In running one of the largest data warehouses in the world, online retailer eBay has faced down some unique challenges in delivering big-data analytics capabilities – not the least of which is ensuring that its more than 6,000 business users and analysts are tightly managed to prevent data privacy and security compromises.
The Office of the Australian Information Commissioner (OAIC) has kicked off a targeted campaign to raise awareness on the new privacy laws before take effect next March.
According to Australia's Privacy Commissioner, Timothy Pilgrim, every single one of the high-profile investigations he completed in 2011–12 involved data security issues and information security is now the major issue affecting consumer privacy.
The “fundamentally broken” security model of Google’s Android operating system makes bring your own device (BYOD) strategies too risky for companies to implement safely, a senior security researcher with Romanian security vendor Bitdefender has warned.
Some Sydney bank branches, lawyers' and doctors' offices have been found guilty of not properly disposing of personal information in rubbish bins which could be used by criminals for the purposes of fraud or identity theft following a private investigation.
Just a few short years ago, all a PC needed for protection was a basic antivirus program to guard against any malware that arrived via an e-mail attachment, embedded in a shareware application or piggy-backed on a floppy disk.
These days barely a day goes by where there isn’t some sort of network security breach or hack or malfunction of some sort. This year too we had the rise of groups such as Anonymous and Lulz that sought out attention for their activities. Here we take a look at the year in pictures of some of the key security problems that grabbed our attention.
- Amazon, Apple and Google know more about you than your doctor or lawyer - and Commbank is jealous as hell. - Don’t trust an organisation that doesn’t have a face - because then you can’t punch it in when they screw up, said Marcus Ranum. - 78 percent of the world’s population doesn’t have access to a computer or the internet and therefore avoid all IT security problems.
Destroying data to protect against fraud.
The complexity of encryption schemes has been increased dramatically in an attempt to outpace the development of computational tools designed to crack them. Now it's important to devise algorithms that can't be brute forced for trillions of years in the hopes that they will remain secure long enough to be useful before they, too, are broken. Here's a quiz about encryption to see how well you are versed in one of security's most important components. Keep track of your score and check at the end to see how well you stack up.
3 steps to total compromise – why Google’s 86,000 indexed printers should have your IT team jumping.
There’s been bit of coverage in the technology press about Google’s “Indexing” of tens of thousands of publicly available printers connected directly to the Internet.
Over the last 2-3 years cloud computing has promised, and in many instances delivered, a lower total cost of ownership. This has helped organisations return the focus of operation to their core activities—reducing the effort spent on managing IT infrastructure and applications.
Insider threats — for example, data theft, intellectual property loss, privacy breaches and financial fraud — can be the most challenging IT risks for an organisation to address because they may or may not be happening. But if an insider threat occurs, it could no doubt hurt financially and/or publically. So how do you implement early detection to discover and expose these threats?
This is not just what is stolen; but also the loss of business or credibility that comes from informing customers that their data has been compromised. How would your customers react if you told them that their financial data or personal information had been taken by persons unknown?
Sign up now »
Incident handling is a vast topic, but here are a few tips for you to consider in your incident response. I hope you never have to use them, but the odds are at some point you will and I hope being ready saves you pain (or your job!).
- Have an incident response plan.
- Pre-define your incident response team
- Define your approach: watch and learn or contain and recover.
- Pre-distribute call cards.
- Forensic and incident response data capture.
- Get your users on-side.
- Know how to report crimes and engage law enforcement.
- Practice makes perfect.
I’m dating myself, but I remember when holiday shopping involved pouring through ads in the Sunday paper, placing actual phone calls from tethered land lines to research product stock and availability, and actually driving places to pick things up. Now, holiday shoppers can do all of that from a smartphone or tablet in a few seconds, but there are some security pitfalls to be aware of.