NBN Co is now nearly two years into its Protective Security Policy Framework (PSPF) compliance program, and has come a long way from when it started, says Dr Malcolm Shore, principal security officer at NBN Co.
The widely used ISO/IEC 27001 information-security standard has gotten an overhaul, with standards management and training organisation BSI Group Australia and New Zealand publishing revised versions of the international standard.
Security firm Clearswift has acquired endpoint solutions developer Jedda Systems for an undisclosed sum.
Arbor Networks has acquired Australian security analytics firm Packetloop and is set to hire 12 new staff for a Sydney research and development centre.
IT risk management is viewed as just another compliance burden by business stakeholders, according to the results of an ISACA Australia whitepaper.
In order to improve productivity and minimise risk, most organisations need a reliable method of protecting their employees from unwanted email (spam) and malicious software (malware). In addition, it is also necessary to protect the corporate network by restricting access to inappropriate content.
What are the essential ingredients for making a security awareness program successful? Check out these 9 tips from CSO contributors on how to make awareness work in your organization.
After jumping through countless hoops to get the required set of security clearances and approval by the US Embassy to photograph the President’s visit CSO can see why these steps were justified.
Our photojournalist Neerav Bhatt was less than 5 metres away from the world’s most heavily secured individual - the President of the United States of America, Barack Obama.
Welcome to the Security All-Stars! Here we have assembled our list of top players in information security who year after year demonstrate the specialized skills that make them worth listening to.
After a day of keynotes including insights from Virgin founder, Sir Richard Branson, and break out sessions with McAfee staff, delegates were keen to let their hair down in sunny Las Vegas.
With music and humour from a Rat Pack tribute act (Frank Sinatra, Sammy Davis Junior and Dean Martin), and the lure of the tables at the Palazzo hotel/ casino, there was plenty to keep staff and customers entertained well into the night.
More budget? Perhaps a little. More attention from senior management? Yes, a bit. Better results? That's not so clear.
A marathon hack event held over a June weekend in Melbourne attracted more than 50 developers and designers, and a dozen subject matter and technical experts to ‘hack for humanity’. They volunteered their time to create open source solutions for communities impacted by natural disasters and climate change. These prototypes are available to assist in disaster relief planning, emergency management and community recovery.
C-level executives are more aware than ever about threats to information security.
To use Cloud computing securely requires companies to know where their data is stored and who has access to it. Ironically, the reason Cloud is so popular is because organisations don't want to worry about these details.
So can the issue be solved by adhering to standards? Increasing legislation? Maybe we need a global technical disaster to ‘sober up’ an industry drunk on the power of Moore's Law.
The revelation of serious long-term vulnerabilities in the popular Ruby on Rails web programming framework is just one of three events in the last 72 hours that have convinced me that improvement in web application security is impossible -- unless both developers and business managers seriously lift their game.
It’s not a secret, public and private sector organisations know the current approach to Information Security Awareness isn’t working because User Awareness jumped to 8th place, up from 31st on the 2011 Defence* Signals Directorate, Top 35 Strategies to Mitigate Targeted Intrusions.
ISPs in Australia have for some time been notifying users about the likelihood that their computers have been compromised by malware. Now under the icode, the system has been formalised. Education and remediation tools are being made available to suspected victims.
Australians are increasingly relying on the internet in their everyday lives, from banking and shopping, through to using emails, social networking and blogs to keep in touch with family and friends. They are using a range of devices such as smart phones, tablets, computer game consoles and other devices to go online.
Some of the world’s largest corporations have recently fallen victim to hacking attacks and identify data theft, while other online businesses have been compromised and sidelined for days or weeks, losing millions of dollars in revenue and suffering significant reputational damage. It’s never been more important for companies to act in order to avoid becoming the next victim of identity data theft.
Sign up now »
Protect resources and ensure security compliance through incident detection, response, and remediation.
Incident handling is a vast topic, but here are a few tips for you to consider in your incident response. I hope you never have to use them, but the odds are at some point you will and I hope being ready saves you pain (or your job!).
- Have an incident response plan.
- Pre-define your incident response team
- Define your approach: watch and learn or contain and recover.
- Pre-distribute call cards.
- Forensic and incident response data capture.
- Get your users on-side.
- Know how to report crimes and engage law enforcement.
- Practice makes perfect.
I’m dating myself, but I remember when holiday shopping involved pouring through ads in the Sunday paper, placing actual phone calls from tethered land lines to research product stock and availability, and actually driving places to pick things up. Now, holiday shoppers can do all of that from a smartphone or tablet in a few seconds, but there are some security pitfalls to be aware of.