Blogs

Showing Blog Posts: 1–10 of 17 by John Linkous

  • The Future Is Now: Threats That Were Never Supposed to Happen Are Here

    by John Linkous on July 29, 2014

    Recently, I took the opportunity to install the latest version of Pwnie Express's Pwn Pad 2014ce on my Google Nexus 7 tablet. For those who aren't familiar with the Pwn Pad, it's a modified version of the Kali Linux distribution that provides a complete, walking environment for detecting and—as a white-hat only, of course—testing information security threats. While the Pwn Pad is a great mobile…

  • Upping the Ante: Security in Mobile Health Care Devices

    by John Linkous on July 24, 2014

    You might wonder what mobile healthcare has to do with Stuxnet. A few years ago when the Stuxnet malware first hit, a client asked me to provide an overview of why it was different than the other malware that came before it. At the time, my first inclination was to do exactly that: write up a nice, brief assessment of how Stuxnet was the first tangible evidence of malware affecting "real world"…

  • Supply Chain Security: What It Means on a Global Level

    by John Linkous on July 18, 2014

    Take a good, long look at your smartphone. While there is a big vendor name on the outside, if you were to open up its case, you would find several other vendor labels on various components: capacitive touchscreens; video and audio ASICs; Bluetooth and WiFi hardware; and individual capacitors, resistors, and other electronics gear building blocks, to name just a few, all of which are manufactured…

  • The Challenge of Mobile Forensics

    by John Linkous on July 14, 2014

    At RSA Conference 2014 in San Francisco, Andrew Hoog and the viaForensics, Inc., team presented "Mobile Analysis Kung Fu, Santoku Style." A highly informative presentation, Andrew and a viaForensics engineer, Sebastian Selma, gave a thorough overview of the mobile device security black art of forensics. While the practice of data forensics is difficult enough on a desktop or laptop computer, …

  • Risky Business: Changing Models for Information Risk Management

    by John Linkous on July 10, 2014

    For many years, information risk management (IRM) has been an evolving discipline. Never having been quite as advanced as financial or operational risk-modeling capabilities within the enterprise, IRM has often been relegated to a more esoteric, simplistic role in organizations. At this year's RSA Conference 2014 in San Francisco, however, the evolving—and improving—maturity of IRM in the…

  • When Apps Attack! What Is – and Isn't – Application Security

    by John Linkous on July 2, 2014

    One of the most interesting subjects at RSA Conference 2014 was the defense of software code, in all its many forms. While many of the developer-centric tracks and sessions were heavily focused on eliminating flaws within code, one of the key messages that crossed the boundary of speaking events is the idea of what is—and is not—application security. Black-box testing of apps is a fascinating…

  • Blurring the Lines: How CISOs Become True Business Leaders

    by John Linkous on June 25, 2014

    It was interesting to note that this year's RSA Conference 2014 focused on the CISO leader, and how CISOs and other security professionals can expand their roles throughout the organization. The first full day of the conference included a half-day session discussing the many aspects of business that affect CISOs, from audits to understanding employee behavior and dealing with Boards of Directors. …

  • Security Decisions: Changing the Way We Buy Security in the Enterprise

    by John Linkous on June 20, 2014

    When you hear the words "security product procurement," what's the first thing that pops into your head? Many enterprise customers who make security decisions for evaluating and purchasing technology often first think of the competitive landscape: How does one vendor's product compare to another? While this approach has been used since the dawn of commercial security products, there's a better…

  • Tough Times for Security on the Internet of Things

    by John Linkous on June 16, 2014

    You've just returned home from a two-week Caribbean vacation. You're tanned, well-rested, and happy. You even got the bump to first class on your flight back home. Everything is great. As the plane lands and you turn on your smartphone, you connect to the "Internet of Things" via your home appliance app, to set the correct temperature in the house and turn on the outside lights. The funny thing…

  • Choose, but Choose Wisely: What Skills Does a CISO Really Need?

    by John Linkous on June 9, 2014

    The role of the CISO has shifted dramatically in the past ten years. Almost 20 years ago, in the early years of the information security officer role, the person who filled that position was focused on the very basics of security: antivirus, firewalls, and file system access control. At the time, there were no data security laws like HIPAA, no industry standards such as PCI or NERC, and no best…

This document was retrieved from http://www.rsaconference.com/blogs/by/102/linkous on Tue, 29 Jul 2014 20:55:56 -0400.
© 2014 EMC Corporation. All rights reserved.