Talk about disconnect! Analysts, security engineers and other infosec geeks aim for Swiss-watch precision, because one little mistake means the bad guys win. We want people to take this seriously, right? So why do certain marketing and PR departments spread a load of what my father, a man more polite than me, would have called "bulldust"?
Stilgherrian | 13 Sep | Read more
I have created my own interpretation of what a good pragmatic Security Operations Model (SOM) would look like. This has been adapted from a number of Security Frameworks and Industry Good Practices like ITIL, COBIT, NIST, OCTAVE, OWASP and the ever present ISO 27001/2 all of which have an input into the structure and makeup of an effective security operations framework or security operations model.
Puneet Kukreja | 13 Sep | Read more
October 17 marks the start of the two-day Australian IPv6 Summit, to be held in Melbourne. This year the event returns to the Sebel Hotel in Albert Park, with a speaker line-up that reads like a who’s who of networking industry in the APAC region. The event promises to continue the evangelisation of IPv6 — the next generation of Internet Protocol that ultimately we are eventually going to need whether we like it or not.
HP today unveiled "Secure Boardroom," an online portal where the corporate CEO, CIO and risk officer can be presented with a view of technical and business information related to operational security.
Ellen Messmer | 13 Sep | Read more
Permanent staff with SAP and IT security skills were in short supply last month, according to the latest Report on Jobs from the Recruitment and Employment Confederation (REC) and KPMG.
Anh Nguyen | 08 Sep | Read more
In December 2010, a group of nearly 3000 activists under the name "Operation Payback" <a href="http://www.pcworld.com/businesscenter/article/212701/operation_payback_wikileaks_avenged_by_hacktivists.html">launched online attacks</a> against PayPal, MasterCard, and Visa, briefly knocking the three financial services' sites offline and preventing consumers from accessing ATMs or online banking services. The activists retaliated against the three companies for severing ties with WikiLeaks, an online repository for whistleblower data that had recently included thousands of secret communications from the U.S. State Department and other world governmental agencies. Nine months later more than a dozen people--most between the ages of 19 and 24--were arrested in connection with these denial-of-service (DoS) attacks, even as new attacks were hitting corporate, military, and government sites worldwide.
Robert Vamosi | 07 Sep | Read more
Every year sees an increase in usage of the Internet. Broadband penetration rises. More websites are created. Business grows by sharing information with their partners. This desire to reach the masses and provide goods and service cheaper and faster than their competitors often means trade-offs are made. These trade-offs typically involve trading accessibility for security.
Jarrod Loidl | 07 Sep | Read more
Sony has named US government cyber security czar Phillip Reitinger its first chief information security officer (CISO). The newly filled post was one of Sony’s key responses to its first major customer data breach in which 77 million customers personal details were compromised.
The rise in cyber attacks continue to increase in frequency and sophistication. Attacking the source of the cyber attacks is illegal, but in instances where the source is known and there is no collateral damage it may be occurring under the guise of active-defence.
The Australian Defence Force (ADF) has the primary purpose of defending Australia against armed attack such as the Japanese air raids on Darwin and northern Australia during WWII. It also participates in UN peace keeping, operations with allies such as the USA and disaster relief. In essence the ADF is a form of “insurance” against security threats to our nation.
Neerav Bhatt | 25 Aug | Read more
Veteran Mincom head Greg Clark will take charge of specialist networking security and optimisation firm Blue Coat Systems.
The Australian Information Security Association (AISA) National Conference 2011, to be held on 9 November in Sydney, is set to be a standout event that will help drive future directions for Australia's information security industry.
Following several executive leadership changes earlier this year, Houston-based holding group Attachmate has promoted Martin Mooney to Country Manager, New Zealand.
More budget? Perhaps a little. More attention from senior management? Yes, a bit. Better results? That's not so clear.
Derek Slater | 18 Aug | Read more
Spam - particularly the kind with malicious attachments - is exploding, reaching a two-year high overall, which includes the spike last fall just before the SpamIt operation folded its doors, a security firm says.
Tim Greene | 18 Aug | Read more
With a career in IT longer than I am willing to admit (suffice to say that it all began in a time when dinosaurs ruled the earth!), I am a relatively recent recruit to the Information Security profession. Not that the concept of security was new or strange, after all, security has been a function of IT for as long as I’ve been around.
Sue Strodl | 15 Aug | Read more
Recent publicity for online hacking groups such as Anonymous and Lulzsec has seemed to show that nobody is immune from attack on the Internet. Once targeted, it seems that these groups are capable of breaching security systems and retrieving data, including identity information, from the most secure systems.
Robert Layton | 13 Aug | Read more
<a href="http://www.computerworld.com/s/article/9218830/McAfee_Shady_RAT_hackers_compromised_72_organizations_since_2006">McAfee reports a hack of unprecedented proportions</a> , an attack referred to as an "advanced persistent threat" (APT), which potentially involved dozens of companies and organizations.
Ira Winkler | 12 Aug | Read more
Enterprise Security Architecture for an organisation as a discipline is required to outline an enterprise wide risk-driven approach to information security and deliver infrastructure solutions in response to the organisations threat profile. Enterprise Security Architecture is required to drive and support the standardisation and management of an organisations information security discipline.
Puneet Kukreja | 10 Aug | Read more
Cisco has admitted to sending customers warranty CDs that, when opened in a browser, took users to a website know to have hosted malware.