Blogs

  • “Keeping Up with the Joneses” May Not Mean Keeping Up With Security

    by Gib Sorebo on February 3, 2014

    As a cybersecurity consultant, I’m often asked by customers how they compare with their peers in the industry. This can vary from requests for simply anecdotal comparisons of products used to a full-fledged benchmarking of their entire cybersecurity program. Either way, it’s clear that aligning practices and spending with peers is important to many, particularly among critical infrastructure…

  • Cyber Attacks, as Real as They Get

    by John Linkous on January 30, 2014

    Once again, the fundamental nature of the Internet is changing. Moving far beyond the original scope of the Internet, in the early 1990s, the World Wide Web dramatically changed its purpose. We now find ourselves on the cusp of yet another dramatic change, as the Internet of computers gives way to an Internet of things. Unfortunately, that concept also means that this relatively new phase of the…

  • What the Target Breach Teaches Us About Standards, Regulations, and Critical Infrastructure

    by Gib Sorebo on January 30, 2014

    The recently disclosed security breach of Target’s® point of sale terminals and related infrastructure is likely a lesson on the limitations of standards and regulations to adequately protect sensitive information and critical systems despite the political piling on that traditionally visits a high-profile data breach. However, absent some newly discovered evidence of incompetence, the Target…

  • Driving Towards More Effective Sharing Models

    by Kathleen Moriarty on January 29, 2014

    The ask from this blog series is for experts to engage in discussions that drive the adoption of effective operator-driven sharing models that leverage our small number of skilled threat analysts. The purpose of this line of thinking is not to drive adoption of open and international standards over US Government funded efforts, but rather to get people to think critically and push toward better…

  • Data Leakage: The Human End-Around to DLP

    by Christopher Burgess on January 28, 2014

    The old adages "still water finds its own level" and "moving water finds a path of least resistance" both have applicability when we think of data leakage and employees' engagement with data loss prevention (DLP) processes, policies, procedures, and software. With still water, data is at rest; with moving water, your data in transit. There are also two types of employees: Those who are trying to…

  • Brainstorming and Beyond: A User-Centered Design Method

    by Ben Rothke on January 26, 2014

    At first glance, brainstorming seems like ice, in that you really don’t need an instruction manual to make it. But that is clearly not the case, as Chauncey Wilson writes in Brainstorming and Beyond: A User-Centered Design Method. The book shows that brainstorming can be most successful and productive when the facilitator knows the proper techniques for getting the most out of the participant’s…

  • Continuing Your Education at RSA Conference

    by Jeanne Friedman on January 24, 2014

    Getting Credit for Sessions at RSA Conference The following is a transcript of my podcast on CE Credits. There are numerous ways to obtain Continuing Education Credits at RSA Conference 2014. RSA Conference partners with many associations that not only provide credits but also great sessions and events. I will now detail what you need to do for (ISC) 2 , ISACA, IAPP, GIAC, the ABA as well as how…

  • Security Awareness? "Once and Done" Does Not Teach Awareness

    by Christopher Burgess on January 23, 2014

    A new employee shows up on day one and walks through his ID card briefing, compensation and benefits brief, and security brief, meets his new team and manager, and tries to retain all the information rushing out at him via the orientation fire hose. All boxes checked, the employee is good to go, and the security team notes that 100 percent of all new employees continue to receive security…

  • Meeting Your Peers, Colleagues and Friends at RSA Conference

    by Linda Gray on January 22, 2014

    We consistently hear that one of the main reasons people attend RSA Conference is to meet people and make industry contacts. To help facilitate those interactions there’s a number of special events during the Conference and I wanted to take a minute to highlight some of them to you. Monday February 24th Orientation If you’ve never been to RSA Conference before, then come along to our Orientation…

  • 5 Tips for Handling Compromised Customer Data

    by Christopher Burgess on January 21, 2014

    Rarely does a week go by when you don't hear or read of a data breach and the accompanying loss of customer data or client personal identifying information (PII). Having a data breach plan in place that provides an honest, direct, and customer-centric solution will go a long way toward retaining the customers or clients affected. Though no one ever wants these things to happen, data breaches do…

This document was retrieved from http://www.rsaconference.com/blogs on Thu, 24 Jul 2014 17:40:01 -0400.
© 2014 EMC Corporation. All rights reserved.