Menu

Blogs

  • Mining Your Banking Data Gold Mine

    by Dale "Woody" Wooden on May 14, 2015

    Dale "Woody" Wooden illustrates security concepts through stories. His past posts discussed how attackers mine employees' social media accounts for information and how social media can be used against you. This story is about companies asking for way too much information about your business. Would you give up all your itemized bank statements to a third party? Hand over information about…

  • Today’s Attack Mode Mindset to Pen Testing

    by Eric Cowperthwaite on May 13, 2015

    Let’s start off by getting on the same page about what a penetration test is. The goal is generally to provide or your management team with an evaluation and snapshot of the organization’s security posture at a specified time. The actual testing involves mimicking what real attackers do, usually by leveraging a chain of vulnerabilities (i.e. attack path) in an attempt to reach critical assets. …

  • Transforming Security into THE Business Enabler

    by Rook Security on May 11, 2015

    When I began my security career, shortly after the Y2K scare, there were many conversations about security as a roadblock. “Can’t do that ‘cause security won’t let us!” Most of the time security had the best interest of the company in mind, but other times it was because security professionals didn’t always understand the business objective. Silos existed in IT, IT Security, Business, and…

  • Lessons Learned at RSAC 2015

    by Tony Kontzer on May 5, 2015

    Now that the curtain has fallen on the RSA Conference 2015, San Francisco edition, what have you learned? I can't speak for anyone else, but I returned from RSAC with a number of things bouncing around my head. For instance, right out of the gate, we learned that Amit Yoran is an energetic and forceful speaker who will carry the RSA Conference keynote torch with great aplomb. Yoran took the stage…

  • Next Stop for the CISO: The Office of the CIRO?

    by Tony Kontzer on May 4, 2015

    As if CISOs didn't have enough to worry about already, now we are hearing they should be seriously considering acquiring the skills they need to become the chief information risk officer. Few organizations today have a CIRO, but if the scuttlebutt at the recently concluded RSA Conference is to be believed, they will soon, and CISOs are the logical choices to fill that role. It's reasonable to…

  • Everyone has a role to play in securing Asia’s digital future

    by Linda Gray on May 1, 2015

    Asia is in the middle of a digital revolution, with a booming market for consumer electronics and a fast-growing startup scene. The explosive growth makes organizations in the Asia-Pacific region especially attractive to criminals and hackers. They are playing a game of cat-and-mouse, with defenders trying to secure information within the enterprise and attackers trying to access it unlawfully. …

  • Phishing Dark Waters: The Offensive and Defensive Sides of Malicious Emails

    by Ben Rothke on April 29, 2015

    All encryption (with the exception of a one-time pad) can be broken. Bruce Schneier likes to use the analogy of a pole in the ground for encryption. You can try to break the pole (encryption); or simply go around the pole. Rather than finding problems with a proven encryption algorithm, attackers will try to go around it via how it’s implemented, and other similar attacks. In Phishing Dark Waters:…

  • Is Defense in Depth Dead? Part 2: The Lesson of Babylon

    by Danelle Au on April 28, 2015

    A few weeks ago, when I asked, Is Defense in Depth Dead? I used the example of Dover Castle to illustrate the point that, as weapons and warfare change, defensive strategies must also evolve to meet new realities. Dover Castle and other fortresses offered their occupants centuries of effective protection—until the advent of gunpowder and cannon on the battlefields of medieval Europe. Which is not…

  • Congress is Moving Forward With Information Sharing, Will it Work?

    by Tony Kontzer on April 27, 2015

    Boosted by the U.S. House of Representatives considering — and ultimately passing — two separate cyber threat information-sharing bills last week, information sharing was top of mind for many attendees at RSA Conference last week. Having waited patiently for years as Washington debated the particulars of a complex issue, RSAC speakers had a lot of feelings about what information sharing means to…

  • Stop the Insanity! My First Year as a PCI QSA

    by Rook Security on April 27, 2015

    I’ve been involved with PCI-DSS in some way, shape, or form over the past eight years. For most of this time, I worked for corporations that needed to achieve or maintain PCI DSS compliance. A little over a year ago, I received Qualified Security Assessor (QSA) training and became a full-fledged QSA. It’s quite different being on the other side of the fence. I also understand my clients’…

This document was retrieved from http://www.rsaconference.com/blogs on Thu, 30 Jul 2015 02:08:57 -0400.
© 2015 EMC Corporation. All rights reserved.