab FTC attention
Yet another free pass for Aussie spooks
Security Leadership
Super-threats: The Six Steps You Need to Take to Protect Your Business
5 principles of selling security initiatives to executives
Murder retrial ordered after court records destroyed by virus
Japan developing cyber weapon: Report
How to implement a successful security and disaster recovery plan
Telstra seeks CISO to work with the Dept of Defence
Security Manager's Journal: A rush to judgment on DLP deployment
Cybercrime taking off in NZ
EU calls for 'one-stop-shop' for data protection rules
Techie seeks job by using malware, blackmail
Bruce Schneier awarded honorary degree from Westminster University
Hungarian hacks Marriott's systems to blackmail for job
Career Training
Telstra seeks CISO to work with the Dept of Defence
Security Manager's Journal: A rush to judgment on DLP deployment
Techie seeks job by using malware, blackmail
Bruce Schneier awarded honorary degree from Westminster University
The CFO's role in the data breach war
Ethical hacking course offered by Coventry University
The Security Industry All-Stars
Where's the Steve Jobs of IT security?
ISMS Certification for Outsourced Service Providers
Awareness, awareness, awareness ... “stop eating dirt with dog sprinkles on it”
8 ways to become a cloud security expert
When ignorance isn’t bliss
Risk Management
Security Operations the Final Frontier – Part III
Reloaded: Paying Lip Service to Incident Response
VoIP hacking is phreaking expensive
How to have real risk management
Hybrid clouds the eventual reality for risk management
Got cyber insurance?
IT Audit Survey Exposes Weak Risk Assessment
How to create a risk register
Managing risk comes from communicating to the business: ISACA
Online Communities Carry Risks
Security Operations the Final Frontier – Part II
IBM to buy risk analysis company Algorithmics for $387M
Apple Security
The week in security: A bitter bar of SOPA
How much new Mac malware arrived in 2011?
H1Siri Brings Siri to iPhone 4, But Is One Hack to Avoid
iPhone app spotlight: SecureSafe
Rant: Welcome to Apple's sandbox
Researcher finds iOS flaw to bypass App Store code signing
Make sure those iOS apps support Data Protection
Siri open to anyone even when iPhone 4S locked
Android antivirus king moves on iOS
The SSL certificate industry can and should be replaced
Which smartphone is the most secure?
iPad data LP: Security savior or strong-arm tactic
Open Source Security
Cnet de-trojans Nmap, but outrage continues
WatchGuard launches iOS-friendly security appliance
Hackers launch millions of Java exploits, says Microsoft
OpenPGP JavaScript implementation allows webmail encryption
Linuxfoundation.org, Linux.com down after security breach
Hack brings down Linux websites
Hack or no hack, the Linux kernel is well-protected
Security rundown for week ending Aug. 12
Super Glue website comes unstuck after Javascript attack
Mozilla retires Firefox 4 from security support
A new security architecture for the cloud
Eric Schmidt: Want security? Get a Mac
Opinions
The top three causes of security breaches: Part 1 of 2
Data centres need to lift their standards
The year in review: 2011-2012
A new focus for IT security?
Creating a governance framework for cloud security
Social media security: Three things to do, and three to avoid
6 questions with Juniper Network's Tim Nagy
ISMS Certification for Outsourced Service Providers
Infosec's mega marketing misalignment mishap
Security Operations the Final Frontier – Part II
Opinion: Use It, Don’t Lose It: Keeping Your Business Data Safe
Cybercrime Innovation Needs Strategic Responses
IPv6
Hackers target IPv6
Boost in IPv6 use is only one step to solution
IPv6: Click, Clack, Front and Back
Will the sky fall if you don't deploy IPv6?
IPv6 boosts schools' on-net security
Companies shun, hide IPv6 rollouts due to security fears
Security stasis as NBN Co, Telstra consider how to move customers to IPv6
Persistence of IPv4 security model threatens open Net: ISOC
IPv6 will change network attack surface, albeit slowly: Huston
IPv6 security: Everything old is new again
Network trust and security in doubt
A summit everyone on the Internet needs to climb.
