Blogs

Showing Blog Posts: 1–10 of 14 by Fahmida Y. Rashid

  • Around the Web: Backoff, Online Payments, Security

    by Fahmida Y. Rashid on October 24, 2014

    Data breaches, point-of-sale malware, and payment card security were among the hottest topics this week. Information security professionals have to sift through and absorb a lot of information throughout the week, including news reports, survey results, threat advisories, and security warnings. That's just the beginning. Don't forget breaking research, insightful blog posts from other security…

  • Risk Assessments Critical for Budget Planning

    by Fahmida Y. Rashid on October 22, 2014

    Planning for next year's budget is stressful for everyone involved, but information security professionals have the added challenge of translating their requests into business risks to get senior management buy-in. Understanding how the threats and gaps in protection map to business risks will help streamline the first round of budget planning. It is critical that you perform a full risk…

  • Cyber Security Awareness Month: Engage Your Users

    by Fahmida Y. Rashid on October 21, 2014

    Security professionals should take advantage of Cyber Security Awareness Month to spotlight security initiatives within their organization. Use this month to get the board and C-suite to think about security. This is also a good time to demystify security for your end users. The Department of Homeland Security has conducted a series of events every year in October since 2004 to improve security…

  • Making Room for Security Training in Your Budget

    by Fahmida Y. Rashid on October 13, 2014

    When there are so many security threats demanding our attention and initiatives needing funding, it can be difficult to decide how to allocate the security budget. Security awareness training goes beyond preventing some attacks to improving an organization's overall security posture. Over the past few months, we've seen attackers increasingly relying on phishing and other social engineering…

  • News Pick: TUAW Explains Apple Pay

    by Fahmida Y. Rashid on October 8, 2014

    If you are at all interested in Apple Pay and how it works, make sure to check out the thorough writeup examining the security behind the technology by Yoni Heisler over at The Unofficial Apple Weblog. Heisler spoke with a few individuals involved with the development of Apple Pay to understand how the mobile payment technology works and to determine whether it's secure. One takeaway from the…

  • Getting the InfoSec Budget You Need

    by Fahmida Y. Rashid on October 1, 2014

    There is a tongue-in-cheek saying that goes something like this: How do security professionals get the security budget they want? Wait for a data breach. It's a sad state of affairs that there is a grain of truth to this poor joke. This month, we explore how security professionals can tackle budget planning for next year. Security spending as a percentage of the overall IT budget has remained…

  • Take Steps to Deal With Bash Bug "Shell Shock" Now

    by Fahmida Y. Rashid on September 25, 2014

    It’s bad enough that many IT security teams are still dealing with the effects of the Heartbleed vulnerability in OpenSSL, but now they also have to handle Shell Shock, a vulnerability in the widely used command interpreter Bash. The flaw is present in how Bash sets environment variables and allows attackers launch remote code injection attacks to hijack the vulnerable machine. Threatpost does a…

  • Does Size Matter in a Data Breach?

    by Fahmida Y. Rashid on September 22, 2014

    Cyber-criminals stole approximately 56 million cards in a five-month attack against Home Depot's point-of-sale systems, the home improvement giant said last Friday. Many media reports honed in on the fact that the breach was larger than the attack that hit Target last year, where 40 million credit and debit cards were stolen. "56 million cards may not be as big as the huge Heartland Payment…

  • Compliance is Not Supposed to be Security

    by Fahmida Y. Rashid on September 17, 2014

    With all the high-profile data breaches at major retailers over the past few months, it’s really tempting to write off PCI DSS as being ineffective. It’s clearly not working, since the security standard clearly didn’t protect these companies from attack. Then again, perhaps we are looking at the standard all wrong. Businesses—and often auditors—measure their security effectiveness against PCI DSS…

  • Thinking About Compliance in September

    by Fahmida Y. Rashid on September 5, 2014

    Compliance is one of those never-ending things. If the organization is not in the middle of an audit, then it is either reviewing its results or preparing for an upcoming one. That isn’t a bad thing, since the point is to be always compliant, not just sometimes. Unfortunately, compliance has a bad reputation because those regulatory activities can be so time-consuming. It may be frustrating to…

This document was retrieved from http://www.rsaconference.com/blogs/by/145/rashid on Fri, 31 Oct 2014 13:44:47 -0400.
© 2014 EMC Corporation. All rights reserved.