position
Top Stories
News
BYOD: What Can We Learn from China?
Siemens works to fix vulnerability in critical control networks
ICS-CERT warns of SSL security flaw in RuggedCom industrial networking devices
New BIOS security standards aimed at fighting rootkit attacks
Pulling it all together: A special report on GRC
Pirated Android apps are only part of the problem
Groups lodge FTC complaints over childrens' online privacy
After a hack: The process of restoring once-lost data
Security experts scoff at Mars rover hack threat
AuthenTec brings government-grade encryption to Android
More updates for six serious Adobe Flash flaws
DNSChanger IP address standoff a legal lesson for botnet fighters
Industries
Help! My mobile device is spying on me
The week in security: Bank security faces Olympic-sized challenges
Managing the mobile security paradigm
Man up, AAPT, you lost customers' personal data
Part two – Open standards are the key to building a Federated System
AusCERT 2012 Day 1 : Is security growing up at last?
Security concerns over Australia’s e-health records
The FBI and the DOJ want you to report suspicious people and monitor social networks. Goodbye liberty
Eight tips to defend against online financial fraud threats
Is your definition of security holding you back?
Security experts ask House for light a regulatory touch
EU to stengthen its cybersecurity watchdog
Data Protection
DNSChanger IP address standoff a legal lesson for botnet fighters
The week in security: appealing to hackers' good sides
Anonymous hacks Sony again, except no they didn't
Mega Saudi oil company’s electronic systems hit by PC virus
The week in security: Bank security faces Olympic-sized challenges
New hijack threat emerges for DNS Changer victims
Mac Flashback infections still over 140k says Russian AV firm
ITU project uncovers banker trojan that adds Flame to Stuxnet
CrowdStrike boss explains offensive security in targeted attacks
Kaspersky developing new secure SCADA operating system
Week in security: hackers and government working together
Spy school surfaces corporate espionage tactics, defences
Identity & Access
Win8 SmartScreen nudges software sellers to buy code signing certs
Understanding identity underpins BYOD security
Standards could turn social networks into trusted ID brokers: NetIQ
Five steps to mastering identity and access management
Auscert 2012: Day 2 Roundup - Roll your sleeves up its Gala Day
AusCERT 2012 Day 1 : IDS too noisy, too demanding: Stratsec
Adobe learns that security is a numbers game
Advanced Persistent Threats (APTs) — a Synopsis
Start-up Click Security debuts with threat-detection product
Attackers have all they need from leaky cellphone networks to track you down
The FBI and the DOJ want you to report suspicious people and monitor social networks. Goodbye liberty
Eight tips to defend against online financial fraud threats
Business Continuity
Backup, DR part of security processes: Telsyte
Storing in the cloud securely: 30 services compared
Auscert 2012: Day 2 Roundup - Roll your sleeves up its Gala Day
The in-depth guide to data destruction
Symantec releases faster next-gen NetBackup, Backup Exec software
Windows 8 can scrub data from disk, but not up to tough security specifications
How to implement a successful security and disaster recovery plan
Reloaded: Paying Lip Service to Incident Response
Security Manager's Journal: A rush to judgment on DLP deployment
Naming names in APT
USB sticks still being used insecurely, Ponemon study finds
BC/DR spending not a top budget priority
Physical Security
Aussie drug prescriptions sit pretty for health fraud
Security surveillance gets smarter
Exactly what is Homeland Security watching for on Facebook, Twitter, YouTube?
Researchers crack satellite encryption
Security Manager's Journal: Should physical security belong to us?
Carrier IQ security risks overblown?
Cyber-thieves using DDoS to distract banks and victims from spotting fraud
The typical fraudster - the threat from within.
Barack Obama’s security circus arrives in Oz: In Pictures
Lethal medical device hack taken to next level
Destroying data to protect against fraud
Ex-CIA boss "in awe" of Chinese hackers as RSA boss defends SecurID attack
Security Leadership
Six tips for developing a security culture
Week in security: The future of security is agile
Security spend grows but reactive, not agile security dominates: Telsyte
Trend Micro A/NZ hires new managing director from global ranks
Information Security Awareness — why isn’t it working?
Cisco's John Stewart on the latest security threats … and what enterprises can do to fight back
Is your definition of security holding you back?
