Risk Management News, Features, and Interviews


The week in security: Attacks continue; are you ready for 2013?

By David Braue | 19 December, 2012 13:06

Are your BYOD-embracing employees decommissioning their old mobile devices to ensure they can't still access your corporate networks?

DSD confirms: application whitelisting is the go

By Stilgherrian | 24 October, 2012 16:38

Australia's Defence Signals Directorate (DSD) has joined the increasing number of organisations promoting application whitelisting as a key security strategy with an updated version of its award-winning "Top 35 Mitigation Strategies".

Six tips for developing a security culture

By Stilgherrian | 31 July, 2012 09:36

Technology won't save you from nation-state cyber-espionage, your corporate culture will.

Week in security: The future of security is agile

By David Braue | 30 July, 2012 15:28

CSO Australia held its first-ever breakfast events in Sydney and Melbourne, with a range of speakers exploring the goals and obstacles in the effort to adopt Agile Security. Sponsor NetIQ said growing trust in social networks – mixed with the right standards – could make them trusted third-party ID brokers where other organisations have failed.

Embedding risk culture

By David Roche | 28 February, 2012 16:51 | 1 Comment

An observation from the global financial crisis is that organisations with a weak risk culture can experience extensive or even catastrophic damage. Significant investment in risk management people, processes and technology is only part of a sound business risk environment. The key component is the risk culture.


Nasty Ruby on Rails vulnerabilities highlight small websites' risk to us all

By Stilgherrian | 11 January, 2013 09:00 | 1 Comment

The revelation of serious long-term vulnerabilities in the popular Ruby on Rails web programming framework is just one of three events in the last 72 hours that have convinced me that improvement in web application security is impossible -- unless both developers and business managers seriously lift their game.

Opinion : Mark Ames discusses "Value for Policy"

By Mark Ames | 08 July, 2011 06:12

Your board and audit committee are looking for reduction in risk exposure driven by your information security policy. Is this something you can track and measure?

Patriot Act, not products, ups Cloud risks for CIOs

By Rodney Gedda | 04 July, 2011 11:39

The global release of Microsoft’s Office 365 last week has raised a simple, sobering thought about dealing with US Cloud providers – they are subject to the US Patriot Act and the data they manage may be accessed by the US government regardless of where it is stored around the world. Before CIOs shun Cloud services altogether, let’s put the news in context.

Social media - part 3

By Breed Lewis | 12 March, 2011 10:00

We like our risk management, don’t we? It allows us to identify risks, and take action to mitigate them. Risk Management can and should be applied to social media usage. It makes good sense to manage the risk by having a very clear social media policy.

CSO Corporate Partners
  • f5
  • Webroot
  • Trend Micro
  • NetIQ
rhs_login_lockGet exclusive access to CSO, invitation only events, reports & analysis.
CSO Directory

Security Solutions-GigaVUE-2404

Newgen provides innovative network monitoring and security solutions based upon Gigamon’s GigaVUE-2404

Security Awareness Tip
Security ABC Guides

Warning: Tips for secure mobile holiday shopping

I’m dating myself, but I remember when holiday shopping involved pouring through ads in the Sunday paper, placing actual phone calls from tethered land lines to research product stock and availability, and actually driving places to pick things up. Now, holiday shoppers can do all of that from a smartphone or tablet in a few seconds, but there are some security pitfalls to be aware of.