• RSA Conference Marks Cyber-Safety Awareness Month

    by RSAC Contributor on October 1, 2015

    Leading image

    Fall. Football season is in full swing. In Northeastern United States, the leaves are changing colors. Kids are back in school. And this October, RSA Conference is taking part in Cybersecurity Awareness month. As professionals, we talk about privacy and staying safe online every day, but the conversations tend to be in a business context. We discuss ways to make sure our systems are secure, our customer data protected, and employees safe from online adversaries and malware. We don't always get…

  • Network Attacks and Exploitation: A Framework

    by Ben Rothke on October 2, 2015

    The phrase think like a hacker is bandied about incessantly. For most people, they can’t think like a hacker any more than they could think like a podiatrist or a CPA. With that, in Network Attacks and Exploitation: A Framework, (Wiley 978-1118987124), author Matthew Monte has written a great guide that while it won’t help you think like a hacker; it will provide you with the knowledge of how to…

  • Insuring Cyber the Same Way as Natural Disasters

    by Rook Security on September 30, 2015

    There is no doubt that cyberinsurance is a fast-growing product with an important role in our current landscape where security breaches are happening at a breakneck pace. And many claim the market is nowhere near fully saturated...lots of companies remain unprotected. Most every Risk Manager has a disaster plan for what we typically think of as natural disasters: hurricane, fire, even polar…

  • How Much Will That Phishing Trip Cost You?

    by Tony Bradley on September 29, 2015

    Organizations spend a significant amount of money on security tools. All of the firewalls and antimalware solutions in the world, though, offer little protection against a phishing attack that tricks an authorized user into downloading malicious software or compromising credentials. Phishing attacks are becoming more effective and more costly as time goes on. The Ponemon Institute recently…

  • You Can’t Squeeze Blood From a Turnip

    by Tony Bradley on September 23, 2015

    You’ve probably heard the phrase “You can’t squeeze blood from a turnip,” before. The point is that no amount of begging, coercing, pushing, or otherwise coaxing something can yield results if those results simply aren’t possible. Many organizations, however, hand a proverbial turnip to the CISO and expect blood in return. Executive management or the company board have expectations for the CISO. …

  • Augmented Reality Law, Privacy, and Ethics: Law, Society, and Emerging AR Technologies

    by Ben Rothke on September 19, 2015

    The legal field is always catching up to advances in technology. Once of the many examples is the Digital Millennium Copyright Act (DMCA), which only went into effect in 1998. About 7 years after the creation of the world wide web. In Augmented Reality Law, Privacy, and Ethics: Law, Society, and Emerging AR Technologies, author and attorney Brian Wassom provides a forward thinking approach to how…

  • Making The Case For “Small Data”

    by Chenxi Wang on September 17, 2015

    Big Data is a buzzword. Many organizations hitching themselves to the Big Data-wagon amass data quickly in search of unicorn-esque insight, but don’t put much thought into the process. To make matters worse, data, in its various contemporary forms, is readily available. The temptation is high– to collect simply because you can and because it may become useful at some point. We should practice the…

  • Glass Houses are Cheaper: the Case for Transparent Pentesting

    by Wendy Nather on September 16, 2015

    When you engage an external company to do vulnerability assessments and penetration testing, you have a few options on how to scope it. Here are some of them: Win/lose engagement: either they get in, or they don't. In a previous life, I bought pizza for the consultants if they got in during the annual pentest. For four years I bought pizza, and then in the fifth year my wallet finally got a break. …

  • What Do Companies Expect From a CISO?

    by Tony Bradley on September 15, 2015

    The role of CISO is an important one. It must be. It has Chief right in the title. The question, though, is what exactly does a company expect a CISO to do? You can’t meet or manage expectations if you don’t know what they are, and there’s a good chance you won’t keep your CISO job very long if you can’t meet expectations. A CISO is responsible for securing and protecting information assets but…

  • Taking Responsibility for Information Security

    by Tony Bradley on September 9, 2015

    It’s impossible for any one person to manage every aspect of securing the network, endpoints and data of an entire organization. The top of the security chain of command in most cases is the Chief Information Security Officer, though, so ultimately that responsibility falls on the shoulders of the CISO. Security is everyone’s job. Each and every employee within a company has to have some basic…

  • InfoSec People Are Doing It For Themselves

    by RSAC Contributor on September 8, 2015

    I founded Peerlyst as a no-spin zone where the information security community can share real-world experience, coming up with solutions to common (and not-so-common) problems. To my delight, that’s exactly what’s been happening—and we announced an exciting milestone earlier this month. PeerSource Budget is a crowdsourced tool that gives InfoSec professionals powerful new capabilities for…

This document was retrieved from on Tue, 06 Oct 2015 16:15:11 -0400.
© 2015 EMC Corporation. All rights reserved.