Featured Resources
Training
-
ISACA Certifications
When: 10/12/2011
The Certified Information Security Manager (CISM) certification is a unique management-focused certification that has been earned by more than 16,000 professionals since its introduction in 2003. Unlike other security certifications, CISM is for the individual who manages, designs, oversees and assesses an enterprise's information security.
-
Introduction to Risk Management
When: 31/07/2011
Business training Introduction to Risk Management Protect your company performance and identify busness risks before they occur. This course teaches staff how to: • Identify and manage operational and strategic threats • Understand and plan for potential impacts • Implement a risk management framework.
-
CISA Certified Information Systems Auditor
When: 28/11/2011
This 5-day training program provides an intense environment in which participants can acquire, thoroughly and properly, the skills and knowledge expected of a world-class information systems audit, control and security professional. In the process the course provides outstanding preparation for the CISA exam.
-
(Certified Information Systems Security Professional) Certification Fast Track
When: 14/11/2011
The ISC(2) CISSP® (Certified Information Systems Security Professional) Certification is one of the most sought-after security certifications available today. It is based on the CBK (Common Body of Knowledge) which comprises ten subject domains that the (ISC)2 compiles and maintains through ongoing peer review by subject matter experts. Objectives The goal of this 5-day accelerated course is to provide information security professionals with a fully-immersed, minimum-distraction CISSP CBK training and certification experience. The course will broaden and deepen your understanding of all ten CBK domains as required for the (ISC)2 CISSP accreditation examination.
-
CISM's CISM" (Certified Information Security Manager) training course
When: 14/11/2011
CISM properly recognises that security is first and foremost a management rather than a technical issue. CISM defines the core competencies and international standards of performance that information security managers are expected to master. It provides executive management with the assurance that those who have earned their CISM have the experience and knowledge to offer effective security management and advice. The course provides an intense environment in which participants can acquire, thoroughly and properly, the skills and knowledge expected of a world-class information security manager. In the process the course provides outstanding preparation for the CISM exam.
Whitepapers
-
10 Essential Steps to Web Security
This short guide outlines 10 simple steps to best practice in web security. Follow them all ...
-
Book 1 - The Executive’s Guide to Assuring Compliance
In today’s integrated, regulated, litigated environment, it is necessary to provide assurance to customers, business partners, ...
-
CSO Security Buyers Guide 2011
Welcome to the 2011 /2012 CSO Security Buyers Guide CSO is keeping security professionals ahead of ...
Galleries
Latest Blog Posts
Vendor Blogs
CSO Corporate Partners
Get exclusive access to CSO, invitation only events, reports & analysis. Most Read
CSO Directory
Media Releases
-
Coverity Announces Formation of Security Research Laboratory
-
Coverity and Wind River Bring Development Testing for Security to Embedded Software Development
-
67 percent fear that malware is on the rise and 61 percent feel user error is the biggest threat on the internet
-
Sophos Security Threat Report 2012 - seeing through the hype
-
New Mobile Security Threats: QR Codes, Stolen Digital Certificates, Rootkits
Latest Jobs
- FTSecurity Specialist - Global Brand - $75-90KNSW
- FTMobile Data Terminal EngineerNSW
- FTASP.NET Developer (Digital)NSW
- FTSupport Manager/IT Operations ManagerNSW
- FTIIS Engineer - Microsoft - IIS 6/7 - Active Directory - ScriptingNSW
- FTMicrosoft Systems Engineer - Microsoft - IIS 6/7 - Active Directory - ScriptingNSW
- FTWindows Systems Engineer - Server 2003/2008 - VMWare - IIS 6/7NSW
- FTWindows Server Systems Engineer - Server 2003/2008 - VMWare - SCCMNSW
- CCExperienced Solution ArchitectNSW
- FTSenior C# ASP.Net DeveloperNSW
- FTFlash / ActionScript DeveloperNSW
- FTIntegration Engineer - Trading systems - UNIX/ScriptingNSW
- FTSoftware Engineer - Java/LinuxNSW
- FTFrontend Developer - HTML5/CSS/JQueryNSW
- FTMobile App DeveloperNSW
- FTMicrosoft Systems Engineer - Microsoft - IIS 6/7 - Active Directory - ScriptingNSW
- FTiPhone Developer DeveloperNSW
- FTIIS Engineer - Microsoft - IIS 6/7 - Active Directory - ScriptingNSW
- FTWindows Server Systems Engineer - Server 2003/2008 - VMWare - SCCMNSW
- CCMobile Data Terminal Developer - Visual C++NSW
- FTMicrosoft Systems Engineer - Microsoft - IIS 6/7 - Active DirectoryNSW
- CCMultiple Informatica Developer's Needed - ETL - Strong Informatica DevelopmentNSW
- FTFlash / ActionScript DeveloperNSW
- FTfront End DeveloperNSW
- FTVM Systems Engineer - Microsoft - VMWare - IIS 6/7 - Active DirectoryNSW
Solution Centers
Security Awareness Tip
Clearswift tips: Guidelines for introducing and policing an effective IT Policy
1. Make it clear that the policy is not about playing ‘Big Brother’ but to ensure the security of employees, company information and data and to safeguard the company’s reputation.
