Blogs

  • Pre-review: Measuring and Managing Information Risk: A FAIR Approach

    by Ben Rothke on October 5, 2014

    Some of the music composed by Rachmaninoff had monstrously difficult parts that were full of big, fat chords. In Measuring and Managing Information Risk: A FAIR Approach, authors Jack Freund and Jack Jones have created the equivalent of an information security concert, full of big, fat chords. The book is nearly 400 pages of densely packed chords, which can lead the reader to truly understand the…

  • Security Infrastructure: Infrastructure Protection

    by Robert Moskowitz on October 2, 2014

    With today's emphasis on information collection, processing, and usage, Nearly every organization today has to collect, process, and use data for its daily activities, strategic planning, and administration. Considering how heavily dependent organizations are on their information infrastructures, protecting that infrastructure is critical. As much as we would like to, the systems cannot just be…

  • Getting the InfoSec Budget You Need

    by Fahmida Y. Rashid on October 1, 2014

    There is a tongue-in-cheek saying that goes something like this: How do security professionals get the security budget they want? Wait for a data breach. It's a sad state of affairs that there is a grain of truth to this poor joke. This month, we explore how security professionals can tackle budget planning for next year. Security spending as a percentage of the overall IT budget has remained…

  • Security Risks: Mitigating the Human Element

    by Christopher Burgess on September 30, 2014

    Logs, logs, and more logs: They bury our sys admins charged with protecting our networks. The larger the company, the more data there is to process. Sorting out the false positives from those requiring immediate attention is key. We can do this by focusing on what our users are doing. We are all thankful for the plethora of tools that allows us to consume the myriad of logs and help us, the mere…

  • The Internet of Things: The Death of General Purpose Computing?

    by Gib Sorebo on September 29, 2014

    Ever try to send a text from your laptop while you’re on the go? Theoretically you could with the right hardware and software, but why would you? Laptops aren’t meant to be that mobile or that convenient. The text message, with its 140 character limit, was the quintessential application, and for a while the only one, for cell phones. Similarly, the thought of writing a ten page document on a…

  • Cybersecurity Requires Qualified Personnel

    by Christopher Burgess on September 25, 2014

    The community of cybersecurity professionals is an energetic, creative, and highly sought-after one. It's also incredibly small, with hiringdemands outpacing available supply of professionals. Ask your chief information security officer, chief information officer, or chief security officer if they have all the information security personnel they want, and the answer will be almost always be a…

  • Take Steps to Deal With Bash Bug "Shell Shock" Now

    by Fahmida Y. Rashid on September 25, 2014

    It’s bad enough that many IT security teams are still dealing with the effects of the Heartbleed vulnerability in OpenSSL, but now they also have to handle Shell Shock, a vulnerability in the widely used command interpreter Bash. The flaw is present in how Bash sets environment variables and allows attackers launch remote code injection attacks to hijack the vulnerable machine. Threatpost does a…

  • Bitcoin and the Future of Crypto-Currency

    by John Linkous on September 23, 2014

    Break out your cryptographically-signed digital wallet and lay your bets: Where is Bitcoin going? As perhaps the best-known—but certainly not the sole—crypto-currency around, Bitcoin has certainly seen its share of media coverage in recent months. And like other hot-button subjects, Bitcoin seems to elicit strong reactions both for and against it. Some view it as a universal currency, free from…

  • Targeted Cyber Attacks: Multi-staged Attacks Driven by Exploits and Malware

    by Ben Rothke on September 22, 2014

    Targeted cyber attacks are for the most part the same as an APT (advanced persistent threat). It was last year’s report on APT1 from Mandiant that brought this important information security topic to the forefront. In Targeted Cyber Attacks: Multi-staged Attacks Driven by Exploits and Malware, authors Aditya Sood and Richard Enbody write that there are a few different definitions of what a…

  • Does Size Matter in a Data Breach?

    by Fahmida Y. Rashid on September 22, 2014

    Cyber-criminals stole approximately 56 million cards in a five-month attack against Home Depot's point-of-sale systems, the home improvement giant said last Friday. Many media reports honed in on the fact that the breach was larger than the attack that hit Target last year, where 40 million credit and debit cards were stolen. "56 million cards may not be as big as the huge Heartland Payment…

This document was retrieved from http://www.rsaconference.com/blogs on Sat, 01 Nov 2014 07:55:20 -0400.
© 2014 EMC Corporation. All rights reserved.