Security experts ask House for light a regulatory touch
EU to stengthen its cybersecurity watchdog
Data breach: Only 16 per cent self-identified
Kaspersky Lab CEO backs out of IPO plans
Security culture begins at the top
Career Training
Trend Micro A/NZ hires new managing director from global ranks
Telstra seeks CISO to work with the Dept of Defence
Security Manager's Journal: A rush to judgment on DLP deployment
Techie seeks job by using malware, blackmail
Bruce Schneier awarded honorary degree from Westminster University
The CFO's role in the data breach war
Ethical hacking course offered by Coventry University
The Security Industry All-Stars
Where's the Steve Jobs of IT security?
ISMS Certification for Outsourced Service Providers
Awareness, awareness, awareness ... “stop eating dirt with dog sprinkles on it”
8 ways to become a cloud security expert
Risk Management
Six tips for developing a security culture
Embedding risk culture
Security Operations the Final Frontier – Part III
Reloaded: Paying Lip Service to Incident Response
VoIP hacking is phreaking expensive
How to have real risk management
Hybrid clouds the eventual reality for risk management
Got cyber insurance?
IT Audit Survey Exposes Weak Risk Assessment
How to create a risk register
Managing risk comes from communicating to the business: ISACA
Online Communities Carry Risks
Apple Security
CSO: the art of catching the board's ear
2012: Next-generation threats need next-generation firewalls
Auscert 2012: Day 2 Roundup - Roll your sleeves up its Gala Day
Kaspersky kills flawed FlashBack removal tool
Does FlashBack really have 600k Macs?
Mac OS X tool sniffs out iOS contact-snoop apps
Security Manager's Journal: Hackers phone home -- on our dime
How does mobile device management (MDM) work?
Blogger exposes major Google Wallet security flaw
Mobile device management: Apple's extra little tricky requirement
Apple FileVault 2 encryption cracked by forensic software
Google to auto probe Android Market for malware
Open Source Security
Review : Clearswift SECURE Web Gateway 2.5
Google to auto probe Android Market for malware
Cnet de-trojans Nmap, but outrage continues
WatchGuard launches iOS-friendly security appliance
Hackers launch millions of Java exploits, says Microsoft
OpenPGP JavaScript implementation allows webmail encryption
Linuxfoundation.org, Linux.com down after security breach
Hack brings down Linux websites
Hack or no hack, the Linux kernel is well-protected
Security rundown for week ending Aug. 12
Super Glue website comes unstuck after Javascript attack
Mozilla retires Firefox 4 from security support
Opinions
Anonymous hacks Sony again, except no they didn't
Help! My mobile device is spying on me
Managing the mobile security paradigm
Part two – Open standards are the key to building a Federated System
CSO: the art of catching the board's ear
Part 1:The business drivers and technology basics of two-factor or multi-factor authentication
Security complexity threatens enterprises
Security surveillance gets smarter
Embracing the Cloud – A Decision Framework
Safeguard security with gateway consolidation
Embedding risk culture
Penetration Testing — Achieving Better Outcomes
IPv6
The week in security: New threats drive cloud-security evolution
IP voice security: are you susceptible or strong?
DDoS attackers start targeting IPv6 networks
IPv6 deployment starts at the network edge
IPv6: Dual-stack strategy starts at the perimeter
Hackers target IPv6
Boost in IPv6 use is only one step to solution
IPv6: Click, Clack, Front and Back
Will the sky fall if you don't deploy IPv6?
IPv6 boosts schools' on-net security
Companies shun, hide IPv6 rollouts due to security fears
Security stasis as NBN Co, Telstra consider how to move customers to IPv6
Featured Resources
Twitter Feed
-
arbornetworks DNSChanger IP address standoff a legal lesson for botnet fighters - malware, DNSChanger - CSO http://t.co/ATE9IVTD via @CSO_Australia -
cell_side "Crisis" trojan found to infect virtual machines and WM devices as well as PCs and Macs http://t.co/o5QPtkVq via @CSO_Australia -
CSO_Australia More updates for six serious Adobe Flash flaws http://t.co/yWBxktya -
CSO_Australia DNSChanger IP address standoff a legal lesson for botnet fighters http://t.co/fQhAZb06
-
mininatechsec RT @CSO_Australia: ChapCrack tunnel exploit prompts Microsoft configuration warning http://t.co/fWEowsPr
Training
-
Cloud Computing Security Knowledge (CCSK) Plus
When: 17/05/2012 - 08/10/2012
The CCSK Plus training course enables the proactive management of the threats associates with Cloud Computing adoption
Whitepapers
-
Five Steps to Implementing Flexible Policies
Business leaders understand the value proposition of the social web. CIOs know the risks. Flexible policies ...
-
Award-winning unified information security from Clearswift.
Fully integrated web and email gateway security solution, providing - protection from inbound threats, policy based ...
