isGRCAdvisor
Australian Information Security, Governance, Risk and Compliance
Wednesday, May 15, 2013
Thursday, March 14, 2013
IS A Drop Bear Award 2012
First post for 2013 has started off with some reflection of the previous year. This was triggered by the task of updating the list of Australian/New Zealand Security Incidents for this site. Post and update to follow
IS A Drop Bear Award for 2012 goes to Australia Post
This was exceptional work a great lesson in how not to handle this type of good willed notification.
"The first time they said `oh, our customers are not as smart as you so they will never find this glitch'
Read about the fun
Australia Post 'ignores' online service security flaw
A SECURITY flaw on Australia Post's website is putting customers' privacy at risk, with the company allegedly believing people were not smart enough to find the glitch.
October 02, 2012. By Claire Connelly, News Limited Network
From <http://www.heraldsun.com.au/technology/australia-post-ignores-online-service-security-flaw/story-fn7celvh-1226486564175>
About IS A Drop Bear
Stands for - Information Security Australia Drop Bear Award
We were searching (late night drinks) for some sort of name that we could award the finest example of stupidity involved in Australian security incidents. Drop Bear and Drongo were leading the pack as a titles but abandoned when two new backpackers came into the bar.
In post production I'm giving Drop Bear the nod. Though Drongo (slow witted person) could fit most of the people/companies the thought is that the drop bear has more of the characteristics we are after.
A drop bear (or dropbear) is a Australian marsupial. Drop bears are commonly said to be unusually large, vicious, carnivorous koalas that inhabit treetops and attack their prey by dropping onto their heads from above. They are an example of local lore intended to frighten and confuse outsiders and amuse locals.
It is often suggested that having forks in the hair or Vegemite or toothpaste spread behind the ears will deter the creatures.
Essentially they are lazy killer, laying/sleeping in wait for a victim to stumble it's way, unexpectedly falls from on high, and rips your bloody arms off. Intelligent Australians know all about this magnificent creatures, it is the uninformed people who get killed. Mostly backpackers.
IS A Drop Bear Award for 2012 goes to Australia Post
This was exceptional work a great lesson in how not to handle this type of good willed notification.
"The first time they said `oh, our customers are not as smart as you so they will never find this glitch'
Read about the fun
Australia Post 'ignores' online service security flaw
A SECURITY flaw on Australia Post's website is putting customers' privacy at risk, with the company allegedly believing people were not smart enough to find the glitch.
October 02, 2012. By Claire Connelly, News Limited Network
From <http://www.heraldsun.com.au/technology/australia-post-ignores-online-service-security-flaw/story-fn7celvh-1226486564175>
About IS A Drop Bear
Stands for - Information Security Australia Drop Bear Award
We were searching (late night drinks) for some sort of name that we could award the finest example of stupidity involved in Australian security incidents. Drop Bear and Drongo were leading the pack as a titles but abandoned when two new backpackers came into the bar.
In post production I'm giving Drop Bear the nod. Though Drongo (slow witted person) could fit most of the people/companies the thought is that the drop bear has more of the characteristics we are after.
A drop bear (or dropbear) is a Australian marsupial. Drop bears are commonly said to be unusually large, vicious, carnivorous koalas that inhabit treetops and attack their prey by dropping onto their heads from above. They are an example of local lore intended to frighten and confuse outsiders and amuse locals.
It is often suggested that having forks in the hair or Vegemite or toothpaste spread behind the ears will deter the creatures.
Essentially they are lazy killer, laying/sleeping in wait for a victim to stumble it's way, unexpectedly falls from on high, and rips your bloody arms off. Intelligent Australians know all about this magnificent creatures, it is the uninformed people who get killed. Mostly backpackers.
Thursday, January 03, 2013
Quoting Christmas...
More quotes added to the Security Quotes page.
