Menu

Blogs

  • Treat Yourself to a SPA, Not a Pen Test

    by Rook Security on August 27, 2015

    Leading image

    A lot of companies are asked to do a pen test by their clients, because they think a pen test will let them know if their business partner’s technology is “secure” against cyber threats. The scan happens. The areas that need to be fixed are fixed. And the client feels warm and fuzzy inside. However, this feeling is misleading as the company isn't necessarily more secure— all it says is that you found some technical vulnerabilities and that you are going to fix them (or have fixed them). But it…

  • Introduction to Social Media Investigation

    by Ben Rothke on August 28, 2015

    Had you Googled social media investigation a decade ago, you would have gotten a handful of responses. Today, it has become a key part of law enforcement, family law and more. Social media played predominantly in the terrible murder last week of journalists Alison Parker and Adam Ward. Law enforcement poured over the social media profiles of the perpetrator. In Introduction to Social Media…

  • Security Metrics to Drive Change

    by Tony Bradley on August 24, 2015

    What’s the point, really? You've dedicated terabytes of storage to capture insane volumes of log data, but for what? Yes, you can distill the highlights which make you look good and drop them in your reports. Be warned that those types of vanity metrics don’t provide any real value. Use the right security metrics in the right way, and you can clearly illustrate the issues. And that's how you…

  • If You Don't Know Where You Are, How Do You Know Where You Are Going?

    by Tony Bradley on August 21, 2015

    Business intelligence and big data analytics are valuable tools for organizations. Collecting and analyzing the right metrics related to current and past performance helps businesses develop effective plans for the future. This is especially true when it comes to securing your network and protecting your data. Think of it like making a trip to the grocery store. You can just walk in and shop. You…

  • The Code Book: The Science of Secrecy from Ancient Egypt to Quantum Cryptography

    by Ben Rothke on August 19, 2015

    It’s not clear who first uttered the quip: Of course I can keep a secret. It's the people I tell it to that can't. But what’s clear is that there are plenty of times when it’s a matter of life and death to ensure that secrets remain undisclosed. In The Code Book: The Science of Secrecy from Ancient Egypt to Quantum Cryptography, author Simon Singh reveals the often hush-hush world of the science of…

  • What Black Hat and the NFL Have in Common: Strategy

    by Eric Cowperthwaite on August 19, 2015

    This time of year is a merging of two of my favorite things, Hacker Summer Camp aka BSidesLV, Black Hat and DefCon, and the beginning of the football season. On the surface it might not appear that these things have a lot in common. However, a bit deeper analysis tells us that the strategies employed by your security team and your favorite football team revolve around many of the same principles…

  • Change Your Gears

    by Securosis Team on August 17, 2015

    I'm a cyclist. Not necessarily a very good one, but I can hold my own in the middle of the pack. On group rides you always have the person who locks into a gear and sticks with it. Their pedaling cadence slows on hills, speeds up on inclines, and they don't really shift a lot. It isn't overly efficient, especially compared to the pro-level riders who keep a constant cadence and work the shifter…

  • A Note on #CISOProblems

    by Eric Cowperthwaite on August 11, 2015

    What is it about this time of year? In the past month or so I’ve noticed even more headlines and reports than usual about the problems plaguing today’s CSOs and CISOs. If you’ve somehow managed to dodge the onslaught of grim stats, I’ll sum it up for you: The “bad guys” are proliferating and becoming more sophisticated. Security managers are having a hard time getting enough “good guys” on their…

  • CISO Guide to Being an Effective Security Leader

    by Fahmida Y. Rashid on August 10, 2015

    With all the data breaches and security headlines of the past year, it was inevitable that the role of the CISO would become much more visible. Organizations are increasingly hiring CISOs or creating senior-level security positions, but there is still a lot of confusion about what a CISO actually does. The job description has changed from mitigating exposure and securing the perimeter, to one of…

  • A Vendor's View of the RSA Conference: U.S. vs. Asia-Pacific Japan

    by RSAC Contributor on August 7, 2015

    This post comes from Stephen Cavey, director of corporate development for Ground Labs. Ground Labs was a sponsor and exhibitor for both RSA Conference USA and RSA Conference APJ this year. Below are his thoughts on both conferences. Conferences provide the ideal venue to directly engage your clients, as well as connect with members of the same industry. And when it comes to IT security…

  • Digital Identity Management

    by Ben Rothke on August 6, 2015

    Digital identity management is a broad term; but when applied to information security, refers to identifying users with a network, application or system and controlling their access to resources within those systems and applications. An interesting point made early in Digital Identity Management (Elsevier 978-1785480041) is that French Interest users averaged 16.4 digital ID’s in 2013; which is up…

This document was retrieved from http://www.rsaconference.com/blogs on Mon, 31 Aug 2015 17:42:48 -0400.
© 2015 EMC Corporation. All rights reserved.