• What is "responsible disclosure"?

    Back in 2009 I wrote a blog post about vulnerability disclosure. It's interesting reading the post four years later, looking at things that have happened at places I've worked, vulnerabilities I've reported personally or watched others submit.

  • CREST Australia - why accreditation is a good thing

    The security industry seems to be broadly polarised by the Attorney-General's recent announcement of the formation of CREST Australia (Council of Registered Ethical Security Testers). For those who have not kept pace with this piece of news, CREST Australia has been chartered by the AG's office to certify the competency of penetration testers within Australia. Now, I've spoken with quite a few people and I am quite surprised at the variety of responses—particularly from people I would have expected to endorse it.

  • The Erosion of Privacy

    "If a nation values anything more than freedom, it will lose its freedom: and the irony of it is that if it is comfort or money that it values more, it will lose that, too." -- William Somerset Maugham

Jarrod Loidl
"Independent Security Consultant Jarrod Loidl is an independent information security consultant with over seven years industry experience. He has worked in a number of different verticals such as education, gaming, advertising, financial services, professional services, not-for-profit and healthcare. His specialities are security management, risk and architecture and penetration testing. Though most of his experience lies in management end of security, he's trying to get back to his roots and stay in the technical game. He is an active member of the Australia Information Security Association (AISA) and ISACA and has presented at both the local Melbourne AISA and OWASP chapters. He is an avid, life long learner. His qualifications include a Bachelors degree in Computing, CISSP, CRISC, CISM, SABSA Certified Architect (SCF), Certified Penetration Tester (CPT) and very slowly chipping away at obtaining a Masters in Business Administration."
Blogs
CSO Corporate Partners
  • Webroot
  • Trend Micro
  • NetIQ
rhs_login_lockGet exclusive access to CSO, invitation only events, reports & analysis.
CSO Directory

Cloud Trust Authority

Reduce complexity and increase trust for public cloud service providers and their customers.

Latest Jobs
Security Awareness Tip

Incident handling is a vast topic, but here are a few tips for you to consider in your incident response. I hope you never have to use them, but the odds are at some point you will and I hope being ready saves you pain (or your job!).


  1. Have an incident response plan.

  2. Pre-define your incident response team 

  3. Define your approach: watch and learn or contain and recover.

  4. Pre-distribute call cards.

  5. Forensic and incident response data capture.

  6. Get your users on-side.

  7. Know how to report crimes and engage law enforcement. 

  8. Practice makes perfect.

For the full breakdown on this article

Security ABC Guides

Warning: Tips for secure mobile holiday shopping

I’m dating myself, but I remember when holiday shopping involved pouring through ads in the Sunday paper, placing actual phone calls from tethered land lines to research product stock and availability, and actually driving places to pick things up. Now, holiday shoppers can do all of that from a smartphone or tablet in a few seconds, but there are some security pitfalls to be aware of.