I really like this one:
Those of us in security are very much like heart doctors — cardiologists. Our patients know that lack of exercise, too much dietary fat, and smoking are all bad for them. But they will continue to smoke, and eat fried foods, and practice being couch potatoes until they have their infarction. Then they want a magic pill to make them better all at once, without the effort. And by the way, they claim loudly that their condition really isn’t their fault — it was genetics, or the tobacco companies, or McDonalds that was to blame. And they blame us for not taking better care of them. Does this sound familiar?
- Unknown
More links early next week.
I really like this one:
Those of us in security are very much like heart doctors — cardiologists. Our patients know that lack of exercise, too much dietary fat, and smoking are all bad for them. But they will continue to smoke, and eat fried foods, and practice being couch potatoes until they have their infarction. Then they want a magic pill to make them better all at once, without the effort. And by the way, they claim loudly that their condition really isn’t their fault — it was genetics, or the tobacco companies, or McDonalds that was to blame. And they blame us for not taking better care of them. Does this sound familiar?
- Unknown
More links early next week.
Wednesday, December 26, 2012
The 5 Ps of Online Shopping Risk Management
Great little article short and too the point, nice concept the 5Ps.
http://www.business2community.com/finance/the-5-ps-of-online-shopping-risk-management-0358444
http://www.business2community.com/finance/the-5-ps-of-online-shopping-risk-management-0358444
APRA releases draft guide on managing data risk
Being on holidays I've only had a very cursory look at the guide, but at first view I'll be giving it a full read. It has a good introduction to what is data and data security, I saw a several paragraphs that will be good to use (full referenced of course) in some of my work.
" The Australian Prudential Regulation Authority (APRA) has today released for consultation a draft prudential practice guide on managing data risk for all APRA-regulated institutions.
The draft Prudential Practice Guide 235 Managing Data Risk (PPG 235) sets out what APRA regards as sound practice in managing the main risks associated with data, which is a key asset for all APRA-regulated institutions. The use of data and its application, retention, storage and security have become highly important with increasing automation and the criticality of data to decision-making. "
http://www.apra.gov.au/CrossIndustry/Consultations/Pages/December-2012-Consultation-PPG-235-Managing-Data-Risk.aspx
" The Australian Prudential Regulation Authority (APRA) has today released for consultation a draft prudential practice guide on managing data risk for all APRA-regulated institutions.
The draft Prudential Practice Guide 235 Managing Data Risk (PPG 235) sets out what APRA regards as sound practice in managing the main risks associated with data, which is a key asset for all APRA-regulated institutions. The use of data and its application, retention, storage and security have become highly important with increasing automation and the criticality of data to decision-making. "
http://www.apra.gov.au/CrossIndustry/Consultations/Pages/December-2012-Consultation-PPG-235-Managing-Data-Risk.aspx
Monday, December 17, 2012
IS Quotes and Aust Incidents Pages Updated
Well I'm trying not to too carried away with formatting and the likes (can't help it I like pretty things). I've updated and cleaned two more pages:
- Security Quotes - Sometimes wisdom can be funny or offensive (maybe to the point is a better way to describe this, but cutting, blunt comments are needed at times when confronted with stupidity and ignorance). The quotes I'm after are along this line;
- Australian Security Incidents - This is my main focus at present and will be update the most frequently. It seems to be an ongoing battle to raise awareness to technical, business, executives that bad things happen more frequently if you don't pay attention to information security. Incidents in context of Australian seems to carry more weight in the discussions.
Labels:
Australian Incidents,
Quotes
Friday, December 14, 2012
Unofficially Information Security
Just starting up with the aim of getting the content fixed in place for the new year.
The main purpose is to store and share some of the information that I use on a daily basis in my Security and Governance business.
The content will not be technical Security but higher level, risk management, policy, standards, privacy and the likes.
The information and sources will be focused on Australian Information Security Practitioners. (New Zealand? considering it)
You are more than welcome to contribute, all contributions will be acknowledged and linked if requested.
Have a safe holiday.
Steve...K.
Subscribe to:
Posts (Atom)