Risk Management

News

The week in security: Attacks continue; are you ready for 2013?

By David Braue | 19 December, 2012 13:06

Are your BYOD-embracing employees decommissioning their old mobile devices to ensure they can't still access your corporate networks?

DSD confirms: application whitelisting is the go

By Stilgherrian | 24 October, 2012 16:38

Australia's Defence Signals Directorate (DSD) has joined the increasing number of organisations promoting application whitelisting as a key security strategy with an updated version of its award-winning "Top 35 Mitigation Strategies".

Six tips for developing a security culture

By Stilgherrian | 31 July, 2012 09:36

Technology won't save you from nation-state cyber-espionage, your corporate culture will.

Week in security: The future of security is agile

By David Braue | 30 July, 2012 15:28

CSO Australia held its first-ever breakfast events in Sydney and Melbourne, with a range of speakers exploring the goals and obstacles in the effort to adopt Agile Security. Sponsor NetIQ said growing trust in social networks – mixed with the right standards – could make them trusted third-party ID brokers where other organisations have failed.

Embedding risk culture

By David Roche | 28 February, 2012 16:51 | 1 Comment

An observation from the global financial crisis is that organisations with a weak risk culture can experience extensive or even catastrophic damage. Significant investment in risk management people, processes and technology is only part of a sound business risk environment. The key component is the risk culture.

Opinions

Nasty Ruby on Rails vulnerabilities highlight small websites' risk to us all

By Stilgherrian | 11 January, 2013 09:00 | 1 Comment

The revelation of serious long-term vulnerabilities in the popular Ruby on Rails web programming framework is just one of three events in the last 72 hours that have convinced me that improvement in web application security is impossible -- unless both developers and business managers seriously lift their game.

Opinion : Mark Ames discusses "Value for Policy"

By Mark Ames | 08 July, 2011 06:12

Your board and audit committee are looking for reduction in risk exposure driven by your information security policy. Is this something you can track and measure?

Patriot Act, not products, ups Cloud risks for CIOs

By Rodney Gedda | 04 July, 2011 11:39

The global release of Microsoft’s Office 365 last week has raised a simple, sobering thought about dealing with US Cloud providers – they are subject to the US Patriot Act and the data they manage may be accessed by the US government regardless of where it is stored around the world. Before CIOs shun Cloud services altogether, let’s put the news in context.

Social media - part 3

By Breed Lewis | 12 March, 2011 10:00

We like our risk management, don’t we? It allows us to identify risks, and take action to mitigate them. Risk Management can and should be applied to social media usage. It makes good sense to manage the risk by having a very clear social media policy.

CSO Corporate Partners
  • Webroot
  • Trend Micro
  • NetIQ
rhs_login_lockGet exclusive access to CSO, invitation only events, reports & analysis.
CSO Directory

Trend Micro Mobile Security

Comprehensive enterprise protection for mobile devices

Latest Jobs
Security Awareness Tip

Incident handling is a vast topic, but here are a few tips for you to consider in your incident response. I hope you never have to use them, but the odds are at some point you will and I hope being ready saves you pain (or your job!).


  1. Have an incident response plan.

  2. Pre-define your incident response team 

  3. Define your approach: watch and learn or contain and recover.

  4. Pre-distribute call cards.

  5. Forensic and incident response data capture.

  6. Get your users on-side.

  7. Know how to report crimes and engage law enforcement. 

  8. Practice makes perfect.

For the full breakdown on this article

Security ABC Guides

Warning: Tips for secure mobile holiday shopping

I’m dating myself, but I remember when holiday shopping involved pouring through ads in the Sunday paper, placing actual phone calls from tethered land lines to research product stock and availability, and actually driving places to pick things up. Now, holiday shoppers can do all of that from a smartphone or tablet in a few seconds, but there are some security pitfalls to be aware of.