Features
- +
Ticked Off at Tick the Box Mentality 04 February, 2008 13:01:15
Does your executive search firm know the difference between an MIS manager and a CIO, and if it does, can it explain that difference to its corporate clients?Does your executive search firm know its MIS managers from its elbow? Does it even know the difference between an MIS manager and a CIO, and if it does, can it explain that difference to its corporate clients? - +
Your World. . . Hacked 02 October, 2007 10:51:23
As your business becomes more collaborative and global, the risks to your company’s trade secrets rise proportionally. Fortunately, there are new strategies to protect the data that allows you to competeThe call to Bob Bailey, an IT executive with a major US government contractor, came on an otherwise ordinary day in October 2003. "Why are you attacking us?" demanded the caller, an IT leader with a Silicon Valley manufacturer. He wanted to know why Bailey's company had launched a denial-of-service attack against his network - +
The Declaration of Interdependence 03 September, 2007 15:02:56
The world has changed. You can’t deny employees the freedom to use consumer applications at work. Here’s how to live with and profit from themDigital cameras didn't creep up on the Drees company as much as they pounced. Five years ago a lot of employees at the $US1.1 billion real estate company weren't even using computers. Today, those same employees are responsible for one of the company's more innovative uses of technology - +
Doing Your Sums on . . . Build, Buy or Rent 05 November, 2007 13:32:30
You’re trying to build a world-class IT team, but everyone’s going after the same talent pool. What mix works best? Should you grow your own, draft your players or barter your way to the line-up you want to field?CIOs should never forget that while new technologies have a maturity cycle, the maturity cycle for human beings in IT is even longer - +
Reconcilable Differences 06 August, 2007 13:03:30
Companies that ignore IT during a merger or acquisition do so at their own peril. Without a carefully considered and well-managed road map, IT risks an imperfect integration, loss of key staff, business disruption, and an unnecessarily complex environmentThe health-care company had been planning to install a state-of-the-art system, which would have been all but guaranteed to slash operational costs. It had completed the preliminary research, selected a system and begun the implementation process
- +
Adobe launches hosted services, adds Flash to Acrobat 03 June, 2008 09:02:44
Adobe to launch Web site offering users free hosted services for document creation, sharing and storageAdobe this week is set to unveil the next version of its Adobe Acrobat software, which adds support for the company's Flash multimedia technology. The company also plans to launch a new Web site offering users free hosted services for document creation, sharing and storage. - +
Dark secrets, ugly truths: When ethics and IT collide 18 September, 2007 09:56:03
With IT's unfettered access to both professional and personal data, should "follow your conscience" be part of the job description?It still weighs heavily on Bryan's mind, what he found on that executive's computer, especially when he thinks of his own daughters. He's particularly troubled that the man he discovered using a company computer to view pornography of Asian women and of children was subsequently promoted and moved to China to run a manufacturing plant. - +
How to think like an online con man 02 October, 2007 09:17:35
An enterprise is only as secure as the weakest human link. Here's how to use social engineering to test security defenses.Con job, pretexting, social engineering -- the art and science of manipulating human beings for nefarious ends -- goes back as far as the origin of the species. The techniques have been practiced and perfected by a rogue's gallery of flimflam artists, from legendary carnival operator P. T. Barnum to infamous FBI mole Robert Hanssen.
Read up on the latest ideas and technologies from companies that sell hardware, software and services. Newsletter Subscription
Believe it or not, a data breach isn't the worst thing that could happen to your organization. Reacting poorly to the incident could be, however.
Experts agree every organization that stores personal or financial information about customers, partners or employees or that has intellectual property in electronic form should be considered a target — that's arguably just about every organization doing business. Instead of assuming data breaches happen only to large financial services companies or retailers, companies large and small in every industry should be prepared to react to help minimize damage and quickly restore customer confidence, they say.
"It makes all the difference in the world" if a company is prepared to respond to a data breach or other type of cyberintrusion, says Tom Bowers, managing director of Security Constructs, a security services firm based in the US.
Here is a list of what companies should do and what they should avoid doing in the case of a data breach, besides putting a computer-emergency response team in place to react to such incidents.
The list is compiled from interviews with consultants and security experts who have had to deal with these incidents or who have been called in to help companies immediately following an attack:
DO confirm and contain the problem.
This seems obvious, but in the stress and confusion of the moment, the importance of knowing exactly what happened can get lost. Once evidence of a potential data breach has been uncovered (customers complaining of fraud alerts on their credit cards, server logs showing unauthorized access to sensitive data, and so forth) security professionals should work with the IT team to determine whether a breach happened and how it happened, and to fix the weakness if possible.
"You need immediate containment; that's where the network and system folks jump in, and you need to let that team do its job," says Ed Zeitler, executive director of the International Information Systems Security Certification Consortium and former CISO of Charles Schwab.
