Security » Features »

Analysis: Massive layoffs at HP make for IT outsourcing identity crisis

It's been more than three years since HP acquired IT services provider EDS, and the long-term direction of its bigger - if not better - outsourcing business is no more clear than it was on the day the deal closed.

Mobile malware: Beware drive-by downloads on your smartphone

While Jeff Schmidt, the CEO of JAS Global Advisors, was surfing the Web on his new Android smartphone (his first Android phone) earlier this year, what appeared to be an ad popped up on his screen. The "ad" looked like the prompt that appears when his phone rings. He clicked the button on the ad to pick up the putative call, and the ad began downloading a binary file - malware - onto his Android phone. Schmidt had been hit by a drive-by download, a program that automatically installs malicious software on end-users' computers--and increasingly, smartphones--without them knowing.

Guide: How to be ready for Big Data

Big Data is all the rage these days, and more than a few organizations are at least wondering what sort of business intelligence they could derive from all the information at their disposal.

13 security myths you'll hear - but should you believe?

They're "security myths", oft-repeated and generally accepted notions about IT security that arguably are simply not true - in order words, it's just a myth. We asked security experts, consultants, vendors and enterprise security managers to share their favorite "security myths" with us. Here are 13 of them.

Resources CIOs in Australia

In a fast growing sector, the bottom line is everything

2011's biggest security snafus

Perhaps it was an omen of what was to come when the city of San Francisco on New Year's Eve 2010 couldn't get a backup system running in its Emergency Operations Center because no one knew the password.

Hackers target IPv6

If your IPv6 strategy is to delay implementation as long as you can, you still must address IPv6 security concerns right now.

Bad new world - Cyber risk and the future of the US

In September 2007, in a remote laboratory in Idaho, researchers began to show that that picture had begun to change, dramatically and irreversibly. Dubbed "Aurora," the researchers' project demonstrated the ability of a cyber hacker to destroy physical equipment--in this case a generator used to create electricity for the power grid.

Security breach

No company wants to be associated with a data breach, but if your systems are compromised the fallout can sometimes be more damaging than the act itself.

Cloud security: how to protect your data

To use Cloud computing securely requires companies to know where their data is stored and who has access to it. Ironically, the reason Cloud is so popular is because organisations don't want to worry about these details.

So can the issue be solved by adhering to standards? Increasing legislation? Maybe we need a global technical disaster to ‘sober up’ an industry drunk on the power of Moore's Law.

Top 10 hacking movies

2011 so far has been filled with news of high-profile hacking - the Epsilon data breach, Microsoft and the various attempts of the nefarious Anonymous. Even the Australian Government copped a little unwanted interest. With this in mind, we thought it was time to track down the top ten Hollywood movies about hacking.

Apple iOS: Why it's the most secure OS, period

In June 2007, Apple released the iPhone, and the device quickly took off to become a major brand in the smartphone market. Yet when the iPhone shipped, security on the mobile operating system was nearly nonexistent. Missing from the initial iOS (then called iPhone OS) were many of the security features that modern-day desktop software has as a matter of course, such as data-execution protection (DEP) and address-space layout randomization (ASLR). Apple's cachet lured security researchers to test the platform, and in less than a month, a trio had released details on the first vulnerability: an exploitable flaw in the mobile Safari browser.

Smart grids set to revolutionise energy companies - Part 3

Adding new layers for both improved communications and business-focused data analysis may add pressure to already pressured CIOs, but information executives aren’t the only ones staring down organisational change as a result of the industry’s new information-driven dynamics.

Smart grids set to revolutionise energy companies - Part 2

Smart meters have a way to go. The recent 2010 Australian Smart Grid Study, a survey of 13 Australian utilities by sector consultancy Logica, showed an average self-reported maturity rating of just 2.14 on a scale of 1 to 5, and communications networks to support them rated 2.80.

Smart grids set to revolutionise energy companies - Part 1

Like any entrepreneur, Andrew Dyer is excited about the possibilities for his clean-energy venture, BrightSource Energy. The company, of which he is a director, is this year partnering with energy giant Chevron to cover 1000 acres of the US desert with 4000 mirrors that reflect sunlight onto three boilers mounted atop each of three 100 metre towers.

Internal security top of mind for AusCERT

When a delegate list includes people from the US Naval Criminal Investigation Service (NCIS), AusCERT 2011 organisers know all too well that their security may be tested.

Legal issues in the Cloud - Part 4

One of the remaining key issues Cloud users need to consider relates to the notion of being locked-in to certain applications or systems — and if a user wants to transfer data or applications from the Cloud, whether the data is portable between service providers. In these circumstances, a user will need to consider its requirements to access data some years into the future for a plethora of regulatory reasons.

Legal issues in the Cloud - Part 3

Proper due diligence focuses on identifying the players in the Cloud relationship. That is, who is actually involved in providing the services and are they the same entity (or entities) that are processing or storing data? In the case of aggregators, for example, a Cloud user could be dealing with a single entity which itself is provided services by various third parties.

Legal issues in the Cloud - Part 2

Unlike a fixed server in your office or at a data centre in Australia, data in the Cloud can potentially be located anywhere in the world — even in multiple data centres in multiple copies worldwide. A Cloud service provider may not even know where the data resides at any one time. The Cloud may not be tied to any particular location but this is clearly not the case with the laws of each country. Any ‘global’ technology solution will be impacted by the laws of a large number of nation states. As a result, sending and processing data around the globe could, in the process, fail to comply with data protection and privacy laws in various countries.

Legal issues in the Cloud - Part 1

The Cloud can be cheaper, more flexible, easier to manage and efficient. But users and providers of Cloud services have to weigh these advantages against the risks or perceived risks — such as regulatory compliance, security, performance, availability of service, and liabilities and remedies under the governing contracts.