A series of dynamic technical talks at the inaugural CSO Australia-AWSN Women in Security conference highlighted the innovative perspectives and problem-solving nous that women bring to cybersecurity roles.
David Braue | 04 Sep | Read more
New EU law aims to raise cybersecurity standards across borders.
Organisations are leaving themselves exposed by failing to demand adequate security protections when buying new technology, according to a senior Cisco executive who warned that security and networking specialists must work together better to close persistent gaps.
David Braue | 05 Mar | Read more
Businesses wanting to improve their security practice need to reconsider the way they position cybersecurity within their business philosophy, a security analyst has told an audience of security practitioners while warning that the persistence of “terrifying” images of cybersecurity practitioners had challenged the progression of cybersecurity into becoming a mainstream business concern.
David Braue | 05 Mar | Read more
While spending on cybersecurity expertise would seem to be a no-brainer, the large number of companies without formal inhouse expertise suggests another ongoing, underlying challenge in finding and securing those skills within the current competitive market.
By CSO staff | 22 Feb | Read more
More than a third of reported Australian data breaches are due to human error, the Office of the Australian Information Commissioner (OAIC) has revealed as it released its first full-quarter statistical report about the functioning of the new Notifiable Data Breaches (NDB) scheme.
David Braue | 31 Jul | Read more
Users tend to receive the most emails with malicious attachments on Thursdays and they’re most likely to click on messages in the morning purporting to be from the local postal service, according to an analysis of email attacks that has reinforced the importance of time and human factors for cybersecurity protection.
David Braue | 08 Jun | Read more
On 22 February 2018, new laws mandating businesses to report the leak of personal identifiable information (PII) to the Office of the Australian Information Commissioner (OAIC) come into effect. During this year’s AusCERT conference Ben Di Marco and Matthew Pokarier walked through this new law and what it means for businesses.
Anthony Caruana | 08 Jun | Read more
Australian IT experts are struggling to secure increasingly complex networks and increasing compliance pressure isn’t providing enough incentive for change, a security expert has warned as looming breach-notification legislation threatens to publicly expose poor risk management practices and their consequences.
David Braue | 08 Jun | Read more
Even as one-time Internet giant Yahoo is swallowed in a $6.5 billion acquisition, merger and acquisitions (M&A) experts have warned that due-diligence audits of companies targeted for acquisition often reveal cybersecurity risks that compromise compliance and could threaten the merger and acquisition activities.
David Braue | 01 Aug | Read more
Twitter has suspended at least two accounts that were spreading links to spyware aimed at people who sympathise with terrorists.
Victoria’s Commissioner for Privacy and Data Protection, David Watts has issued the Victorian Protective Data Security Standards (VPDSS).
Rohan Pearce | 27 Jul | Read more
If enterprises want to understand how they can better invest in security defenses, build the necessary processes to respond to attacks, and mitigate the risks of a breach they need to get threat intelligence right.
George V. Hulme | 04 Apr | Read more
Security researchers have blown the whistle on an app that should arguably never have been published for Google’s one-billion-plus Android users on Google Play.
Australian ICT security specialists are earning less than ICT sales professionals, network specialists, telecommunications engineers, and other skilled ICT professionals, a new Australian Computer Society (ACS) analysis has found.
David Braue | 09 Jul | Read more
Australia may be the world's fourth-largest holder of network-security patents, but its Telecommunications companies and government agencies are the least trusted industries when it comes to protecting user data, a new survey has found. Case in point: the besieged US Office of Personnel Management – already hit with a class-action suit over the recent breach of data on US government employees – which took a key system offline after a security flaw was identified in a Web-based background-check system.
David Braue | 06 Jul | Read more
Along with death and taxes, security compliance programs are becoming one of the unavoidable facts of life for many of us. That means someone has to create a compliance program so you can monitor and put appropriate controls in place around information security.
Anthony Caruana | 05 Jun | Read more
NBN Co is now nearly two years into its Protective Security Policy Framework (PSPF) compliance program, and has come a long way from when it started, says Dr Malcolm Shore, principal security officer at NBN Co.
Mark Wheeler | 26 Nov | Read more
What’s the most important factor of a successful security program? Technology such as endpoint protection? Making sure your change management processes and system development life cycle includes consideration of security risks? Strong policies? Not quite.
Wayne Chung | 02 Feb | Read more
As a CSO and CIO you may be wondering why I crafted a diagnostic related to understanding your most critical web products. The original purpose of the diagnostic was to discern which applications and how applications are ported successfully to a service provider's cloud. The diagnostic determines which cloud IaaS products (storage components, network components, and virtualization machines) are needed for an application. It addresses the platform components (server/operating system and web server) in the PaaS layer. Lastly, it focuses on the SaaS software application.
Gregory Machler | 05 Aug | Read more