Blogs

  • Who is Leading the Discussion on Information-Sharing and How can it be Transformed?

    by Kathleen Moriarty on February 12, 2014

    I’d like to end this series with thoughts on options for transforming information sharing to drive scalable solutions that have the potential for a broad impact using the few skilled resources that exist. In the current wave of information-sharing efforts, discussions are typically led by those with the resources to manage or participate in sharing initiatives or sponsors of those efforts. This…

  • Another (Almost) Target Lesson: Securing Control System Networks to Protect the Enterprise Side Works Too

    by Gib Sorebo on February 10, 2014

    In this column and elsewhere, we’ve seen plenty of exhortations to make sure that control system networks are sufficiently isolated from corporate networks so as to prevent infiltrations from finding their way to the more sensitive and “more important” parts of the organization. For those delivering electricity, pumping oil, or whipping up batches of hazardous chemicals, it is critical that…

  • RSA Conference 2014: Moscone North, South and West

    by Linda Gray on February 7, 2014

    You may have seen in the RSA Conference newsletter this week, that this year, the Conference is taking place in all 3 Moscone Center buildings – North, South and West. For those of you who have been to the Conference before, you’ll notice some changes to where sessions, activities and events are taking place. So read-on for a high-level, quick-reference guide about what’s taking place where. …

  • Customer Privacy: The Surprising Driver of Today's Massive Vendor Security Movement

    by John Linkous on February 6, 2014

    Within recent weeks, a plethora of vendors have announced massive security changes to their products and platforms. From Google's migration of all web certificates to 2048-bit encryption keys to Twitter's implementation of session-specific encryption keys via forward secrecy, vendors are rapidly implementing security controls across their infrastructure, often at substantial cost. The driver…

  • Information Sharing Post-Snowden, What Changes?

    by Kathleen Moriarty on February 5, 2014

    For this second piece in the series, I’d like to highlight the use of threat modeling to determine the best options to exchange intelligence on the wire. There is no single answer as to how we address the challenges we now face as security professionals with the stream of revelations post-Snowden. We need to determine what is the balance for protecting a nation versus the need for tighter…

  • When Security Policies Collide With Business Realities

    by Christopher Burgess on February 4, 2014

    Horror stories abound about the wayward employee who ignored the established information security policies in an effort to get the job done. The employee didn't mean to put the company at risk, but that's exactly what happened. In situations like this, the employee is likely caught in the switches between the information security policies of the company and the goals and expectations of his…

  • New California Do Not Track Legislation

    by Stephen Wu on February 3, 2014

    Under California’s Online Privacy Protection Act (OPPA) of 2003,[1] California law requires commercial websites or online services that obtain personally identifiable information about California consumers to conspicuously post their privacy policies. “Personally identifiable information” includes a first and last name, address, email address, telephone number, social security number, or any…

  • “Keeping Up with the Joneses” May Not Mean Keeping Up With Security

    by Gib Sorebo on February 3, 2014

    As a cybersecurity consultant, I’m often asked by customers how they compare with their peers in the industry. This can vary from requests for simply anecdotal comparisons of products used to a full-fledged benchmarking of their entire cybersecurity program. Either way, it’s clear that aligning practices and spending with peers is important to many, particularly among critical infrastructure…

  • The Art of the Data Center: A Look Inside the World's Most Innovative and Compelling Computing Environments

    by Ben Rothke on February 3, 2014

    At first glance, The Art of the Data Center: A Look Inside the World's Most Innovative and Compelling Computing Environments appears like a standard coffee table book with some great visuals and photos of various data centers throughout the world. Once you get a few pages into the book, you see it is indeed not a light-read coffee table book, rather an insightful book where some of the brightest…

  • What the Target Breach Teaches Us About Standards, Regulations, and Critical Infrastructure

    by Gib Sorebo on January 30, 2014

    The recently disclosed security breach of Target’s® point of sale terminals and related infrastructure is likely a lesson on the limitations of standards and regulations to adequately protect sensitive information and critical systems despite the political piling on that traditionally visits a high-profile data breach. However, absent some newly discovered evidence of incompetence, the Target…

This document was retrieved from http://www.rsaconference.com/blogs on Wed, 23 Jul 2014 03:20:49 -0400.
© 2014 EMC Corporation. All rights reserved.