Menu

Blogs

  • SOC: To outsource or not to outsource?

    by RSAC Contributor on June 17, 2015

    This post comes from Greg Boison, director of homeland and cybersecurity at Lockheed Martin, who was part of the Transforming SOCs roundtable discussion at the recent Gartner Security & Risk Management Summit. The following is his summary of the discussion. While walking the floor and listening to the sessions at the Gartner Risk and Security Summit, a key issue crystallized for me around Security…

  • Out of the Shadows: Fear is the Real Cloud Threat

    by Danelle Au on June 15, 2015

    Shadow IT is a misnomer, and we need to stop pretending that so-called rogue software applications are going to bring down the enterprise. That kind of fear mongering is misleading and doesn’t help advance the cause of securing data in the cloud. In fact, it is more of a threat to the security of the cloud than the software it demonizes. The term Shadow IT was coined out of a vestigial, …

  • Peers Share Stories About Adopting the Cybersecurity Framework

    by RSAC Contributor on June 12, 2015

    Peer-2-Peer sessions give RSAC attendees the opportunity to dig deeply into a single topic area with a group of like-minded peers. Timothy Shea, a member of RSA’s Global Public Sector (GPS) Team, facilitated a P2P discussion about experiences adopting the cybersecurity framework (CSF) at RSA Conference 2015 in San Francisco. In this post, Shea continues the discussion from that session. The Cyb…

  • Crafting the InfoSec Playbook: Security Monitoring and Incident Response Master Plan

    by Ben Rothke on June 10, 2015

    An extremely important piece of advice in Crafting the InfoSec Playbook: Security Monitoring and Incident Response Master Plan is on page 85, where authors Jeff Bollinger, Brandon Enright and Matthew Valites write that you will need at least one dedicated and full-time person to analyze your security event data. When creating programs for information security monitoring and its corresponding…

  • RSAC Unplugged, A Visual Retrospective

    by Fahmida Y. Rashid on June 9, 2015

    At RSA Conference, we like to experiment and try out new things. We tried crowd-sourcing some sessions for RSA Conference 2015. We are having year-round conversations through blog posts and webcasts. With RSAC Unplugged, we put 120 people in one room with excellent speakers and waited to see what would happen. We took away the exhibit hall and the sales pitches, consolidated all the tracks into…

  • Growing Up: A Roadmap to Vulnerability Management Maturity

    by Eric Cowperthwaite on June 8, 2015

    At this year’s RSA Conference, there was strong focus on identifying where your company’s security posture is in terms of maturity. As Brian Krebs touched on in a recent post, there are many different maturity models outlining what your company is doing, and what it should be doing. Of course each company is different, and the path to reducing risk is never a straight line. It is, however, …

  • How We Foiled Ransomware and Got the Files Back

    by RSAC Contributor on June 5, 2015

    Derek Soeder is a senior threat researcher at Cylance. In this post, Soeder discusses how he and his team reverse engineered ransomware to recover the password used to encrypt client files. In the interest of length, some of the technical steps the team took have been omitted from this story. Read on to find out just what Soeder had to do to retrieve client data being held hostage by ransomware. In…

  • Regionally Focused Security Lessons on Tap at RSA Conference APJ

    by Britta Glade on June 3, 2015

    The full agenda for RSA Conference Asia Pacific & Japan 2015 will soon be posted, featuring many top-rated speakers from across the globe delivering powerful presentations. The Program Committee had its hands full this year as it sorted through a record number of submissions, tasked with selecting those that provided the most timely, compelling content for our attendees—content that would really…

  • Security by the Numbers and the Work Ahead

    by Fahmida Y. Rashid on June 2, 2015

    Every day, there is yet another survey or report highlighting people’s perceptions of information security and identifying issues that need attention. Most of them tend to repeat what we already know, but two stood out recently and got me thinking. Data Breach Costs The first is the 2015 Cost of Data Breach by IBM and the Ponemon Institute. The average per-record cost of lost or stolen data in the…

  • Investigating Internet Crimes: An Introduction to Solving Crimes in Cyberspace

    by Ben Rothke on June 1, 2015

    Any organization that has a sizeable web presence, especially if it involves e-commerce, will inevitably become a victim of some sort of Internet malfeasance. Contrary to popular management belief, knowing how to effectively deal with, respond to, and recover from such incidents is not a trivial endeavor. Nothing proved that more than the Sony breach of 2014. In Investigating Internet Crimes: An…

This document was retrieved from http://www.rsaconference.com/blogs on Wed, 29 Jul 2015 16:01:34 -0400.
© 2015 EMC Corporation. All rights reserved.