Menu

Blogs

  • Security Risks: Mitigating the Human Element

    by Christopher Burgess on September 30, 2014

    Logs, logs, and more logs: They bury our sys admins charged with protecting our networks. The larger the company, the more data there is to process. Sorting out the false positives from those requiring immediate attention is key. We can do this by focusing on what our users are doing. We are all thankful for the plethora of tools that allows us to consume the myriad of logs and help us, the mere…

  • The Internet of Things: The Death of General Purpose Computing?

    by Gib Sorebo on September 29, 2014

    Ever try to send a text from your laptop while you’re on the go? Theoretically you could with the right hardware and software, but why would you? Laptops aren’t meant to be that mobile or that convenient. The text message, with its 140 character limit, was the quintessential application, and for a while the only one, for cell phones. Similarly, the thought of writing a ten page document on a…

  • Cybersecurity Requires Qualified Personnel

    by Christopher Burgess on September 25, 2014

    The community of cybersecurity professionals is an energetic, creative, and highly sought-after one. It's also incredibly small, with hiringdemands outpacing available supply of professionals. Ask your chief information security officer, chief information officer, or chief security officer if they have all the information security personnel they want, and the answer will be almost always be a…

  • Take Steps to Deal With Bash Bug "Shell Shock" Now

    by Fahmida Y. Rashid on September 25, 2014

    It’s bad enough that many IT security teams are still dealing with the effects of the Heartbleed vulnerability in OpenSSL, but now they also have to handle Shell Shock, a vulnerability in the widely used command interpreter Bash. The flaw is present in how Bash sets environment variables and allows attackers launch remote code injection attacks to hijack the vulnerable machine. Threatpost does a…

  • Bitcoin and the Future of Crypto-Currency

    by John Linkous on September 23, 2014

    Break out your cryptographically-signed digital wallet and lay your bets: Where is Bitcoin going? As perhaps the best-known—but certainly not the sole—crypto-currency around, Bitcoin has certainly seen its share of media coverage in recent months. And like other hot-button subjects, Bitcoin seems to elicit strong reactions both for and against it. Some view it as a universal currency, free from…

  • Targeted Cyber Attacks: Multi-staged Attacks Driven by Exploits and Malware

    by Ben Rothke on September 22, 2014

    Targeted cyber attacks are for the most part the same as an APT (advanced persistent threat). It was last year’s report on APT1 from Mandiant that brought this important information security topic to the forefront. In Targeted Cyber Attacks: Multi-staged Attacks Driven by Exploits and Malware, authors Aditya Sood and Richard Enbody write that there are a few different definitions of what a…

  • Does Size Matter in a Data Breach?

    by Fahmida Y. Rashid on September 22, 2014

    Cyber-criminals stole approximately 56 million cards in a five-month attack against Home Depot's point-of-sale systems, the home improvement giant said last Friday. Many media reports honed in on the fact that the breach was larger than the attack that hit Target last year, where 40 million credit and debit cards were stolen. "56 million cards may not be as big as the huge Heartland Payment…

  • Data Privacy in the 21st Century

    by Robert Moskowitz on September 18, 2014

    Privacy impacts both the quality of life and business success. In today's highly automated and digitized world, the concept of "privacy" effectively boils down to data privacy.Simply put, you want to be able to keep certain information from being shared (voluntarily or involuntarily) with others. Although the word "privacy" does not appear in the United States Constitution, the Supreme Court has…

  • Mythbusters: RSAC Edition Part 2

    by Britta Glade on September 17, 2014

    In our last post we looked at RSA Conference myths that typically get associated with our call for submissions process. Here are a few more bubbles we’re more than happy to burst! Myth: RSAC Covers the Same Topics Every Year; Topics are Never Technical in Nature Although RSA Conference focuses primarily on the business of security, we do have technical tracks at our events. Our goal is to help our…

  • Compliance is Not Supposed to be Security

    by Fahmida Y. Rashid on September 17, 2014

    With all the high-profile data breaches at major retailers over the past few months, it’s really tempting to write off PCI DSS as being ineffective. It’s clearly not working, since the security standard clearly didn’t protect these companies from attack. Then again, perhaps we are looking at the standard all wrong. Businesses—and often auditors—measure their security effectiveness against PCI DSS…

This document was retrieved from http://www.rsaconference.com/blogs on Wed, 01 Jul 2015 16:12:39 -0400.
© 2015 EMC Corporation. All rights reserved.