Risk Management Features

The fourth annual Gartner IT Security Summit kicks off this month and SC met with Andrew Walls, Gartner's local security analyst, for a sneak peak at the event's hot topics. At the rate data breaches occur, it might be easier for everyone to just post their private information straight to the web. SC caught up with Harry Archer, principal security consultant and head of security practice at BT Australia recently to discuss the current state of security in Australia, or it seemed, the lack of it.

Martin Atherton explains why a mismatch between information management capabilities and needs offers a golden opportunity. A recessionary funk is in the air, and if experience is any guide, IT, and consequently IT security, will be one of the first places CFOs and CEOs will look to slash budgets.
When we think about IT saboteurs, most of us picture a professional cyber-criminal or hacker bent on stealing confidential information or wreaking havoc. In both cases, the perpetrator is an outside party who breaches the data network of a company, institution, or government entity with malicious intent. A new Hall of Fame, more than 300 vendors and expert advice on the burning issues of the day are certain to attract more visitors than ever. The RSA Conference continues to strengthen its hold as the industry's most important gathering for IT security pros. As big business finally gets a hold on security, SMEs relying on off-the-shelf e-commerce tools are easy prey. There are plenty of tools around to make infosec professionals' life easier. But how do you find the right ones? Barry Mansfield reports. Does anyone today really believe that they can keep their personal information entirely confidential? While some people have personal preferences about how much personal information they are forced to reveal, to function within society requires some exposure of such information. All the technology in the world won't help if your employees don't follow security policies, so how can you win them over? Almost every day there is news of a company's security breach and, increasingly, many of these incidents are originating from an employee or other internal source. Web 2.0 is cool, it may even be useful, but it is also causing a headache for those paid to worry about IT security Our instinct is to fix bugs when we come across them, but sometimes that can cause more harm than good. Millions of applications are installed on company networks each day without the permission of the IT department. These pieces of software are known as ‘Greynets’. They are multiplying constantly and, with many remaining unknown to the IT team and others difficult to locate, are damaging network performance, distracting staff, and creating a hole in network defences. Does IT security risk management need actuarial analysts? Should the IT department define and control risk? Four of Australia’s leading IT security professionals sat down and discussed these burning issues. Don't take log files as absolute truth. They're only as reliable as the systems that generated them. A benchmark that provides a checklist to tell you if your security meets requirements is just what we need. Historically, IT security has been a business cost centre.