Risk Management / News

I am constantly astounded at the number of people who cannot answer this question or can only answer it with generalities or anecdotes. They have no or very little objective data, writes Owen McCall.

Martin Catterall returns to New Zealand after 20 years, assumes post in early 2014.

For years, CIOs raged against stealth technology that could put their company's security - and maybe their authority - at risk. Today, though, IT executives see the world differently and are quick to explain that they should be ambassadors between tech vendors and business users.

Any employee with access to sensitive data is a potential threat, whether they know it or not. Even if they don't have malicious intentions, the inherent nature of their privilege is what makes them so dangerous.

Here are five pillars to consider in rethinking your approach to data security in a cyber-environment in which both values and risks increase daily.

If your data center is reaching capacity and you're thinking about cracking open the corporate piggy bank to fund a new data center, stop right there.

The one constant about user awareness training is that the awareness part is supposed to stick with you. Learning how to spot one type of phishing email is only good for that particular email, thus the concept of awareness is learning to trust your gut when something looks suspicious.

Mashable recently published a Q&A with an anonymous drug dealer who was operating on Silk Road, the massive online drug marketplace that was shuttered after the FBI arrested its proprietor earlier this week.

The successful relationships share the same best practices while the failed arrangements are uniquely flawed. But, in fact, the most disappointing deals do share common characteristics.

NetSafe warns New Zealand businesses to take preventative measures against sophisticated phishing after the local branch of an international retailer became the target of such attacks.

This year's America's Cup will be remembered for Oracle Team USA's jaw-dropping comeback against Emirates New Zealand, but it should also be remembered for the huge role computers have come to play in the competition.

The war on information security is worsening: organisations are now defending yesterday, while their adversaries are exploiting the threats of tomorrow, according to The Global State of Information Security Survey 2014, conducted by PwC and CIO and CSO magazines.

The game has changed and IT has a pivotal role to play in enabling business transformation.

Before you can be influential you need to be seen as fundamentally competent, writes Owen McCall. You have to be strategically relevant, that is, you have to understand your business and the issues your peers are dealing with on a daily basis. You have to be influential with your peers so that when you talk knowledgeably about how IT can deliver value to the business or how IT was altering the competitive landscape, they listen.

By 2014, 80 per cent of IT security executives will be required to report risk issues to their board of directors but many presentations need improvement, according to a Gartner security analyst.

Few would deny the chief security officer role has evolved quite a bit in recent years. At many large companies, the heads of both physical and information security now report in to the same person, an enterprise CSO. The pace of change for the function is accelerating along with the ever-changing nature of threats.

It was a Sunday afternoon but Channa Jayasinha was in the Wellington City Council (WCC) complex when the earthquake struck.

After giving away the farm, some IT departments are bringing select outsourced services back in-house. Here's how they're doing it.

Data encryption could help enterprises protect their sensitive information against mass surveillance by governments, as well as guard against unauthorized access by ill-intended third parties, but the correct implementation and use of data encryption technologies is not an easy task, according to security experts.

Let's say your organization doesn't have a formal enterprise risk management program. If you're at a big company, ERM might seem daunting because of silos, inertia and so on.