Security Leadership


Espionage outpacing financial crime as better reporting improves security picture: Verizon

By David Braue | 23 April, 2014 08:12

Growing data sharing between security and law-enforcement organisations may be improving visibility of the global cybercrime risk, but many Asia-Pacific region companies continue to jeopardise their data with lax security, senior Verizon security executives have warned on the release of the company's latest comprehensive security report.

Packetloop team moves into R&D “Nirvana” as Arbor courts Australian skills

By David Braue | 03 April, 2014 15:25

Australian security-analytics startup Packetloop, purchased in September by global security concern Arbor Networks, has cut the ribbon on a high-tech Sydney R&D lab, with founder Scott Crane believing it will make the company even more attractive to the best of Australia's IT security talent.

As big-data “paupers”, CSOs must identify, work around skills gaps: Schwartz

By David Braue | 23 December, 2013 07:10

“Severely understaffed” corporate IT security organisations need to concede that they can't do everything and undertake a realistic assessment of their capabilities before building partnerships with the companies that can, the global head of security operations with Verizon has warned.

Cost considerations limiting Australian CSOs' decision-making, but shouldn't be: survey

By David Braue | 20 December, 2013 10:53 | 1 Comment

Australian CSOs' decision-making was driven more by economic conditions in 2013 than any other factor, according to a recent survey that also found bring your own device (BYOD) strategies continue to represent the biggest security headache for information-security executives.

NBN Co PSPF compliance and the ASD’s Top 4: Malcolm Shore

By Mark Wheeler | 26 November, 2013 09:50

NBN Co is now nearly two years into its Protective Security Policy Framework (PSPF) compliance program, and has come a long way from when it started, says Dr Malcolm Shore, principal security officer at NBN Co.


WatchGuard XCS770R Email Security Appliance Review

By Enex Testlab | 22 June, 2011 20:04

In order to improve productivity and minimise risk, most organisations need a reliable method of protecting their employees from unwanted email (spam) and malicious software (malware). In addition, it is also necessary to protect the corporate network by restricting access to inappropriate content.


9 tips, tricks and must-haves for security awareness programs

By Joan Goodchild | 21 June, 2013 14:53

What are the essential ingredients for making a security awareness program successful? Check out these 9 tips from CSO contributors on how to make awareness work in your organization.

Barack Obama’s security circus arrives in Oz: In Pictures

By Neerav Bhatt | 18 November, 2011 09:18

After jumping through countless hoops to get the required set of security clearances and approval by the US Embassy to photograph the President’s visit CSO can see why these steps were justified.

Our photojournalist Neerav Bhatt was less than 5 metres away from the world’s most heavily secured individual - the President of the United States of America, Barack Obama.

The Security Industry All-Stars

By Ellen Messmer | 02 November, 2011 11:53

Welcome to the Security All-Stars! Here we have assembled our list of top players in information security who year after year demonstrate the specialized skills that make them worth listening to.

In pictures: The first 24 hours of Focus11

By Hamish Barwick | 20 October, 2011 10:07

After a day of keynotes including insights from Virgin founder, Sir Richard Branson, and break out sessions with McAfee staff, delegates were keen to let their hair down in sunny Las Vegas.

With music and humour from a Rat Pack tribute act (Frank Sinatra, Sammy Davis Junior and Dean Martin), and the lure of the tables at the Palazzo hotel/ casino, there was plenty to keep staff and customers entertained well into the night.

2011 State of the CSO

By CSO staff | 22 September, 2011 10:00

More budget? Perhaps a little. More attention from senior management? Yes, a bit. Better results? That's not so clear.


Opinion:Random Hacks of Kindness (RHoK) Melbourne – an extraordinary collaboration for good

By Jane Treadwell | 14 July, 2011 21:53

A marathon hack event held over a June weekend in Melbourne attracted more than 50 developers and designers, and a dozen subject matter and technical experts to ‘hack for humanity’. They volunteered their time to create open source solutions for communities impacted by natural disasters and climate change. These prototypes are available to assist in disaster relief planning, emergency management and community recovery.

Information security in 2011

By James Hutchinson | 19 January, 2011 10:36

C-level executives are more aware than ever about threats to information security.

Cloud security: how to protect your data

By CSO staff | 14 June, 2011 21:17

To use Cloud computing securely requires companies to know where their data is stored and who has access to it. Ironically, the reason Cloud is so popular is because organisations don't want to worry about these details.

So can the issue be solved by adhering to standards? Increasing legislation? Maybe we need a global technical disaster to ‘sober up’ an industry drunk on the power of Moore's Law.


Nasty Ruby on Rails vulnerabilities highlight small websites' risk to us all

By Stilgherrian | 11 January, 2013 09:00 | 1 Comment

The revelation of serious long-term vulnerabilities in the popular Ruby on Rails web programming framework is just one of three events in the last 72 hours that have convinced me that improvement in web application security is impossible -- unless both developers and business managers seriously lift their game.

Information Security Awareness — why isn’t it working?

By Davina O'Dell | 20 February, 2012 09:08

It’s not a secret, public and private sector organisations know the current approach to Information Security Awareness isn’t working because User Awareness jumped to 8th place, up from 31st on the 2011 Defence* Signals Directorate, Top 35 Strategies to Mitigate Targeted Intrusions.

Opinion: Fighting the botnet threat

By Peter Coroneos | 22 July, 2011 17:01

ISPs in Australia have for some time been notifying users about the likelihood that their computers have been compromised by malware. Now under the icode, the system has been formalised. Education and remediation tools are being made available to suspected victims.

Opinion: Cyber-Security – Stay Smart Online

By Sabeena Oberoi | 15 July, 2011 14:17

Australians are increasingly relying on the internet in their everyday lives, from banking and shopping, through to using emails, social networking and blogs to keep in touch with family and friends. They are using a range of devices such as smart phones, tablets, computer game consoles and other devices to go online.

Opinion: How safe is your customer identity data?

By Anton Koren | 14 July, 2011 22:52

Some of the world’s largest corporations have recently fallen victim to hacking attacks and identify data theft, while other online businesses have been compromised and sidelined for days or weeks, losing millions of dollars in revenue and suffering significant reputational damage. It’s never been more important for companies to act in order to avoid becoming the next victim of identity data theft.

CSO Corporate Partners
  • Webroot
  • Trend Micro
  • NetIQ
rhs_login_lockGet exclusive access to CSO, invitation only events, reports & analysis.
CSO Directory

Trend Micro Data Loss Prevention

Comprehensive Data Loss Prevention Lowers Cost and Complexity

Latest Jobs
Security Awareness Tip

Incident handling is a vast topic, but here are a few tips for you to consider in your incident response. I hope you never have to use them, but the odds are at some point you will and I hope being ready saves you pain (or your job!).

  1. Have an incident response plan.

  2. Pre-define your incident response team 

  3. Define your approach: watch and learn or contain and recover.

  4. Pre-distribute call cards.

  5. Forensic and incident response data capture.

  6. Get your users on-side.

  7. Know how to report crimes and engage law enforcement. 

  8. Practice makes perfect.

For the full breakdown on this article

Security ABC Guides

Warning: Tips for secure mobile holiday shopping

I’m dating myself, but I remember when holiday shopping involved pouring through ads in the Sunday paper, placing actual phone calls from tethered land lines to research product stock and availability, and actually driving places to pick things up. Now, holiday shoppers can do all of that from a smartphone or tablet in a few seconds, but there are some security pitfalls to be aware of.