Menu

Blogs

  • Cybercrime: The Computer Hacking Persona Debunked

    by Robert Moskowitz on December 29, 2014

    Leading image

    Popular media is filled with stories of computer hackers —young, male, nerdy college dropouts who are not very social—and their hacking activities. However, reports show that hackers are actually a wild and crazy bunch and far more diverse than most people suspect. They are quite social in certain settings. What's more, within these social circles, advanced knowledge of computers and software technology is highly prized, much admired, and the key to popularity and friendship. The power of these…

  • The best information security book of 2014 and some other excellent ones

    by Ben Rothke on December 29, 2014

    There were a lot of good information security book that came out in 2014, and many that were not worth reading. The following book stand out as the best, followed by a number of other superb titles, listed in no particular order: Measuring and Managing Information Risk: A FAIR Approach - Authors Dr. Jack Freund and Jack Jones have written a magnificent book that will change the way (for the…

  • Lockdown: Information Security Threats on the Edge of 2015

    by John Linkous on December 26, 2014

    As we look forward to 2015, this is a good time to take stock of how the information security threats and attack landscape have been changing. Let’s see: major data breaches at global, brand-name organizations, state-sponsored hacking activity, revelations of our own government's attempts to access personal data. It would be easy to proclaim 2014 as the "Year of the Security Threat," but that's…

  • Network Intrusion: Methods of Attack

    by Robert Moskowitz on December 25, 2014

    A network intrusion is any unauthorized activity on a computer network. Detecting an intrusion depends on the defenders having a clear understanding of how attacks work. In most cases, such unwanted activity absorbs network resources intended for other uses, and nearly always threatens the security of the network and/or its data. Properly designing and deploying a network intrusion detection…

  • The Muddled State of Security Standards

    by John Linkous on December 22, 2014

    One of my favorite quotes—attributed to either Admiral Grace Hopper or computer science professor Andy Tanenbaum—goes something like this: "The nice thing about standards is that there are so many to choose from." It’s true in the information security world, too. Standards, Standards Everywhere! Let’s first settle what we mean by security standards. There's no shortage of recommendations on how to…

  • Today's Challenge: Database Security in the Cloud

    by Christopher Burgess on December 19, 2014

    There is more to loud data security than just data security in the cloud. The core product offerings for cloud data storage services (or Cloud Sync and Share as they my be called) include storage, sync, share, view, collaborate, Web and mobile support, and APIs, said Rich Mogull of Securosis. "Without a solid security baseline it really doesn't matter what else the service officers," Mogull wrote. …

  • Fire in the Valley: The Birth and Death of the Personal Computer

    by Ben Rothke on December 18, 2014

    In Fire in the Valley: The Birth and Death of the Personal Computer, authors Michael Swaine and Paul Freiberger provide a thoroughly enjoyable read of the history and development of the PC. As timing would have it, Michael Swain was editor of Dr. Dobb's Journal, which this week announced it would be ceasing publication in 2015 after nearly 40 years in print. The valley in the title is Silicon…

  • Shopping at Breached Retailers This Holiday Season

    by Fahmida Y. Rashid on December 17, 2014

    We are about halfway into the holiday shopping season, and it’s not clear if the retail breaches have affected how consumers are shopping this year. Overall shopper traffic over the Thanksgiving holiday—Thursday to Sunday—dropped 5.2 percent compared to 2013, according to early numbers from the National Retail Federation released earlier this month. There were also a lot of provocative numbers…

  • The Future of Electronic Attacks, and the End of the Network Perimeter

    by John Linkous on December 16, 2014

    JPMorgan Chase was one of the latest Fortune 500 companies to fall victim to an electronic attack in 2014. On Aug. 28, the company said it was the target of a broad-scale attack which, based on its alleged complexity and breadth, may well have been state-sponsored. Bank records were altered and deleted, potentially impacting thousands of bank customers. It also appears that up to seven different…

  • Guidelines for Mobile Computing Security

    by Robert Moskowitz on December 15, 2014

    Mobililty is clearly the future of computing. Smartphones and tablets are more powerful and bring-your-own device is an accepted reality. This raises major security issues, as mobile computing can be readily compromised at the device, network and wireless connectivity levels. The mobile device itself—whether a portable computer, personal digital assistant, laptop, smartphone, tablet computer, or…

  • Three Reasons Why Employees Chafe at Security Policies

    by Christopher Burgess on December 12, 2014

    How often have you heard someone say, "We can't do it that way, because our security policies prohibit . . . " Perhaps they were discussing customer data security and the means to achieve frictionless engagement. Variants of this conversation occur every day, and if you are the chief information security officer (CISO), you need to maintain these policies. Here are three reasons why employees…

This document was retrieved from http://www.rsaconference.com/blogs on Mon, 29 Dec 2014 11:38:33 -0500.
© 2014 EMC Corporation. All rights reserved.