Are your BYOD-embracing employees decommissioning their old mobile devices to ensure they can't still access your corporate networks?
Australia's Defence Signals Directorate (DSD) has joined the increasing number of organisations promoting application whitelisting as a key security strategy with an updated version of its award-winning "Top 35 Mitigation Strategies".
Technology won't save you from nation-state cyber-espionage, your corporate culture will.
CSO Australia held its first-ever breakfast events in Sydney and Melbourne, with a range of speakers exploring the goals and obstacles in the effort to adopt Agile Security. Sponsor NetIQ said growing trust in social networks – mixed with the right standards – could make them trusted third-party ID brokers where other organisations have failed.
An observation from the global financial crisis is that organisations with a weak risk culture can experience extensive or even catastrophic damage. Significant investment in risk management people, processes and technology is only part of a sound business risk environment. The key component is the risk culture.
The revelation of serious long-term vulnerabilities in the popular Ruby on Rails web programming framework is just one of three events in the last 72 hours that have convinced me that improvement in web application security is impossible -- unless both developers and business managers seriously lift their game.
Your board and audit committee are looking for reduction in risk exposure driven by your information security policy. Is this something you can track and measure?
The global release of Microsoft’s Office 365 last week has raised a simple, sobering thought about dealing with US Cloud providers – they are subject to the US Patriot Act and the data they manage may be accessed by the US government regardless of where it is stored around the world. Before CIOs shun Cloud services altogether, let’s put the news in context.
We like our risk management, don’t we? It allows us to identify risks, and take action to mitigate them. Risk Management can and should be applied to social media usage. It makes good sense to manage the risk by having a very clear social media policy.
Sign up now »
Incident handling is a vast topic, but here are a few tips for you to consider in your incident response. I hope you never have to use them, but the odds are at some point you will and I hope being ready saves you pain (or your job!).
- Have an incident response plan.
- Pre-define your incident response team
- Define your approach: watch and learn or contain and recover.
- Pre-distribute call cards.
- Forensic and incident response data capture.
- Get your users on-side.
- Know how to report crimes and engage law enforcement.
- Practice makes perfect.
I’m dating myself, but I remember when holiday shopping involved pouring through ads in the Sunday paper, placing actual phone calls from tethered land lines to research product stock and availability, and actually driving places to pick things up. Now, holiday shoppers can do all of that from a smartphone or tablet in a few seconds, but there are some security pitfalls to be aware of.