-
Clearswift SECURE Web Gateway Evaluation Guide
This is a guide that allows a user to evaluate their Clearswift SECURE Email Gateway experience. ...
Galleries
Latest Blog Posts
Vendor Blogs
Videos & Podcasts
-
Play video
Hackers around the world hack NASA data for good
-
Play video
Mobile Malware Development Continues To Rise, Android Leads the Way. Part Three
-
Play video
Mobile Malware Development Continues To Rise, Android Leads the Way. Part Two
-
Play video
Mobile Malware Development Continues To Rise, Android Leads the Way. Part One
CSO Corporate Partners
Get exclusive access to CSO, invitation only events, reports & analysis. Most Read
CSO Directory
Media Releases
-
SafeNet Introduces StorageSecure – Enters Storage Security Market
-
AVG (AU/NZ) reveals what men really search for online
-
New Version of McAfee Mobile Security Provides Advanced Privacy Features For Smartphone and Tablet Users
-
LevelOne seeks Aussie partners for network, security and digital signage markets
-
Tate Tasman Access Floors Reveals In-Floor Cooling Systems to Australian Market
Latest Jobs
Solution Centers
Security Awareness Tip
Clearswift tips: Guidelines for introducing and policing an effective IT Policy
1. Make it clear that the policy is not about playing ‘Big Brother’ but to ensure the security of employees, company information and data and to safeguard the company’s reputation.
2. Invest time to get buy-in from managers and their teams.
3. Convey the message of flexibility – with regard to social media, it is not about blocking staff usage but working in everyone’s interests to ensure that threats are contained.
4. Introduce a regular company-wide training programme that everyone attends at regular intervals throughout the year, not merely as part of an induction programme.
5. Within the training programme make sure that there are specific examples to demonstrate each rule or regulation, and that there is a clear explanation of the dangers of casual or careless talk on social networking sites. Again use examples, employees need to understand the consequences of raising a throwaway comment that has negative connotations for the business, as much as they need to be aware of dangers of making a more direct but ill-considered attack on a competitor, regulator or even a fellow colleague. They need to be clearly advised on any impact on the company and/or legal action or inquires that may be raised as a result.
6. Alert employees to any changes in policy through regular clear communication.
7. Reinforce the operational policy guidelines regularly, cover everything from blogging to Facebook, LinkedIn and Twitter.
8. Ensure that the rules are fair and that they apply throughout the business.
9. Enforce the rules – if there is a deliberate or malicious contravening, disciplinary action needs to be taken. A policy isn’t worth having if it is seen to be lax and unenforced.
10. Review the policy regularly to ensure you keep up to date with new systems and technology.
Phil Vasic is Regional Director, APAC, at Clearswift, the software security company www.clearswift.com
1. Make it clear that the policy is not about playing ‘Big Brother’ but to ensure the security of employees, company information and data and to safeguard the company’s reputation.
2. Invest time to get buy-in from managers and their teams.
3. Convey the message of flexibility – with regard to social media, it is not about blocking staff usage but working in everyone’s interests to ensure that threats are contained.
4. Introduce a regular company-wide training programme that everyone attends at regular intervals throughout the year, not merely as part of an induction programme.
5. Within the training programme make sure that there are specific examples to demonstrate each rule or regulation, and that there is a clear explanation of the dangers of casual or careless talk on social networking sites. Again use examples, employees need to understand the consequences of raising a throwaway comment that has negative connotations for the business, as much as they need to be aware of dangers of making a more direct but ill-considered attack on a competitor, regulator or even a fellow colleague. They need to be clearly advised on any impact on the company and/or legal action or inquires that may be raised as a result.
6. Alert employees to any changes in policy through regular clear communication.
7. Reinforce the operational policy guidelines regularly, cover everything from blogging to Facebook, LinkedIn and Twitter.
8. Ensure that the rules are fair and that they apply throughout the business.
9. Enforce the rules – if there is a deliberate or malicious contravening, disciplinary action needs to be taken. A policy isn’t worth having if it is seen to be lax and unenforced.
10. Review the policy regularly to ensure you keep up to date with new systems and technology.
Phil Vasic is Regional Director, APAC, at Clearswift, the software security company www.clearswift.com
Security ABC Guides
7 Ways to Protect Your Business Printers
Can a hacker burn down your business by remotely setting one of your printers on fire? Researchers at Columbia University have recently proposed such a scenario, although HP quickly denied that it's possible. However, even if your printers can't be used as remote firestarters, there are many risks involved in networking a printer.
