Ian's blog

The DSD has released the 2012 update to the Information Security Manual.

The document has now been broken up into multiple volumes and includes a much more friendly and useful exec summary document, and a much cleaner layout for the principals and control documents. For non-techos the exec summary document provides a good grounding in the issues and Australian conditions. Well worth a read if you are attempting to "sell" information security to government or related agencies.

http://www.dsd.gov.au/infosec/ism/index.htm

I'm sorry folks, I know security can sometimes be a hard sell and can be seen as an expense and task that has little value to the business, that's all part of the job, but its Friday and I have to have a little rant.

I often get asked "What is an ISMS and why would we need one?". For anyone in the security industry this will be a re-ocurring theme and often a major source of frustration as we continually seem to be justifying the cost, the need for or even the existance of a securiy program. To get arround some of these issues I have found that publishing the information below as a training or awareness tool has reduced (never eliminated) the need to spend so much time justifying the existance and reasons for the expendature on security when faced with a compliance requirement.

(or "Help! Someone just asked for my password (and I might have given it to them)!!!)

What is phishing?

‘Phishing’ (as in "fishing" for information) refers to emails that trick people into giving out their personal and banking information; they can also be sent by SMS. These messages seem to come from legitimate businesses, normally banks or other financial institutions or telecommunications providers. The scammers are generally trying to get information like your bank account numbers, passwords and credit card numbers, which they will then use to steal your money or access your computer accounts.