• How much security is too much security?

    Enex TestLab’s various divisions cut across a large number of industry sectors, perhaps more so than most organisations. From my perspective, we deal with an impressive number of organisations and individuals within those industries. Heading this organisation, therefore, requires me to wear a number of different hats in any given day. But the one common denominator is the humans that we need to interact with.

  • Are we losing the battle? Or have we lost the war?

    I get around a lot, and I mean that in the nicest possible way. Over the decades there seems to have been a seismic change in the government and organisational view of operational security and exactly what the function and charter of that role entails.

  • The question of privacy

    It is an interesting construct this theory of privacy. Increasingly, people are becoming aware that the more highly and ubiquitously they become digitally connected to the global economy, the more they are forsaking their personal information. Not just basic information either, but their likes, dislikes, views, opinions and passions. And that information is being aggregated.

  • Big or Little brother?

    It used to be the fear of 1984 and Big Brother—watching and controlling citizens’ every move. These days the writing is on the wall, while Big Brother is watching via the CCTV networks, little brother is insidiously infiltrating our computers and smart devices to build a cache of information—and it is no longer simply making off with corporate/personal data/information. Enter the RAT.

  • Baseline Security Evaluation - SEPR

    Enex TestLab has been providing independent testing services for 24 years now. We cover 90 industry sectors with 8 separate testing divisions.

  • There is a reason why we do what we do, and it starts with a 'P'

    There has to be a certain level of paranoia in the security industry. It’s what we do, our job is to believe nothing and see gaping holes where others simply trust things are being looked after.

  • Data retention, governance and privacy

    There has been a lot of coverage in recent months over the Australian Federal Governments proposition to implement a data retention policy. The debate is polarising and highly emotive, similar to that of the shelved mandatory Internet content filtering policy.

  • Social media – how’s your privacy?

    One of my previous blogs touched upon the Australian Federal Government’s proposed data retention laws and the inevitable storm raised by those opposed - big brother all over again. The digital Australia card. However, some individuals are voluntarily and publicly releasing personal information of far greater value than a list of the internet sites they visit. Indeed the information released is encouraged to be used by marketing and advertisers to characterise an individual and target promotions straight to their screen.

  • Close the Interwebz?

    In my last CSO blog I posted about the Australian Federal Governments recent proposal that requires Internet Service Providers to retain their customers’ activity logs for a period of two years.

  • Whose watching you watching them?

    There has been a lot of public debate and emotive outcry over the government's proposal to enable a security agency to gain access to the historical user activity logs of Internet Service Providers. Under that provision the requirement will be for ISPs to retain such information for a period of two years and provide it if requested.

Matt Tett
Matt Tett is the Managing Director of Enex TestLab, an independent testing laboratory with over 22 years history and a heritage stemming from RMIT University. Matt holds the following security certifications in good standing CISSP, CISM, CSEPS and CISA. He is a long standing committee member of the Australian Information Security Association (AISA), Melbourne branch, and is also a member of the Information Systems Audit and Control Association (ISACA). Enex TestLab can be found at http://www.testlab.com.au blog at http://enextestlab.blogspot.com and can be found on twitter as @enextestlab.
Blogs
CSO Corporate Partners
  • Webroot
  • Trend Micro
  • NetIQ
rhs_login_lockGet exclusive access to CSO, invitation only events, reports & analysis.
CSO Directory

SECURE Web Gateway

Balancing the requirement for strong network security with the need to harness collaborative web technologies is essential for business growth.

Latest Jobs
Security Awareness Tip

Incident handling is a vast topic, but here are a few tips for you to consider in your incident response. I hope you never have to use them, but the odds are at some point you will and I hope being ready saves you pain (or your job!).


  1. Have an incident response plan.

  2. Pre-define your incident response team 

  3. Define your approach: watch and learn or contain and recover.

  4. Pre-distribute call cards.

  5. Forensic and incident response data capture.

  6. Get your users on-side.

  7. Know how to report crimes and engage law enforcement. 

  8. Practice makes perfect.

For the full breakdown on this article

Security ABC Guides

Warning: Tips for secure mobile holiday shopping

I’m dating myself, but I remember when holiday shopping involved pouring through ads in the Sunday paper, placing actual phone calls from tethered land lines to research product stock and availability, and actually driving places to pick things up. Now, holiday shoppers can do all of that from a smartphone or tablet in a few seconds, but there are some security pitfalls to be aware of.