There's not a company worth its salt that hasn’t, at least, given some consideration to crisis planning. Most of our crisis planning is based upon basic risk management strategies. Come up with a bunch of potential scenarios, apply some analysis to get a handle on likelihood and impact, and then come up with mitigation and management strategies.
Anthony Caruana | 10 Apr | Read more
Will it be the total surveillance society and internet licenses? A breakdown of authority, with e-militias fighting extreme anarcho-hactivists? Or one of the other two?
Stilgherrian | 28 Aug | Read more
Even the most security diligent organisations are realising that breaches are no longer a question of ‘if’ but a question of ‘when.’ Yet many organisations still do not factor the inevitability of compromises into their overall defense strategy, instead focusing on controls to keep every conceivable type of threat at bay. However, the ability to use controls to close every gap attackers can find and reduce the surface area of attack to zero is fundamentally flawed.
Chris Wood | 14 Aug | Read more
The surge in mobile computing and BYOD (bring your own device) initiatives is translating to higher productivity and job satisfaction for your workforce—but it’s also creating alluring new opportunities for cybercriminals.
Steve Schoenfeld | 06 Aug | Read more
Unfortunately, bring your own device is still being debated in some organisations that are coming to grips with the shifting enterprise IT landscape and their own cost, risk and compliance environments.
Rob Livingstone | 29 Jul | Read more
2012 has been a tough year for IT security and the trend seems to be continuing into 2013. We have now become accustomed to groups such as Anonymous that have wreaked havoc on a number of large government and corporate organisations. A new frontier in cyber threats has opened. The driver for cyber intrusion is no longer fame, but theft of intellectual property, financial information, blueprints and other classified information for financial gain.
Ashwin Pal | 10 Jul | Read more
A test of counterfeit Microsoft Windows and Office installers bought from local markets in Melbourne, Australia, seems to confirm the results of recent IDC research: dodgy software is generally either rubbish or a security risk.
Stilgherrian | 27 Mar | Read more
There has been a significant amount of talk about big data lately in the media particularly at the RSA security conference. However, many people are still unclear as to what constitutes big data and furthermore what its implications are to us as security professionals. Within this brief article, I shall try and address both these points.
Ashwin Pal | 08 Mar | Read more
There have been a number of ransomware attacks on Australian businesses lately. Awareness of this threat is increasing, but a number of small businesses, in particular, are still in the dark around what this is and how to protect themselves against it. Within this brief article, I shall try and cover both these points.
Ashwin Pal | 08 Mar | Read more
By implementing a national multi-factor authentication system Australian citizens will benefit from having the highest levels of online security in the world. This technology may provide a significant competitive advantage to business in securing digital assets and could lead to innovation based export opportunities. The headlines report massive breaches of information that directly expose our financial systems to grave risk. Australia must set the benchmark in secure digital vigilance to safeguard our information security perimeter from existing and potential threats.
When it comes to protecting enterprise data, CIOs and CSOs are at a crossroads. The complexity and prevalence of security threats continue to grow, bolstered by consumer IT and mobility. The open nature of IT has paved the way for far more sophisticated attacks—beyond conventional credit card data theft to multilevel attacks. Information security executives face perhaps the toughest challenge of their careers.
Greater adoption and usage of Open standards will lower the costs of MFA. There are a number of open standards in the security market. Reducing the costs to business by using open standards in deploying MFA is a practical forward looking strategy. Provisioning MFA has traditionally been costly. With a limited choice of vendors, the drivers for change have moved very slowly. Because of the high implementation and ownership costs, widespread adoption of the technology has been inhibited.
The success of a CSO and the enterprise’s security strategy depends on awareness at the C-level of not just the threats, but their implications, making communications and building alliances outside IT the key to a CSO’s success. The battle to secure data has become a more vicious and dynamic beast today, according to Mike Rothman, CEO of analyst firm Securosis, who says attackers, including actors who may have “very deep pockets” that tilt the balance of power in their favour. Add these to the chaos of hacktivists, well-organised cybercriminals, social media and Cloud computing, and the challenges that CSOs face in protecting corporate data become clear.
An observation from the global financial crisis is that organisations with a weak risk culture can experience extensive or even catastrophic damage. Significant investment in risk management people, processes and technology is only part of a sound business risk environment. The key component is the risk culture.
David Roche | 28 Feb | Read more
What a week for the RSA cryptosystem! A group of prominent researchers published <a href="http://eprint.iacr.org/2012/064.pdf">a paper</a> blasting it as woefully insecure, <a href="http://www.networkworld.com/news/2012/021612-rsa-crypto-256267.html">RSA said there's nothing wrong with the RSA algorithm</a>, it's an implementation issue mainly with random-number key generation, and now the cryptography researcher behind the paper, Arjen Lenstra, signs off the week with a few thoughts about it all.
Ellen Messmer | 18 Feb | Read more
It's been an interesting year for those following information security news. We started the year with the Vodafone breach, one of the largest privacy breaches ever experienced within Australia.
Jarrod Loidl | 13 Dec | Read more
The ‘cloud’ is has been growing rapidly. Data centres have an increasingly critical role in the supply of effective and efficient cloud-related services, but adoption can be hindered by concerns over data centre security. Having the correct data centre security in place is vital.
Brahman Thiyagalingham | 13 Dec | Read more
2011 has been characterised by highly visible cyber attacks and diversification by cyber criminals to target new platforms, the use of mobile devices for business has come to the fore. 2011 has also seen the UK Government place a heavy focus on the importance of cyber security. The activities of a number of high-profile hacktivist groups without the financial motives of previous years, have made uncomfortable headlines for many companies, raising cyber security as a topic among a much wider audience.
James Lyne | 13 Dec | Read more
Phil Vasic, regional director, APAC, at software security firm Clearswift explains why the growing pace of change in Web 2.0 technology and its integration into existing IT infrastructures make the requirement for a clear, effective and workable IT security policy more important than ever before.
Phil Vasic | 07 Dec | Read more
Cloud computing is revolutionising the way organisations across the world use technology. Despite the stigma cloud computing has gained following a series of high-profile data breaches, the cloud CAN be secure. Patrick Eijkenboom, principal consultant at NetIQ, discusses the importance of using a governance framework for a secure cloud computing environment, regardless of the model you adopt.
Patrick Eijkenboom | 30 Nov | Read more