Menu

Blogs

Showing Blog Posts: 1–10 of 97 tagged Enterprise Defense

  • The Practical Guide to HIPAA Privacy and Security Compliance

    by Ben Rothke on January 25, 2015

    From an information security perspective, there is nothing overly onerous with the HIPAA security and privacy requirements. But like all regulations, the devil is in the details. While HIPAA is meant to protect large-scale disclosure of patient data, some of it includes absurd requirements such as ensuring white-boards in hospital wards don’t have full patient information and that intravenous…

  • SBN: Running Adobe Flash? You Need to Read This Today

    by Security Bloggers Network on January 23, 2015

    Adobe has released a critical security patch for an Adobe Flash vulnerability that is being exploited by online criminals. The vulnerability, known as CVE-2015-0310, can be used by hackers to “circumvent memory randomization mitigations” on versions of Windows. Obviously it would be sensible to ensure that your version of Flash is updated as soon as possible. If you’re using Google Chrome or…

  • Enterprise Software Security: A Confluence of Disciplines

    by Ben Rothke on January 15, 2015

    To date, most software security books have focused solely on writing secure code and educating developers on how to do that. In Enterprise Software Security: A Confluence of Disciplines, authors Kenneth van Wyk, Mark Graff, Dan Peters and Diana Burley take a different, and ultimately necessary approach. Their tactic is that treating software security as an autonomous discipline doesn’t work. With…

  • Are You Building a Cybersecurity Ecosystem or Just a Bunch of Controls?

    by Gib Sorebo on January 14, 2015

    With all the emphasis on cybersecurity frameworks over the last couple years, it probably shouldn’t surprise anyone that a lot of organizations find themselves working off checklists of cybersecurity controls that they assume will give them better security. What is often missed is that these controls need to work together as an integrated system. For thousands of years, we’ve understood this in…

  • Infrastructure Protection: Plans and Strategies

    by Robert Moskowitz on January 12, 2015

    Modern organizations run on information, and information runs on infrastructure. Protecting that information infrastructure is vital to the organization’s health. Accomplishing effective infrastructure protection requires a broadly coordinated approach. This approach establishes priorities, sets operational goals, and details both human and technological requirements for reducing vulnerability, …

  • Customer Data: The Crown Jewels

    by Christopher Burgess on January 9, 2015

    Do you know where your company’s crown jewels are? Comparing customer data to the crown jewels is obviously an appropriate analogy if you consider the history of the jewels. The crown jewels represent the wealth of the monarchy, and in times gone by, a measure of fiscal reserve. England kept its Crown Jewels in Westminster Abbey until the early fourteenth century, and then were were moved to the…

  • Cybercrime: The Computer Hacking Persona Debunked

    by Robert Moskowitz on December 29, 2014

    Popular media is filled with stories of computer hackers —young, male, nerdy college dropouts who are not very social—and their hacking activities. However, reports show that hackers are actually a wild and crazy bunch and far more diverse than most people suspect. They are quite social in certain settings. What's more, within these social circles, advanced knowledge of computers and software…

  • Lockdown: Information Security Threats on the Edge of 2015

    by John Linkous on December 26, 2014

    As we look forward to 2015, this is a good time to take stock of how the information security threats and attack landscape have been changing. Let’s see: major data breaches at global, brand-name organizations, state-sponsored hacking activity, revelations of our own government's attempts to access personal data. It would be easy to proclaim 2014 as the "Year of the Security Threat," but that's…

  • Network Intrusion: Methods of Attack

    by Robert Moskowitz on December 25, 2014

    A network intrusion is any unauthorized activity on a computer network. Detecting an intrusion depends on the defenders having a clear understanding of how attacks work. In most cases, such unwanted activity absorbs network resources intended for other uses, and nearly always threatens the security of the network and/or its data. Properly designing and deploying a network intrusion detection…

  • A Morality Tale: The Good and Bad of DDoS Attacks, and What to Do About Them

    by John Linkous on December 8, 2014

    It's 4:55 p.m. on a Friday afternoon, and your phone rings. You're a CISO of a large company selling products online. It's your lead SOC analyst calling with a big problem. The moment that you've successfully avoided for your tenure so far has finally arrived: web-facing applications are slowing to a crawl, and customers are calling and complaining. You are under attack—it’s a distributed…

This document was retrieved from http://www.rsaconference.com/blogs on Tue, 27 Jan 2015 00:45:57 -0500.
© 2015 EMC Corporation. All rights reserved.