Menu

Blogs

  • ISO27001 in a Windows Environment

    by Ben Rothke on October 3, 2012

    Imagine auto racing where none of the pit crew did things in synchronicity. No driver would keep such a crew. Yet in the world of IT, many firms have staff administering Windows systems, each individual doing it in a different way, with assorted and often conflicting techniques. Such a methodology often leads to chaos and makes the cost of management and administration skyrocket. ISO27001 is an…

  • Two new SQL security books from Syngress

    by Ben Rothke on September 27, 2012

    Securing SQL Server - Protecting Your Database from Attackers and SQL Injection Attacks and Defense are two new books out on SQL security. The first, Securing SQL Server - Protecting Your Database from Attackers, author Denny Cherry takes a high-level approach to the topic. The book explains how to secure and protect a SQL database from attack. The book details how to configure SQL against both…

  • Digital Forensics for Handheld Devices

    by Ben Rothke on September 24, 2012

    Today’s handheld device is the mainframe of years past. An iPhone 5 with 64 GB of storage and the Apple A6 system-on-a-chip processor has more raw computing power entire data centers had some years ago. With billions of handheld devices in use worldwide, it is imperative that digital forensics investigators and others know how to ensure that the information contained in them, can be legally…

  • Preview - Everyday Cryptography: Fundamental Principles and Applications

    by Ben Rothke on September 19, 2012

    For those studying for the CISSP exam, the (ISC) ² Common Body of Knowledge (CBK) domain that is most intimidating to many people is definitely cryptography. With that, Everyday Cryptography: Fundamental Principles and Applications is a reference that can minimize feat of cryptography. The book assumes that the reader has no prior knowledge of cryptography and requires almost no prior knowledge of…

  • CISSP for Dummies

    by Ben Rothke on September 14, 2012

    The CISSP is the most popular and arguably most valuable information security certification. While SANS GIAC certifications are technically more intensive, the CISSP is the 900-pound gorilla of information security certifications. For those looking for a CISSP review guide, CISSP for Dummies, despite its title, is a worthwhile reference. The book provides a thorough overview of the (ISC) ² Common…

  • New Amendments to the Vermont Breach Notification Law

    by Stephen Wu on September 10, 2012

    Vermont recently amended its security breach notification law with a number of changes. Included in the amendment are changes to the definition of "security breach," guidance on determining whether a breach has occurred, a 45-day deadline for notification, and a requirement of notifying the attorney general of a breach. The legislation, H.254, became Act 109 following the governor's signature. For…

  • Is Application Whitelisting the Answer for a More Secure Critical Infrastructure?

    by Gib Sorebo on September 4, 2012

    For the last couple years, as anti-virus has continued to fail us with a detection rate often in the single digits, many have suggested that a better approach would be to not focus on the bad but on the good. The objective would be to identify what normal is and alert on everything that is not normal. While that is still a tall task, it is often an easier one than to identify every possible piece…

  • Industrial Network Security: Securing Critical Infrastructure Networks for Smart Grid, SCADA, and Other Industrial Control Systems

    by Ben Rothke on September 4, 2012

    The Stuxnet computer worm of mid-2010 was a huge wake-up call for the energy industry. It also catapulted SCADA from an obscure term to the forefront of industrial security. But nearly two years later, it is unclear if the energy sector is adequately prepared for sophisticated information security threats. For those looking to get a handle on how to effectively secure critical infrastructure…

  • Preview - Digital Forensics for Handheld Devices

    by Ben Rothke on August 30, 2012

    Today’s handheld device is the mainframe of years past. The raw computing power and stored memory found in a BlackBerry, iPhone, digital camera or GPS dwarfs that of computers from years ago. With billions of such devices in use, it is imperative systems administrator, forensics investigators and others know how to ensure that the information contained in them, can be legally preserved if needed. …

  • Preview - The Computer Incident Response Planning Handbook: Executable Plans for Protecting Information at Risk

    by Ben Rothke on August 27, 2012

    Computer security incidents are not a matter of if; rather when. The function of having an incident response (IR) plan is to provide guidance to staff, both technical staff and management, on how to quickly and effectively recovery from the information security incidents. An IR plan is also needed to ensure staff responds in a systematic manner to incidents, rather than everyone doing things in an…

This document was retrieved from http://www.rsaconference.com/blogs on Mon, 22 Dec 2014 08:30:17 -0500.
© 2014 EMC Corporation. All rights reserved.