Category Archives: Press Release

August 2014 Newsletter


August 11, 2014

Table of Contents:
• A CIO’s Approach to Developing a Security Framework 101
• Penetration Testing Applications
• Practical Security: Browser Security Settings
• Upcoming Events
• Achieving Comprehensive PCI DSS 3.0 Compliance
• The SG Community

Web Version: http://securusglobal.createsend1.com/t/ViewEmail/j/513E2918A2BFF01D

A CIO’s Approach to Developing a Security Framework 101

One of the biggest questions we always get asked by CIOs and other senior business management in regards to Information Security and IT Risk Management is where to begin. Do you focus on purchasing security tools first, developing policies and standards or getting an audit done and working from the results of that audit?

From our experience, while all of the above can assist in some way, developing a framework about how you will think about your security position is the number one priority before you make a major investment in tools, your staff’s time or the costs of hiring consultants. You may find that a lot of the costs you estimated originally may not be needed. Continue reading

Achieving Comprehensive PCI DSS 3.0 Compliance


August 07, 2014

It’s not news that any entity that processes, transmits or stores account data, or can impact the security of cardholder data environment, is required to be compliant to PCI DSS 3.0. However, the business benefits of the security framework — a more secure network, protection of corporate brand and reputation, reduced risk of successful data breaches and network attacks — can easily be overshadowed.

Tripwire (a long time parter of Securus) combines the power of configuration control and deep file integrity monitoring (FIM) with comprehensive log and security information event management capabilities to help deliver continuous and unmatched PCI DSS compliance. The above white paper serves as a useful guide for security personnel who want to learn how Tripwire® Enterprise, Tripwire Log Center® and Tripwire IP360™ could assist in meeting PCI DSS requirements. Qualified Security Assessors (QSAs) might find this document useful as well, as it highlights the areas of the PCI DSS requirements that can be verified and met by those solutions.

Download whitepaper here: http://www.tripwire.com/register/pci-dss-compliance-with-tripwire-solutions-a-witham-pty-ltd-whitepaper/

July 2014 Newsletter


July 09, 2014

Includes the latest from the Securus Newsroom, Partner Updates, Community Engagement, Tech Talk, Career Ops and more.

View as PDF here: https://securusglobal.createsend.com/reports/viewCampaign.aspx?d=j&c=8529664D569F40FB&ID=C09E8E4AF5539137&temp=False

You can also subscribe to our newsletter: http://www.securusglobal.com/subscribe/

 

Penetration Testing in Australia

It is always interesting to look at theoretical investment being made by companies in Australia. Based upon our experience, the assumptions made in a recent analysis by Nick Ellsmore, are in our opinion realistic. Read full article here: http://www.dellingadvisory.com/blog/2013/4/5/penetration-testing-market-analysis-where-is-all-the-revenue

Should you be using this as your guide to your own strategy in regards to penetration testing? Well that depends on your own circumstances, your risk tolerance assessed against those assets and the overall potential impact to you in case of a breach. (Related to your risk assessment and that risk tolerance level).

Taking aside the financial aspect in terms of costs of penetration testing across the board, a key factor for consideration, based on Securus Global’s own 10+ years of experience in this market, is that 95% of web applications we test for the first time have major to critical vulnerabilities in them. If even only 50% of those applications were already in production before we tested them, (with the actual figure higher), that equates to an alarming number of websites in Australia (and globally given those statistics do not differ for our international clients), being insecure and open to compromise, if they haven’t been compromised already.

It’s clear that a great deal of Australian business do not have an effective security assurance program in place. With cyber crime on the rise and media reporting of breaches increasing exponentially, it doesn’t present a confident picture of cyber security in Australia, nor globally. Continue reading

April 2014 Newsletter


April 01, 2014

We hope you enjoy reading the case studies in this months newsletter.
We’ve included a variety of articles to appeal to the range of our stakeholders, from the technically minded to the executive levels and everything in between. Eg:

* Board communications security and the move to mobile technologies
* How I got root with Sudo
* Security Pitfalls of a Shared Portal
* Tripwire – Security Configuration Management
* Securus Global – Community

Read more: http://createsend.com/t/j-F7BCBF3C4D9881A9

March 2014 Newsletter


March 05, 2014

This months edition is jam packed full of articles, including:

* Testing New Technologies – Smoke Detection, Alarms, CCTV etc.
* Cracking .NET Membership Password Hashes
* The “most asked question” – What should companies do to minimise their security risks?
* Upcoming Events – Breakfast Brief
* Mitigate DDoS Attacks with Cloud & On-Premise DDoS Protection
* 5 Critical Steps of a Complete Security Risk & Compliance Lifecycle
* What makes good application security knowledge?
* New Securus Global Social Engineering Services
* Industry Round-up
* Securus Global – Community

Read more: http://createsend.com/t/j-F0F44592233EF9CA

January 2014 Newsletter


January 28, 2014

A Happy New Year to all our clients and friends. May 2014 be a good one for you.
Welcome to our first newsletter of the year. This month, we’re covering the following:

  • The Target Breach – A case study of being compromised
  • “Dumping” Windows Credentials
  • New Social Engineering Services
  • Securus Global – Client Workshops
  • Partner Updates
  • Industry Roundup
  • Securus Global joins PS&C Group

Read full newsletter here: http://createsend.com/t/j-01AF5AAFF2E539AC

The Anatomy of a Security Breach.


January 16, 2014

Securus Global’s approach to minimising your risks…

By now, you have probably read about the Target security breach: (Nothing new… this happens all the time).
http://www.marketwatch.com/story/traffic-at-target-stores-down-after-data-breach-2013-12-22-174855718?reflink=MW_news_stmp
http://www.usatoday.com/story/money/business/2013/12/22/target-breach-suits-and-investigations/4167977/

At Securus Global, we are frequently asked by our clients how hackers compromise companies and in turn, what can be done to minimise the risk of it happening to their own organisation.

By hiring the likes of Securus Global to test your systems in testing, pre-production and/or post production, we’ll be able to highlight any potential exposures you have and issue advice on how to fix them and ways to make you more resistant to such breaches all together.

Better yet, we would rather help you be in a position that your risks are identified beforehand, or even not to be there in the first place.

This is why in early 2014, we’re offering client workshops to explain the anatomy of such attacks and how the hackers are attaining this information from your companies.

These are 1-2 hour informal sessions (no cost), where we talk about what we have seen in the last 10 years, how the attacks are planned and take place but most importantly, what you can do to minimise the chances of this happening to your company. Continue reading

December 2013 Newsletter


December 05, 2013

Our latest newsletter is now available!
http://createsend.com/t/j-D0CABFE16B8020AB

Featuring:

  • Bang for Bucks Security Investment
  • The Death of New Services and Consumer Confidence
  • Social Engineering – Should you test?
  • Framework for Security Standards
  • The “Act” of Privacy – A 10 minute guide to becoming an expert…
  • Qualys Webex Training – Vulnerability Management
  • Industry Roundup
  • Securus takes on MOvember!

June 2013 Newsletter


June 23, 2013

Check out our latest Securus newsletter to see what’s been happening in the security sphere. From mandatory disclosure of data breaches, to vulnerability management, a review of penetration testing to changes in the PCI standards, in this issue, there is something of interest for everyone!

http://createsend.com/t/j-A842B2EA4BEC2ADB