CSOs must focus less on technology and proactively engage the business by framing security risks in business terms, developing detailed worst-case models and reworking IT security risk assessment processes around business requirements, a report from the Security for Business Innovation Council has advised.
Google has revoked trust for a digital certificate for several of its domains that was apparently mistakenly signed by a French Government intermediate certificate authority (CA) as part of a security program for France’s Ministry of Treasury.
Asia-Pacific regional privacy authorities are weighing the merits of legislative 'white lists' to facilitate cross-border action as they utilise a growing number of “significant enforcement actions” using numerous “regulatory tools” to enforce privacy law, members of the Asia Pacific Privacy Authorities (APPA) Forum confirmed at the organisation's recent meeting in Sydney.
'Shadow IT' – the growing range of servers and applications that users can purchase and use without any involvement from the IT organisation – is compromising organisational security, an analysis warns. But rogue end users aren't the only ones to blame: IT professionals share the blame, a recent survey has shown even as IT pros are labelled 'innovation killers' and high rates of employments for CISOs mean the industry is suffering a shortage of those who could help better manage such risks.
Australian privacy-enforcement authorities did not receive any complaints about the use of personally controlled electronic healthcare records (PCEHR) during the first year of their use, new figures confirm.
In a sphere that changes as rapidly as security, it's no surprise that 'endpoint' as a definition is fluid. It is so new a sphere in the IT arsenal that not even the players who field endpoint products can agree on where the borders begin and end -- though naturally it encompasses their own core competency.
A password manager is a must. Unless you're using the same password for everything (not recommended) or have a truly phenomenal memory, your productivity can benefit from a place to store all your passwords and easily use them whenever necessary. There are several strong players in this field, such as LastPass and KeePass. Dashlane (free for basic version, $20/year for Premium) aims to take on both.
Flexible PKard Reader and elegant Tactivo bring smart card authentication to your favorite mobile device
Cloud-based security cameras can keep watch on your home when you're not around. We tested 5 of these systems and report on our findings.
As a password manager, Keeper has the basics covered. It captures login info and passwords for you as you browse the Web, securely stores them in a neatly organized vault that's easy to access, and generates passwords for you on the fly.
CSO Perspectives Roadshow - The Final Frontier
CSO Perspectives Roadshow infiltrates Canberra security community
From an Edward Snowden cutout to panties with a message the premier security conference has it all
Big mess: FBI now looking at Edward Snowden's disclosures about the National Security Agency's broad monitoring of phone call and Internet data from big companies such as Google and Facebook.
Vendors and delegates were out in force for AusCERT 2013 on the Gold Coast. Here's a roundup of some of the action.
After a DDoS attack was discovered by chance, 'later this year' is too long to wait.
Defcon founder Jeff Moss' request to government agencies asking them not to attend next month's annual Defcon hacker conference has evoked a mixed response from the security community.
Social has arrived, but it took time. The crowds of people fluttering around the IT industry claiming to be social experts because they can define a 'retweet' and have 700-plus friends on Facebook has frustrated many, with companies struggling to get a real grasp of how social media and networks can effectively help power businesses into the next generation of trade and success.
It's tough to keep track of all of your passwords. In spite of advances in biometrics, and increased attention on the value of two-factor authentication, passwords remain the primary means of digital security. They're also one of the weakest links in the security chain.
The firewall in decades past was mainly the port-based guardian of the Internet. Now vendors are vying to build so-called "next-generation firewalls" that are "application-aware" because they can monitor and control access based on application use.
Your email address is like your home address: Never give it out unless absolutely necessary.
When it comes to your security, the latest versions of Windows and OS X are comparable, but you still have a few key differences and settings to become familiar with.
Reader Jack Burns is a bit disconcerted by some recent news. He writes:
Reader Evan Katz wonders just how safe the data on his Mac is. He writes:
We lead rich virtual lives on social networking sites like Google+, Facebook, and Twitter. So what happens when real life catches up, and our flesh-and-blood bodies succumb to mortality? For our virtual selves, at least, some concrete answers are available--ways to settle our digital affairs after death, while minimizing hassle and heartache for loved ones.
We are awash in passwords, and as the number of Web services increases, things are only going to get worse. Trying to manage all these individual passwords is a major problem for enterprise security. Many end users cope by re-using their passwords, which exposes all sorts of security holes.
Having your Web browser remember your passwords and/or credit card details can be convenient, but it poses some security risks. How much of a risk depends on which browser you’re using, whether you sync with other devices, and whether you’re using any of the browser's extra security features. Here are the main vulnerabilities in some of the most popular browsers—Internet Explorer, Google Chrome, and Mozilla Firefox—and ways you can protect against those weak spots.
We talk frequently about cybersecurity, discussing how to protect your business's data by using strong passwords, deploying antimalware utilities, and keeping your computers safe with the latest patches and updates. This time, the focus is on premises security, or protecting your business's physical assets from burglary and vandalism.
Microsoft will include antivirus in Windows 8 for the first time in the history of Windows. But will this software--the new version of Windows Defender--provide adequate protection against viruses, spyware, and other malware? Let's take a closer look at what Windows Defender provides, and whether its features are enough to keep you safe.
You’ll soon be bombarded, if you haven’t already, with spam from every man and his dog (well vendors) about the Privacy Act amendments due to come into play in early 2014 and why you need their products.
The year 2014 will be where current trends will accelerate the transformation already underway in how we consume information and do business and live. Organisations will need to evaluate their information strategy to take advantage of the emerging opportunities.
Balancing security priorities with business flexibility and agility is a tough challenge. But it’s a challenge every executive management team faces as it strives to drive business growth, achieve competitive advantage and maximise operational efficiency.
It used to be easy enough to spot a bank robber. With their balaclavas and weapons of choice, the criminals would simply storm in demanding money and everyone knew exactly what was happening. While criminals still occasionally resort to traditional methods, it’s rare to see the dramatic Bonnie and Clyde-style bank heists of the 20th century.
Each day, as the speedy evolution of technology emerges, newer, more complex and increasingly dangerous cyber threats come onto the battlefield, thus presenting an ever-thriving danger to organisations, governments and enterprises everywhere.
Sign up now »
Advanced protection for physical, virtual and cloud servers
Incident handling is a vast topic, but here are a few tips for you to consider in your incident response. I hope you never have to use them, but the odds are at some point you will and I hope being ready saves you pain (or your job!).
- Have an incident response plan.
- Pre-define your incident response team
- Define your approach: watch and learn or contain and recover.
- Pre-distribute call cards.
- Forensic and incident response data capture.
- Get your users on-side.
- Know how to report crimes and engage law enforcement.
- Practice makes perfect.
I’m dating myself, but I remember when holiday shopping involved pouring through ads in the Sunday paper, placing actual phone calls from tethered land lines to research product stock and availability, and actually driving places to pick things up. Now, holiday shoppers can do all of that from a smartphone or tablet in a few seconds, but there are some security pitfalls to be aware of.