IT Audit - News - CSO | The Resource for Data Security Executives

Google Cloud Platform gets PCI DSS certified

Google’s Google Cloud Platform has gained a key payments card industry certification that will make it more straightforward for developers to store and process credit card data in its cloud.

Liam Tung | 03 Dec | Read more

Amid G20, US State Department shuts down email due to hackers

The US State Department has shut down its unclassified email system to remediate possible damage caused by hackers.

Liam Tung | 17 Nov | Read more

Breaches inevitable but business leaders still “indifferent” to data security

Many senior executives still fail to recognise that information security is crucial to their company's survival and less than one in ten sees poor data security as the greatest risk to their business, according to an NTT Com Security survey released this week.

David Braue | 14 Nov | Read more

Patch Tuesday bug delays Microsoft’s quarterly Exchange 2013 update

Exchange admins hoping to receive Microsoft’s quarterly update for the email platform will have to wait weeks more due issues caused by a security fix that was scheduled to be released today.

Liam Tung | 12 Nov | Read more

BYOD programs almost always problematic, security managers warn

It's no secret that IT managers are concerned about the security implications of mobile devices, but a new Check Point Software Technologies survey has confirmed just how bad the problem has become as the majority of local respondents say rapidly-increasing numbers of mobile devices pose a significant jump in security issues.

David Braue | 10 Nov | Read more

The week in security: Security concerns as Australia moves towards data retention

Consumers are more concerned about credit-card security than they are about their own health, a new survey has concluded. Take it as an indictment of our consumer culture or an indication that our overall health is good, but with California alone reporting a six-fold increase in data breaches the threat is getting bigger all the time. With cybercriminals having developed a tool to optimise their use of stolen credit cards, things are likely to get worse before they get better.

David Braue | 03 Nov | Read more

Australian businesses “struggling” to stay ahead of cloud, mobile security risk

The ongoing scourge of ransomware and a persistent lack of knowledge around proper security procedures are helping drive strong growth for Dell SecureWorks in Australia and the Asia-Pacific region, according to the head of the company's regional security operations.

David Braue | 23 Oct | Read more

Android Lollipop makes WebView flaws easier to patch

With Android 5.0 or Lollipop, Google has put in place a framework for improving the security of Android apps.

Liam Tung | 21 Oct | Read more

The week in security: Snapchat, Dropbox deny culpability for photo, account leaks

Some 100,000 photos taken from Snapchat users weren't the service's fault, although some observers were seizing on the leak to argue for an improvement in security by Snapchat and other online services. Ditto Dropbox, which was also denying it was to blame after hackers published what they claimed were excerpts from 7 million Dropbox credentials; the cloud-storage giant blamed a third-party service for the leak, but security experts were still using the event to push their case for users to adopt two-factor authentication – particularly given that cloud security and ubiquitous identity for cloud services is still over a year away.

David Braue | 21 Oct | Read more

Identity is the Key to Security

Security is big business these days. With our old approach of blocking everyone at the border failing - mainly because no-one knows where the border is anymore - a risk-based approach is driving the way businesses think about their information and systems security.

Anthony Caruana | 22 Oct | Read more

Being FIRST in Information Security

Peter Allor is the Lead Security Strategist in IBM's Critical Infrastructure Group. He works at the forefront of information security, working with researchers to look at events, as they happen, to learn about new techniques that are being adopted by attackers from a protection perspective and how to deal with those in across distributed computing in the cloud. But he is on the board of directors of FIRST - the Forum of Incident Response and Security Teams and ICASI - the Industry Consortium for Advancement of Security on the Internet.

Anthony Caruana | 16 Oct | Read more

ASD security certification to boost Azure's Australian cloud: MS

Microsoft's Azure platform-as-a-service (PaaS) offering to Australian standards has taken a big step forward in the local market with the announcement that an audit of the company's Australian facilities has confirmed they meet Australian Signals Directorate (ASD) security standards for the transmission of government information.

David Braue | 07 Oct | Read more

CSO Perspectives Roadshow Sydney : IN PHOTOS

CSO & Enex Testlab join forces to deliver a first class IT Security event in Sydney's Four Seasons Hotel.

Abigail Swabey | 24 Sep | Read more

Digital signatures make peak season less taxing for H&R Block

Tax-preparation firm H&R Block has used a digital signature-based solution to streamline the process of bringing on additional tax specialists to help it through its busiest season – the third calendar quarter of the year, when the company will process more than 750,000 tax returns.

David Braue | 19 Aug | Read more

Japan's banking malware surge pushes Australia out of top 10

Australians may be getting smarter about banking scams after new figures from Trend Micro saw the country fall out of list of the top 10 countries most affected by banking malware.

David Braue | 13 Aug | Read more

ATO doing your tax return for you by accessing third party data sources

“We are basically aiming to do your tax return for you,” Bill Gibson, CIO of the Australian Tax Office told the Technology in Government Summit.

Stephen Withers | 07 Aug | Read more

As big-data “paupers”, CSOs must identify, work around skills gaps: Schwartz

“Severely understaffed” corporate IT security organisations need to concede that they can't do everything and undertake a realistic assessment of their capabilities before building partnerships with the companies that can, the global head of security operations with Verizon has warned.

David Braue | 23 Dec | Read more

IT Audit Survey Exposes Weak Risk Assessment

Even in the face of costly and embarrassing corporate security breaches, one in four companies fails to conduct any IT risk assessment. And 42% say there are areas of their information technology audit plans that cannot be addressed because of a lack of resources and expertise.

Roy Harris | 06 Oct | Read more

Fail a security audit already -- it's good for you

Failing an audit sounds like the last thing any company wants to happen. But that's because audits are seen by many as the goal of a security program. In reality, audits are only the means of testing whether enforcement of security matches the policies. In the broader context, though, an audit is a means to avoid a breach by learning the lesson in a "friendly" exercise rather than in the real world. If the audit is a stress-test of your environment that helps you find the weaknesses before a real attack, you should be failing audit every now and then. After all, if you're not failing any audits there are two possible explanations:

Andreas M. Antonopoulos | 05 Oct | Read more

Taken over by aliens? Don't worry; Google has it covered

Imagine what would happen if all the Google engineers turned rogue and held the world’s Gmail accounts to ransom. Or if aliens attacked earth and wiped California off the map.

Georgina Swan | 22 Aug | Read more

Americas

Asia

Europe

Oceania

Topics

About

Policies

Our Network

More

IT Audit — News