Blogs

  • Digital Forensics for Handheld Devices

    by Ben Rothke on September 24, 2012

    Today’s handheld device is the mainframe of years past. An iPhone 5 with 64 GB of storage and the Apple A6 system-on-a-chip processor has more raw computing power entire data centers had some years ago. With billions of handheld devices in use worldwide, it is imperative that digital forensics investigators and others know how to ensure that the information contained in them, can be legally…

  • Preview - Everyday Cryptography: Fundamental Principles and Applications

    by Ben Rothke on September 19, 2012

    For those studying for the CISSP exam, the (ISC) ² Common Body of Knowledge (CBK) domain that is most intimidating to many people is definitely cryptography. With that, Everyday Cryptography: Fundamental Principles and Applications is a reference that can minimize feat of cryptography. The book assumes that the reader has no prior knowledge of cryptography and requires almost no prior knowledge of…

  • CISSP for Dummies

    by Ben Rothke on September 14, 2012

    The CISSP is the most popular and arguably most valuable information security certification. While SANS GIAC certifications are technically more intensive, the CISSP is the 900-pound gorilla of information security certifications. For those looking for a CISSP review guide, CISSP for Dummies, despite its title, is a worthwhile reference. The book provides a thorough overview of the (ISC) ² Common…

  • New Amendments to the Vermont Breach Notification Law

    by Stephen Wu on September 10, 2012

    Vermont recently amended its security breach notification law with a number of changes. Included in the amendment are changes to the definition of "security breach," guidance on determining whether a breach has occurred, a 45-day deadline for notification, and a requirement of notifying the attorney general of a breach. The legislation, H.254, became Act 109 following the governor's signature. For…

  • Industrial Network Security: Securing Critical Infrastructure Networks for Smart Grid, SCADA, and Other Industrial Control Systems

    by Ben Rothke on September 4, 2012

    The Stuxnet computer worm of mid-2010 was a huge wake-up call for the energy industry. It also catapulted SCADA from an obscure term to the forefront of industrial security. But nearly two years later, it is unclear if the energy sector is adequately prepared for sophisticated information security threats. For those looking to get a handle on how to effectively secure critical infrastructure…

  • Is Application Whitelisting the Answer for a More Secure Critical Infrastructure?

    by Gib Sorebo on September 4, 2012

    For the last couple years, as anti-virus has continued to fail us with a detection rate often in the single digits, many have suggested that a better approach would be to not focus on the bad but on the good. The objective would be to identify what normal is and alert on everything that is not normal. While that is still a tall task, it is often an easier one than to identify every possible piece…

  • Preview - Digital Forensics for Handheld Devices

    by Ben Rothke on August 30, 2012

    Today’s handheld device is the mainframe of years past. The raw computing power and stored memory found in a BlackBerry, iPhone, digital camera or GPS dwarfs that of computers from years ago. With billions of such devices in use, it is imperative systems administrator, forensics investigators and others know how to ensure that the information contained in them, can be legally preserved if needed. …

  • Preview - The Computer Incident Response Planning Handbook: Executable Plans for Protecting Information at Risk

    by Ben Rothke on August 27, 2012

    Computer security incidents are not a matter of if; rather when. The function of having an incident response (IR) plan is to provide guidance to staff, both technical staff and management, on how to quickly and effectively recovery from the information security incidents. An IR plan is also needed to ensure staff responds in a systematic manner to incidents, rather than everyone doing things in an…

  • Illustrated Guide to Home Forensic Science Experiments: All Lab, No Lecture

    by Ben Rothke on August 22, 2012

    While the Illustrated Guide to Home Forensic Science Experiments: All Lab, No Lecture is not a pure play information security book, it’s likely that anyone interested in information security will find this a fascinating read. The book is written for anyone, from responsible teenagers to adults who want to learn about forensic science by doing real, hands-on laboratory work. While the tools for…

  • Smart Cars and eDiscovery

    by Stephen Wu on August 16, 2012

    I heard an interesting radio show on NPR the other day. Auto manufacturers are rolling out the next generation of cars that try to implement the lessons the phone manufacturers learned from Apple, Google, and others. Let's put screens on cars, and give them apps, they say. Let's do for the car what iOS and Android did for phones and tablets. Cars dashboards should have apps, just like any other…

This document was retrieved from http://www.rsaconference.com/blogs on Wed, 23 Apr 2014 15:33:09 -0400.
© 2014 EMC Corporation. All rights reserved.