Blogs

Showing Blog Posts: 1–10 of 15 by John Linkous

  • Supply Chain Security: What It Means on a Global Level

    by John Linkous on July 18, 2014

    Take a good, long look at your smartphone. While there is a big vendor name on the outside, if you were to open up its case, you would find several other vendor labels on various components: capacitive touchscreens; video and audio ASICs; Bluetooth and WiFi hardware; and individual capacitors, resistors, and other electronics gear building blocks, to name just a few, all of which are manufactured…

  • The Challenge of Mobile Forensics

    by John Linkous on July 14, 2014

    At RSA Conference 2014 in San Francisco, Andrew Hoog and the viaForensics, Inc., team presented "Mobile Analysis Kung Fu, Santoku Style." A highly informative presentation, Andrew and a viaForensics engineer, Sebastian Selma, gave a thorough overview of the mobile device security black art of forensics. While the practice of data forensics is difficult enough on a desktop or laptop computer, …

  • Risky Business: Changing Models for Information Risk Management

    by John Linkous on July 10, 2014

    For many years, information risk management (IRM) has been an evolving discipline. Never having been quite as advanced as financial or operational risk-modeling capabilities within the enterprise, IRM has often been relegated to a more esoteric, simplistic role in organizations. At this year's RSA Conference 2014 in San Francisco, however, the evolving—and improving—maturity of IRM in the…

  • When Apps Attack! What Is – and Isn't – Application Security

    by John Linkous on July 2, 2014

    One of the most interesting subjects at RSA Conference 2014 was the defense of software code, in all its many forms. While many of the developer-centric tracks and sessions were heavily focused on eliminating flaws within code, one of the key messages that crossed the boundary of speaking events is the idea of what is—and is not—application security. Black-box testing of apps is a fascinating…

  • Blurring the Lines: How CISOs Become True Business Leaders

    by John Linkous on June 25, 2014

    It was interesting to note that this year's RSA Conference 2014 focused on the CISO leader, and how CISOs and other security professionals can expand their roles throughout the organization. The first full day of the conference included a half-day session discussing the many aspects of business that affect CISOs, from audits to understanding employee behavior and dealing with Boards of Directors. …

  • Security Decisions: Changing the Way We Buy Security in the Enterprise

    by John Linkous on June 20, 2014

    When you hear the words "security product procurement," what's the first thing that pops into your head? Many enterprise customers who make security decisions for evaluating and purchasing technology often first think of the competitive landscape: How does one vendor's product compare to another? While this approach has been used since the dawn of commercial security products, there's a better…

  • Tough Times for Security on the Internet of Things

    by John Linkous on June 16, 2014

    You've just returned home from a two-week Caribbean vacation. You're tanned, well-rested, and happy. You even got the bump to first class on your flight back home. Everything is great. As the plane lands and you turn on your smartphone, you connect to the "Internet of Things" via your home appliance app, to set the correct temperature in the house and turn on the outside lights. The funny thing…

  • Choose, but Choose Wisely: What Skills Does a CISO Really Need?

    by John Linkous on June 9, 2014

    The role of the CISO has shifted dramatically in the past ten years. Almost 20 years ago, in the early years of the information security officer role, the person who filled that position was focused on the very basics of security: antivirus, firewalls, and file system access control. At the time, there were no data security laws like HIPAA, no industry standards such as PCI or NERC, and no best…

  • Right-Sizing Information Risk for the Global Enterprise

    by John Linkous on June 4, 2014

    For many years, the most commonly accepted standard model of risk has been the verbatim formula (or a close variation of it): risk = [likelihood of threat] * [consequence of threat] * [asset value] This model is the foundation of most risk management activities; it was a topic in several RSA Conference 2014 sessions, including Malcolm Harkins' "Business Control and Velocity: Balance Security, …

  • Mobile Devices, Cyber Attacks, and the New Frontier

    by John Linkous on May 26, 2014

    As the unrelenting game of attackers versus defenders continues in the world of information security, mobile cyber attacks are becoming a more desirable attack vector for hackers, criminal organizations, and nation-states to gain access to data. The past few years have started to see long-term, concerted campaigns targeting mobile devices, most notably the Red October malware that targeted…

This document was retrieved from http://www.rsaconference.com/blogs/by/102/linkous on Tue, 22 Jul 2014 10:55:28 -0400.
© 2014 EMC Corporation. All rights reserved.