Blogs

  • CISSP Study Guide, Second Edition

    by Ben Rothke on October 10, 2012

    About 2 years, I reviewed the first edition of the CISSP Study Guide. Just out is the CISSP Study Guide, Second Edition of the bookby Eric Conrad, Seth Misenar and Joshua Feldman. And yes, they are all CISSP certified. The overall framework and content of the guide is the same. The update covers the new information in the (ISC)² CBK (Common Body of Knowledge) that underwent a major update in…

  • New California Social Media Privacy Legislation

    by Stephen Wu on October 8, 2012

    On September 27, 2012, California Governor Jerry Brown signed two pieces of legislation intended to protect the privacy of social media accounts. The first, AB 1844, covers employees, and the second, SB 1349, covers students at postsecondary educational institutions. I wrote an earlier post about how some employers are demanding that employment applicants give them their Facebook user names and…

  • Malware Forensics Field Guide for Windows Systems: Digital Forensics Field Guides

    by Ben Rothke on October 5, 2012

    Wikipedia defines a field guide as a book designed to help the reader identify wildlife (plants or animals) or other objects of natural occurrence (e.g. minerals). It is generally designed to be brought into the 'field' or local area where such objects exist to help distinguish between similar objects. If you change wildlife to Malware Forensics, then you have the Malware Forensics Field Guide for…

  • ISO27001 in a Windows Environment

    by Ben Rothke on October 3, 2012

    Imagine auto racing where none of the pit crew did things in synchronicity. No driver would keep such a crew. Yet in the world of IT, many firms have staff administering Windows systems, each individual doing it in a different way, with assorted and often conflicting techniques. Such a methodology often leads to chaos and makes the cost of management and administration skyrocket. ISO27001 is an…

  • Two new SQL security books from Syngress

    by Ben Rothke on September 27, 2012

    Securing SQL Server - Protecting Your Database from Attackers and SQL Injection Attacks and Defense are two new books out on SQL security. The first, Securing SQL Server - Protecting Your Database from Attackers, author Denny Cherry takes a high-level approach to the topic. The book explains how to secure and protect a SQL database from attack. The book details how to configure SQL against both…

  • Digital Forensics for Handheld Devices

    by Ben Rothke on September 24, 2012

    Today’s handheld device is the mainframe of years past. An iPhone 5 with 64 GB of storage and the Apple A6 system-on-a-chip processor has more raw computing power entire data centers had some years ago. With billions of handheld devices in use worldwide, it is imperative that digital forensics investigators and others know how to ensure that the information contained in them, can be legally…

  • Preview - Everyday Cryptography: Fundamental Principles and Applications

    by Ben Rothke on September 19, 2012

    For those studying for the CISSP exam, the (ISC) ² Common Body of Knowledge (CBK) domain that is most intimidating to many people is definitely cryptography. With that, Everyday Cryptography: Fundamental Principles and Applications is a reference that can minimize feat of cryptography. The book assumes that the reader has no prior knowledge of cryptography and requires almost no prior knowledge of…

  • CISSP for Dummies

    by Ben Rothke on September 14, 2012

    The CISSP is the most popular and arguably most valuable information security certification. While SANS GIAC certifications are technically more intensive, the CISSP is the 900-pound gorilla of information security certifications. For those looking for a CISSP review guide, CISSP for Dummies, despite its title, is a worthwhile reference. The book provides a thorough overview of the (ISC) ² Common…

  • New Amendments to the Vermont Breach Notification Law

    by Stephen Wu on September 10, 2012

    Vermont recently amended its security breach notification law with a number of changes. Included in the amendment are changes to the definition of "security breach," guidance on determining whether a breach has occurred, a 45-day deadline for notification, and a requirement of notifying the attorney general of a breach. The legislation, H.254, became Act 109 following the governor's signature. For…

  • Is Application Whitelisting the Answer for a More Secure Critical Infrastructure?

    by Gib Sorebo on September 4, 2012

    For the last couple years, as anti-virus has continued to fail us with a detection rate often in the single digits, many have suggested that a better approach would be to not focus on the bad but on the good. The objective would be to identify what normal is and alert on everything that is not normal. While that is still a tall task, it is often an easier one than to identify every possible piece…

This document was retrieved from http://www.rsaconference.com/blogs on Mon, 01 Sep 2014 21:57:26 -0400.
© 2014 EMC Corporation. All rights reserved.