DON'T contaminate the crime scene.
Decide whether the IT team can plug the security leak without modifying the computers from which the data was stolen; if not, call in security experts — preferably a company you have hired beforehand and have put on retainer to help in case of an incident. While this may delay reacting to an incident, it could help your company down the road.
"Often we see [an incident] could be an open-and-shut case, but the company muddied up the crime scene and so law enforcement won't achieve prosecution," says Bryan Sartin, vice president of investigative response with security services provider Cybertrust, which in May Verizon Business announced plans to acquire.
DO communicate with and rely on other departments.
You don't want legal counsel involved to the point that they are combing through log files, but security professionals who alert other key departments — legal, compliance, human resources, public relations, marketing and of course, the executive team — will put themselves on a better footing if they alert key departments in the breach's early stages, rather than at a point that could be construed as after-the-fact.
What's more, security professionals should rely on all these resources for help in the case of a breach. "The security person shouldn't feel they own the responsibility of what steps to take for the company; they should leverage resources and collaborate," says Randy Barr, CSO of WebEx, a conferencing and collaboration services provider that Cisco in March 2007 announced it plans to acquire. Because responding to a data breach is a multifaceted process that can include alerting customers, issuing press releases, dealing with regulators and possibly even litigation, security professionals should leverage the resources available to them, he says.
"Security is not 100 percent; you're in a race to protect yourself and your customer data. The biggest thing is not having to rely on your security program to address [all] the issues," Barr says.
DON'T go on the defensive.
"You need to keep an open mind," says an investigation manager with a US financial services company who has been called in to help his company's partners deal with security incidents, and who asked that his name and his company's name not be used. "A lot of times these guys are walking into a boardroom with the CEO, COO, CIO and head of IT, and all they're saying to themselves is, 'My job is going down the tubes,'" he says. "Go into it with an open attitude and spirit of cooperation, that's how you'll want to be perceived."
DO remember that it's not only your job that could be affected by a breach.
While some security professionals may believe it's best not to bother the executive team with details of an incident, those executives can be held accountable and therefore need to know what's happening. "While customers might be becoming a little more desensitized to data breaches [because they're in the news so often,] CIOs are becoming a lot more sensitized," says Security Constructs' Bowers, who previously was senior manager of information security with US-based Wyeth Pharmaceuticals. "That's what is driving money into security: More companies are saying we need to meet these privacy regulations because they could affect our stock price . . . and bonuses."
DO be honest in communicating with the public, customers, employees and partners.
How a company alerts people to a breach is the first step in rebuilding their confidence in the organization. Without giving away too many details, offer an honest assessment of what happened. If the company has no reason to believe the stolen data has been used by the criminal, state that, too.
DON'T go public until you know what happened.
If a company has to change its story about what happened — a la TJX — their credibility is instantly eroded. "You can cause panic sometimes," says the investigation manager. "TJX released information that wasn't necessarily true [about the extent of stolen information and when it was compromised] and caused the people who were working on that case trying to identify the extent of the breach to be sidetracked trying to answer the feeding frenzy in the media," he says.
"They did exactly the wrong thing."
2008 CIO Summit
19th August, 2008 Four Seasons Hotel, Sydney Developed in partnership with CIO Magazine, IDC, INTEP and the CIO Executive Council.
The world of the CIO is extremely complex and diverse. Multiple priorities demand attention and decisions are needed instantly. Individual teams need to be driven towards common goals, and businesses strive to become more mobile, agile and responsive. For CIOs, the challenge never ends.
Every year the CIO Summit identifies what is top of mind for CIOs across Australia and New Zealand, and offers insight for CIO benchmarking and vendor strategic planning alike.
Recent IDC research shows that over 59% of CIO's believe that 'to achieve their business strategies, technology should be used more aggressively than today.'
Join us on August 19th to discover how this is possible with the latest technologies including Virtualisation, Web 2.0, IP Surveillance and Software as a Service (Saas).
Click here for more information.
Please email Denyse_Robertson@idg.com.au for further information.
