Social media security: Three things to do, and three to avoid
Social media is sometimes regarded as a double-edged sword.
Phil Vasic | 30 Nov | Read more
Social media is sometimes regarded as a double-edged sword.
Phil Vasic | 30 Nov | Read more
Juniper Network's Tim Nagy speaks to CSO Australia.
The aim of this article is to provide companies that offer outsourced services, (dealing with the management of information), some tangible, commercial benefits to go down the ISMS implementation and certification path.
Mark Jones | 13 Sep | Read more
Talk about disconnect! Analysts, security engineers and other infosec geeks aim for Swiss-watch precision, because one little mistake means the bad guys win. We want people to take this seriously, right? So why do certain marketing and PR departments spread a load of what my father, a man more polite than me, would have called "bulldust"?
Stilgherrian | 13 Sep | Read more
I have created my own interpretation of what a good pragmatic Security Operations Model (SOM) would look like. This has been adapted from a number of Security Frameworks and Industry Good Practices like ITIL, COBIT, NIST, OCTAVE, OWASP and the ever present ISO 27001/2 all of which have an input into the structure and makeup of an effective security operations framework or security operations model.
Puneet Kukreja | 13 Sep | Read more
Cybercrime today is run as a business, with ROI, user support, clear hierarchies and business plans. One aspect of this type of business is the high rate of innovation, leading to new technical advances in cybercrime proliferation.
Robert Layton | 07 Sep | Read more
Every year sees an increase in usage of the Internet. Broadband penetration rises. More websites are created. Business grows by sharing information with their partners. This desire to reach the masses and provide goods and service cheaper and faster than their competitors often means trade-offs are made. These trade-offs typically involve trading accessibility for security.
Jarrod Loidl | 07 Sep | Read more
Since the outbreak of civil unrest in the Middle East, we have seen an increased focus on the role played by social networking and mobility. When these two technologies are combined, the ability of a ‘flash mob’ to rally behind a single idea, or to a single location, has greatly increased.
Rob Forsyth | 05 Sep | Read more
Technology is a wonderful thing but while the majority of people will use it for proper and honest purposes, there will always be a small percentage who will use it for unethical reasons. And this is an important point to make – people use the technology for illegal or immoral purposes; the technology itself is not the issue.
Neil Gaughan | 05 Sep | Read more
Operations Shady RAT, Operation Aurora, Operation Night Dragon sounds like names out of a WikiLeaks memo or even more a Hollywood action blockbuster. Sadly not, these are the three names that have done the rounds in the last 2 – 3 years where information security defenses of organizations were not only breached but data assets were stolen for sure.
Puneet Kukreja | 31 Aug | Read more
“Better the devil you know than the devil you don't”. No matter how bad something is, knowing about it is half the battle won. So when something new comes along, like IPv6, its very newness is an issue.
Despite my obsession with social media and constantly telling people where I am and what I'm doing, I pride myself as being a generally careful person with my personal data both online and in the non-web world.
Lisa Banks | 22 Aug | Read more
For years, professionals of the information security industry have been advising and using risk-based approaches to securing organisations and their information assets. This has been the received wisdom for so long that this is now encompassed in industry standards, such as ISO 27001, FIPS 200, etc.
Charles Wale | 19 Aug | Read more
Organisations invest a lot of time, money and effort in collecting, storing and mining data to derive positive outcomes for their business.
Murray Goldsmith | 13 Aug | Read more
With a career in IT longer than I am willing to admit (suffice to say that it all began in a time when dinosaurs ruled the earth!), I am a relatively recent recruit to the Information Security profession. Not that the concept of security was new or strange, after all, security has been a function of IT for as long as I’ve been around.
Sue Strodl | 15 Aug | Read more
Recent publicity for online hacking groups such as Anonymous and Lulzsec has seemed to show that nobody is immune from attack on the Internet. Once targeted, it seems that these groups are capable of breaching security systems and retrieving data, including identity information, from the most secure systems.
Robert Layton | 13 Aug | Read more
Enterprise Security Architecture for an organisation as a discipline is required to outline an enterprise wide risk-driven approach to information security and deliver infrastructure solutions in response to the organisations threat profile. Enterprise Security Architecture is required to drive and support the standardisation and management of an organisations information security discipline.
Puneet Kukreja | 10 Aug | Read more
Many IT managers and their teams treat an audit of their IT function as if it was a trip to the dentist for a root canal. More informed operators will realize that IT audit, particularly internal audit can assist them in gaining visibility with management of known and often ignored issues and securing funding and management commitment. The following are tips to help you get the most out of an IT audit of your IT security by avoid disruption, piecemeal activities and duplication of effort.
Matthew Hackling | 29 Jun | Read more