2. Invest time to get buy-in from managers and their teams.
3. Convey the message of flexibility – with regard to social media, it is not about blocking staff usage but working in everyone’s interests to ensure that threats are contained.
4. Introduce a regular company-wide training programme that everyone attends at regular intervals throughout the year, not merely as part of an induction programme.
5. Within the training programme make sure that there are specific examples to demonstrate each rule or regulation, and that there is a clear explanation of the dangers of casual or careless talk on social networking sites. Again use examples, employees need to understand the consequences of raising a throwaway comment that has negative connotations for the business, as much as they need to be aware of dangers of making a more direct but ill-considered attack on a competitor, regulator or even a fellow colleague. They need to be clearly advised on any impact on the company and/or legal action or inquires that may be raised as a result.
6. Alert employees to any changes in policy through regular clear communication.
7. Reinforce the operational policy guidelines regularly, cover everything from blogging to Facebook, LinkedIn and Twitter.
8. Ensure that the rules are fair and that they apply throughout the business.
9. Enforce the rules – if there is a deliberate or malicious contravening, disciplinary action needs to be taken. A policy isn’t worth having if it is seen to be lax and unenforced.
10. Review the policy regularly to ensure you keep up to date with new systems and technology.
Phil Vasic is Regional Director, APAC, at Clearswift, the software security company www.clearswift.com
1. Make it clear that the policy is not about playing ‘Big Brother’ but to ensure the security of employees, company information and data and to safeguard the company’s reputation.
2. Invest time to get buy-in from managers and their teams.
3. Convey the message of flexibility – with regard to social media, it is not about blocking staff usage but working in everyone’s interests to ensure that threats are contained.
4. Introduce a regular company-wide training programme that everyone attends at regular intervals throughout the year, not merely as part of an induction programme.
5. Within the training programme make sure that there are specific examples to demonstrate each rule or regulation, and that there is a clear explanation of the dangers of casual or careless talk on social networking sites. Again use examples, employees need to understand the consequences of raising a throwaway comment that has negative connotations for the business, as much as they need to be aware of dangers of making a more direct but ill-considered attack on a competitor, regulator or even a fellow colleague. They need to be clearly advised on any impact on the company and/or legal action or inquires that may be raised as a result.
6. Alert employees to any changes in policy through regular clear communication.
7. Reinforce the operational policy guidelines regularly, cover everything from blogging to Facebook, LinkedIn and Twitter.
8. Ensure that the rules are fair and that they apply throughout the business.
9. Enforce the rules – if there is a deliberate or malicious contravening, disciplinary action needs to be taken. A policy isn’t worth having if it is seen to be lax and unenforced.
10. Review the policy regularly to ensure you keep up to date with new systems and technology.
Phil Vasic is Regional Director, APAC, at Clearswift, the software security company www.clearswift.com
Security ABC Guides
7 Ways to Protect Your Business Printers
Can a hacker burn down your business by remotely setting one of your printers on fire? Researchers at Columbia University have recently proposed such a scenario, although HP quickly denied that it's possible. However, even if your printers can't be used as remote firestarters, there are many risks involved in networking a printer.
