Blogs

  • Security Warrior

    by Ben Rothke on February 17, 2010

    Security Warrior is an excellent security reference. As is the case in the physical world, when providing computer security the optimal approach is to be proactive. Security Warrior is about taking such a preventive approach to computer predators. Attackers are often highly skilled, and the authors have adopted the premise that the only way to defend a network is to understand the motives of a…

  • Forensic Discovery

    by Ben Rothke on February 16, 2010

    When most people think of forensics, television shows like Quincy and CSI come to mind. Where such shows deviate from reality is the unrealistic speed at which the actors are able to identify, apprehend and prosecute the perpetrators. In the real world, (unlike television, where the crime must be solved by the end of the family hour), crimes are solved with slow, deliberate and methodical steps. …

  • New Information Security Lawsuit -- Why Now?

    by Stephen Wu on February 16, 2010

    Over the years, many have doubted whether we will see substantial, real-dollar information security lawsuits. Some said that companies don't want to be embarrassed by filing suit and having to admit in their complaints that they've been hacked. Others said there's no money in it for potential plaintiffs (and plaintiffs' attorneys). In my opinion, I always thought we'd see plaintiffs filing cases…

  • Managing an Information Security and Privacy Awareness and Training Program

    by Ben Rothke on February 12, 2010

    Managing an Information Security and Privacy Awareness and Training Program is the definitive reference on creating an information security awareness campaign and program. Managing an Information Security and Privacy Awareness and Training Program is without a doubt the definitive reference on creating an information security awareness program Behind most information security problems are users…

  • Cryptography for Dummies

    by Ben Rothke on February 11, 2010

    Cryptography for Dummies is a really good introduction to cryptography. Cryptography is one of the most intimidating aspects of computer security, conjuring up, as it does, such concepts as hash functions and public-key infrastructures. For the average user who wants to know about cryptography without gaining the proficiency of a cryptographer, Cryptography for Dummies is the perfect…

  • Hacking For Dummies

    by Ben Rothke on February 10, 2010

    Hacking For Dummies is an excellent introduction to hacking for beginners. The media often mistakenly characterize hackers as bored technical geniuses. In truth, most hackers, as the media use the term, are not geniuses; they are simply adept at downloading hacking tools that do all of the dirty work for them. These so-called script kiddies often do not know what they are doing until the damage…

  • “Ten Commandments” of eDiscovery

    by Stephen Wu on February 9, 2010

    My colleague, Steven Teppler, recently spoke at the LegalTech New York trade show on eDiscovery and digital evidence topics. After attending the show, Steve posted a listserv mail concerning an interesting presentation at the show entitled "The Ten eDiscovery Commandments." The presenters were U.S. Magistrate Judges Frank Maas and Andrew Peck (both from the Southern District of New York). …

  • Outsourcing Information Security

    by Ben Rothke on February 9, 2010

    Outsourcing Information Security is required reading for anyone considering outsourcing information security functionality. When it comes to the outsourcing of information security functions specifically, the situation is even worse. Far too few organizations know the inherent risks involved with outsourcing security, and don't properly investigate what they are getting into. The same company…

  • Mapping Security: The Corporate Security Sourcebook for Today's Global Economy

    by Ben Rothke on February 8, 2010

    Mapping Security: The Corporate Security Sourcebook for Today's Global Economy is an excellent resource for doing global information security. Creating an effective information security infrastructure for a large multi-national company is a challenge. Above and beyond the technology, the software, and the hardware, there are non-tangibles, specifically the cultures and laws where the security…

  • The Many Shades of Project Grey Goose

    by Gib Sorebo on February 8, 2010

    As I noted in my previous post about a recent 60 Minutes segment, we often rely on rumor and innuendo as the basis for journalism in critical infrastructure. If a current or former high-ranking public official says he heard something, then it must be true. Unfortunately, Project Grey Goose, whose stated objective was “to answer the question of whether there has been any successful hacker attacks…

This document was retrieved from http://www.rsaconference.com/blogs on Mon, 01 Sep 2014 09:42:03 -0400.
© 2014 EMC Corporation. All rights reserved.