Data Priacy
News
Data separation ensures privacy, security in eBay's petabyte-scale data warehouse
In running one of the largest data warehouses in the world, online retailer eBay has faced down some unique challenges in delivering big-data analytics capabilities – not the least of which is ensuring that its more than 6,000 business users and analysts are tightly managed to prevent data privacy and security compromises.
OAIC gets cracking on raising awareness of new privacy laws
The Office of the Australian Information Commissioner (OAIC) has kicked off a targeted campaign to raise awareness on the new privacy laws before take effect next March.
Australia's Privacy Commissioner gets serious about infosec
According to Australia's Privacy Commissioner, Timothy Pilgrim, every single one of the high-profile investigations he completed in 2011–12 involved data security issues and information security is now the major issue affecting consumer privacy.
“Fundamentally broken” mobile security makes BYOD too risky, expert warns
The “fundamentally broken” security model of Google’s Android operating system makes bring your own device (BYOD) strategies too risky for companies to implement safely, a senior security researcher with Romanian security vendor Bitdefender has warned.
Financial, health data dumped in Sydney rubbish bins
Some Sydney bank branches, lawyers' and doctors' offices have been found guilty of not properly disposing of personal information in rubbish bins which could be used by criminals for the purposes of fraud or identity theft following a private investigation.
Reviews
The security suite guide 2010
Just a few short years ago, all a PC needed for protection was a basic antivirus program to guard against any malware that arrived via an e-mail attachment, embedded in a shareware application or piggy-backed on a floppy disk.
Slideshows
From Anonymous to Hackerazzi: The year in security mischief-making
These days barely a day goes by where there isn’t some sort of network security breach or hack or malfunction of some sort. This year too we had the rise of groups such as Anonymous and Lulz that sought out attention for their activities. Here we take a look at the year in pictures of some of the key security problems that grabbed our attention.
AISA National Conference: In pictures
- Amazon, Apple and Google know more about you than your doctor or lawyer - and Commbank is jealous as hell. - Don’t trust an organisation that doesn’t have a face - because then you can’t punch it in when they screw up, said Marcus Ranum. - 78 percent of the world’s population doesn’t have access to a computer or the internet and therefore avoid all IT security problems.
The encryption quiz
The complexity of encryption schemes has been increased dramatically in an attempt to outpace the development of computational tools designed to crack them. Now it's important to devise algorithms that can't be brute forced for trillions of years in the hopes that they will remain secure long enough to be useful before they, too, are broken. Here's a quiz about encryption to see how well you are versed in one of security's most important components. Keep track of your score and check at the end to see how well you stack up.
Opinions
3 steps to total compromise – why Google’s 86,000 indexed printers should have your IT team jumping.
There’s been bit of coverage in the technology press about Google’s “Indexing” of tens of thousands of publicly available printers connected directly to the Internet.
Three Facts of Data Security Legislation for the Cloud
Over the last 2-3 years cloud computing has promised, and in many instances delivered, a lower total cost of ownership. This has helped organisations return the focus of operation to their core activities—reducing the effort spent on managing IT infrastructure and applications.
Exposing insider threats
Insider threats — for example, data theft, intellectual property loss, privacy breaches and financial fraud — can be the most challenging IT risks for an organisation to address because they may or may not be happening. But if an insider threat occurs, it could no doubt hurt financially and/or publically. So how do you implement early detection to discover and expose these threats?
Opinion: Business Security - Securing your business data
This is not just what is stolen; but also the loss of business or credibility that comes from informing customers that their data has been compromised. How would your customers react if you told them that their financial data or personal information had been taken by persons unknown?
Get exclusive access to CSO, invitation only events, reports & analysis. - 1
Dell targets ANZ security opportunities as SecureWorks debuts locally
- 2
AusCERT 2013: Users, cats more likely hack culprits than cyber-espionage: Trustwave
- 3
AusCERT 2013: Cloud-based scanner identifies new malware by its ancestry
- 4
Lethal medical device hack taken to next level
- 5
ACMA database keeps finger on Australia’s malware pulse
Incident handling is a vast topic, but here are a few tips for you to consider in your incident response. I hope you never have to use them, but the odds are at some point you will and I hope being ready saves you pain (or your job!).
- Have an incident response plan.
- Pre-define your incident response team
- Define your approach: watch and learn or contain and recover.
- Pre-distribute call cards.
- Forensic and incident response data capture.
- Get your users on-side.
- Know how to report crimes and engage law enforcement.
- Practice makes perfect.
Warning: Tips for secure mobile holiday shopping
I’m dating myself, but I remember when holiday shopping involved pouring through ads in the Sunday paper, placing actual phone calls from tethered land lines to research product stock and availability, and actually driving places to pick things up. Now, holiday shoppers can do all of that from a smartphone or tablet in a few seconds, but there are some security pitfalls to be aware of.