- +
CIO Live Podcast #79: Brent D Taylor, author of The Outsider's Edge: The Making of Self-Made Billionaires Part II 05 October, 2007 06:00:00
For his new book, The Outsider's Edge: The Making of Self-Made Billionaires, social researcher Brent D Taylor spent four years of intensive research investigating the psychological make-up and backgrounds of some of the world's richest men and women, including IT luminaries Bill Gates, Larry Ellison and Steve Jobs. Taylor discovered that, despite working in different industries and coming from different upbringings, they all have one thing in common -- they are all outsiders. - +
CIO Live Podcast #78: Brent D Taylor, author of The Outsider's Edge: The Making of Self-Made Billionaires 28 September, 2007 17:34:25
For his new book, The Outsider's Edge: The Making of Self-Made Billionaires, social researcher Brent D Taylor spent four years of intensive research investigating the psychological make-up and backgrounds of some of the world's richest men and women, including IT luminaries Bill Gates, Larry Ellison and Steve Jobs. Taylor discovered that, despite working in different industries and coming from different upbringings, they all have one thing in common -- they are all outsiders. - +
CIO Live Podcast #77: Panasonic Speeds Up Trans-Pacific File Transfers, Part III 21 September, 2007 07:00:00
Part three in our three-part special report from CIO's sister publication Network World in the US, as Paul Desmond reports from the Network World IT Roadmap Conference in Santa Clara, California. With development teams in the US and Japan, Panasonic needed a more efficient way to move very large files between the two locations. Iben Rodriguez, IT consultant for Panasonic Research and Development, explains how a storage-area network and virtual server technology helped speed up WAN performance. - +
CIO Live Podcast #76: Panasonic Speeds Up Trans-Pacific File Transfers, Part II 14 September, 2007 07:00:00
Part two in our three-part special report from CIO's sister publication Network World in the US, as Paul Desmond reports from the Network World IT Roadmap Conference in Santa Clara, California. With development teams in the US and Japan, Panasonic needed a more efficient way to move very large files between the two locations. Iben Rodriguez, IT consultant for Panasonic Research and Development, explains how a storage-area network and virtual server technology helped speed up WAN performance. - +
CIO Live Podcast #75: Panasonic Speeds Up Trans-Pacific File Transfers, Part I 07 September, 2007 07:00:05
Part one in our three-part special report from CIO's sister publication Network World in the US, as Paul Desmond reports from the Network World IT Roadmap Conference in Santa Clara, California. With development teams in the US and Japan, Panasonic needed a more efficient way to move very large files between the two locations. Iben Rodriguez, IT consultant for Panasonic Research and Development, explains how a storage-area network and virtual server technology helped speed up WAN performance.
- +
How to not have your Web site hacked like Sony's 07 July, 2008 08:23:22
A SQL injection attack was used to plant malicious code on pages of two popular Sony Playstation games - SingStar Pop and God of War, reports security company Sophos. Hundreds of Web pages from other businesses have also been compromised.The US Sony Playstation Web site is the latest high-profile victim of a hacker attack on business sites that's spreading malware at breakneck pace, says a security vendor. - +
AG launches review into national e-security 07 July, 2008 11:07:49
Howard's security agenda dragged over coals.A review of Australia's top e-security projects lead by the Attorney-General's Department has been launched to scrutinise the Howard's government's $73 million E-Security National Agenda. - +
Selling zero-day exploits has a down side 07 July, 2008 10:16:36
There is an ongoing argument about the ethics of selling 0-day exploits on the open market: It helps if you don't sell exploits targeting the company you work for.Information Security can sometimes be a funny field to work in. Some days it seems as if anybody with their hands on unpublished exploit code can sell it for all they're worth, and others it seems that they are set to become the target of law enforcement and the companies the code affects. It does help if you don't work for one of the companies that is set to be affected by the exploits you are trying to sell and aren't trying to bootstrap a competing company in the process. - +
'I have a lost laptop horror story for you' 30 June, 2008 10:08:14
The devil of identity theft is in the details that follow...The devil of identity theft is in the details that follow: Russ Jones tells a tale of woe that isn't particularly dramatic -- or rare -- and yet it's exactly the kind of story that worries me enough to ignore my better judgment and buy identity-theft protection from my insurance provider. - +
SQL attacks lobs onto pro tennis site 02 July, 2008 11:52:19
Wimbledon perfect time for crook's criminal racket.Visitors to the Association of Tennis Professionals Web site have potentially been infected with spyware after apparent lax security allowed a malicious script to be injected across its pages.
Logica Launches HotScan Plus to Address Risk of Terrorist Fund Transfer 07 July, 2008 09:43:00
Rittal Launches Computer Room Air Conditioning System for Low and Medium Density Envrionments 07 July, 2008 08:50:00
Ballarat Grammar Improves Student Access to Computer Based Learning with HP ProCurve 04 July, 2008 16:49:00
Media release: 40 Per Cent of Australian Businesses Do Not Validate Their Data 04 July, 2008 10:29:00
Kaseya helps turbo charge BlueFire’s service delivery model 03 July, 2008 17:23:00
|
||
|
||
|
|
||
|
Growth Strategies in Uncertain Times: Building and Maintaining Lasting Client Relationships in Professional Services Organisations
To stand out and build your business, there are certain key attributes you must build across your firm. Learn how to grow your business and to think strategically about building and deepening core client relationships by reading on.
Subscribe to CIO
