Security Leadership
News
AusCERT 2013: Unmanaged, unknown privileged logins opening the door for APTs: Cyber-Ark
Many companies find out the hard way that poorly managed distribution of sensitive access credentials is helping advanced persistent threats (APTs) scour networks for privileged-user credentials, Cyber-Ark’s Asia-Pacific vice president Dan Dinnar has warned.
AusCERT 2013: Companies unaware of IPv6 security risk even if they’re not using it
Software vendors’ proactive approach to IPv6 has created a glaring security hole for companies that think they haven’t activated the next-generation Internet addressing protocol yet, Cisco Systems consulting security engineer Stefan Avgoustakis has warned.
AusCERT 2013: Visibility critical when selling IT security to execs, says Foxtel CSO
Hard-to-find security skills and the rapid pace of malware evolution make a strong relationship with a managed security services (MSS) provider as important as maintaining the internal tools to keep business executives apprised of IT-security risk, Foxtel information security manager Kevin Shaw has advised.
AusCERT 2013: NBN users need security professionals’ help, says Google
Google has urged security professionals to help Australians stay safe on the National Broadband Network (NBN).
Australian Information Security Association issues blunt warning as National Cyber Security Awareness Week begins
Australian Information Security Association (AISA) has today, on the first day of National Cyber Security Awareness Week, taken the opportunity to flag research from its members, releasing an advisory note to the community at large.
Reviews
WatchGuard XCS770R Email Security Appliance Review
In order to improve productivity and minimise risk, most organisations need a reliable method of protecting their employees from unwanted email (spam) and malicious software (malware). In addition, it is also necessary to protect the corporate network by restricting access to inappropriate content.
Slideshows
Barack Obama’s security circus arrives in Oz: In Pictures
After jumping through countless hoops to get the required set of security clearances and approval by the US Embassy to photograph the President’s visit CSO can see why these steps were justified.
Our photojournalist Neerav Bhatt was less than 5 metres away from the world’s most heavily secured individual - the President of the United States of America, Barack Obama.
The Security Industry All-Stars
Welcome to the Security All-Stars! Here we have assembled our list of top players in information security who year after year demonstrate the specialized skills that make them worth listening to.
In pictures: The first 24 hours of Focus11
After a day of keynotes including insights from Virgin founder, Sir Richard Branson, and break out sessions with McAfee staff, delegates were keen to let their hair down in sunny Las Vegas.
With music and humour from a Rat Pack tribute act (Frank Sinatra, Sammy Davis Junior and Dean Martin), and the lure of the tables at the Palazzo hotel/ casino, there was plenty to keep staff and customers entertained well into the night.
2011 State of the CSO
More budget? Perhaps a little. More attention from senior management? Yes, a bit. Better results? That's not so clear.
Features
Opinion:Random Hacks of Kindness (RHoK) Melbourne – an extraordinary collaboration for good
A marathon hack event held over a June weekend in Melbourne attracted more than 50 developers and designers, and a dozen subject matter and technical experts to ‘hack for humanity’. They volunteered their time to create open source solutions for communities impacted by natural disasters and climate change. These prototypes are available to assist in disaster relief planning, emergency management and community recovery.
Information security in 2011
C-level executives are more aware than ever about threats to information security.
Cloud security: how to protect your data
To use Cloud computing securely requires companies to know where their data is stored and who has access to it. Ironically, the reason Cloud is so popular is because organisations don't want to worry about these details.
So can the issue be solved by adhering to standards? Increasing legislation? Maybe we need a global technical disaster to ‘sober up’ an industry drunk on the power of Moore's Law.
Opinions
Nasty Ruby on Rails vulnerabilities highlight small websites' risk to us all
The revelation of serious long-term vulnerabilities in the popular Ruby on Rails web programming framework is just one of three events in the last 72 hours that have convinced me that improvement in web application security is impossible -- unless both developers and business managers seriously lift their game.
Information Security Awareness — why isn’t it working?
It’s not a secret, public and private sector organisations know the current approach to Information Security Awareness isn’t working because User Awareness jumped to 8th place, up from 31st on the 2011 Defence* Signals Directorate, Top 35 Strategies to Mitigate Targeted Intrusions.
Opinion: Fighting the botnet threat
ISPs in Australia have for some time been notifying users about the likelihood that their computers have been compromised by malware. Now under the icode, the system has been formalised. Education and remediation tools are being made available to suspected victims.
Opinion: Cyber-Security – Stay Smart Online
Australians are increasingly relying on the internet in their everyday lives, from banking and shopping, through to using emails, social networking and blogs to keep in touch with family and friends. They are using a range of devices such as smart phones, tablets, computer game consoles and other devices to go online.
Opinion: How safe is your customer identity data?
Some of the world’s largest corporations have recently fallen victim to hacking attacks and identify data theft, while other online businesses have been compromised and sidelined for days or weeks, losing millions of dollars in revenue and suffering significant reputational damage. It’s never been more important for companies to act in order to avoid becoming the next victim of identity data theft.
Get exclusive access to CSO, invitation only events, reports & analysis. - 1
AusCERT 2013: Cloud-based scanner identifies new malware by its ancestry
- 2
Dell targets ANZ security opportunities as SecureWorks debuts locally
- 3
AusCERT 2013: Users, cats more likely hack culprits than cyber-espionage: Trustwave
- 4
AusCERT 2013: Ashley Deuble: Network Security Monitoring with Security Onion
- 5
AusCERT 2013: International cyberwar response more complex than geopolitical treaties: NATO CCD COE analyst
Incident handling is a vast topic, but here are a few tips for you to consider in your incident response. I hope you never have to use them, but the odds are at some point you will and I hope being ready saves you pain (or your job!).
- Have an incident response plan.
- Pre-define your incident response team
- Define your approach: watch and learn or contain and recover.
- Pre-distribute call cards.
- Forensic and incident response data capture.
- Get your users on-side.
- Know how to report crimes and engage law enforcement.
- Practice makes perfect.
Warning: Tips for secure mobile holiday shopping
I’m dating myself, but I remember when holiday shopping involved pouring through ads in the Sunday paper, placing actual phone calls from tethered land lines to research product stock and availability, and actually driving places to pick things up. Now, holiday shoppers can do all of that from a smartphone or tablet in a few seconds, but there are some security pitfalls to be aware of.
