• Customer Privacy: The Surprising Driver of Today's Massive Vendor Security Movement

    by John Linkous on February 6, 2014

    Within recent weeks, a plethora of vendors have announced massive security changes to their products and platforms. From Google's migration of all web certificates to 2048-bit encryption keys to Twitter's implementation of session-specific encryption keys via forward secrecy, vendors are rapidly implementing security controls across their infrastructure, often at substantial cost. The driver…

  • Information Sharing Post-Snowden, What Changes?

    by Kathleen Moriarty on February 5, 2014

    For this second piece in the series, I’d like to highlight the use of threat modeling to determine the best options to exchange intelligence on the wire. There is no single answer as to how we address the challenges we now face as security professionals with the stream of revelations post-Snowden. We need to determine what is the balance for protecting a nation versus the need for tighter…

  • When Security Policies Collide With Business Realities

    by Christopher Burgess on February 4, 2014

    Horror stories abound about the wayward employee who ignored the established information security policies in an effort to get the job done. The employee didn't mean to put the company at risk, but that's exactly what happened. In situations like this, the employee is likely caught in the switches between the information security policies of the company and the goals and expectations of his…

  • New California Do Not Track Legislation

    by Stephen Wu on February 3, 2014

    Under California’s Online Privacy Protection Act (OPPA) of 2003,[1] California law requires commercial websites or online services that obtain personally identifiable information about California consumers to conspicuously post their privacy policies. “Personally identifiable information” includes a first and last name, address, email address, telephone number, social security number, or any…

  • The Art of the Data Center: A Look Inside the World's Most Innovative and Compelling Computing Environments

    by Ben Rothke on February 3, 2014

    At first glance, The Art of the Data Center: A Look Inside the World's Most Innovative and Compelling Computing Environments appears like a standard coffee table book with some great visuals and photos of various data centers throughout the world. Once you get a few pages into the book, you see it is indeed not a light-read coffee table book, rather an insightful book where some of the brightest…

  • “Keeping Up with the Joneses” May Not Mean Keeping Up With Security

    by Gib Sorebo on February 3, 2014

    As a cybersecurity consultant, I’m often asked by customers how they compare with their peers in the industry. This can vary from requests for simply anecdotal comparisons of products used to a full-fledged benchmarking of their entire cybersecurity program. Either way, it’s clear that aligning practices and spending with peers is important to many, particularly among critical infrastructure…

  • Cyber Attacks, as Real as They Get

    by John Linkous on January 30, 2014

    Once again, the fundamental nature of the Internet is changing. Moving far beyond the original scope of the Internet, in the early 1990s, the World Wide Web dramatically changed its purpose. We now find ourselves on the cusp of yet another dramatic change, as the Internet of computers gives way to an Internet of things. Unfortunately, that concept also means that this relatively new phase of the…

  • What the Target Breach Teaches Us About Standards, Regulations, and Critical Infrastructure

    by Gib Sorebo on January 30, 2014

    The recently disclosed security breach of Target’s® point of sale terminals and related infrastructure is likely a lesson on the limitations of standards and regulations to adequately protect sensitive information and critical systems despite the political piling on that traditionally visits a high-profile data breach. However, absent some newly discovered evidence of incompetence, the Target…

  • Driving Towards More Effective Sharing Models

    by Kathleen Moriarty on January 29, 2014

    The ask from this blog series is for experts to engage in discussions that drive the adoption of effective operator-driven sharing models that leverage our small number of skilled threat analysts. The purpose of this line of thinking is not to drive adoption of open and international standards over US Government funded efforts, but rather to get people to think critically and push toward better…

  • Data Leakage: The Human End-Around to DLP

    by Christopher Burgess on January 28, 2014

    The old adages "still water finds its own level" and "moving water finds a path of least resistance" both have applicability when we think of data leakage and employees' engagement with data loss prevention (DLP) processes, policies, procedures, and software. With still water, data is at rest; with moving water, your data in transit. There are also two types of employees: Those who are trying to…

This document was retrieved from on Wed, 02 Dec 2015 00:09:27 -0500.
© 2015 EMC Corporation. All rights reserved.