Menu

Blogs

Showing Blog Posts: 1–10 of 128 tagged Enterprise Defense

  • Peers Share Stories About Adopting the Cybersecurity Framework

    by RSAC Contributor on June 12, 2015

    Peer-2-Peer sessions give RSAC attendees the opportunity to dig deeply into a single topic area with a group of like-minded peers. Timothy Shea, a member of RSA’s Global Public Sector (GPS) Team, facilitated a P2P discussion about experiences adopting the cybersecurity framework (CSF) at RSA Conference 2015 in San Francisco. In this post, Shea continues the discussion from that session. The Cyb…

  • Security by the Numbers and the Work Ahead

    by Fahmida Y. Rashid on June 2, 2015

    Every day, there is yet another survey or report highlighting people’s perceptions of information security and identifying issues that need attention. Most of them tend to repeat what we already know, but two stood out recently and got me thinking. Data Breach Costs The first is the 2015 Cost of Data Breach by IBM and the Ponemon Institute. The average per-record cost of lost or stolen data in the…

  • Using Peer Collaboration to Manage Supply Chain Risk

    by RSAC Contributor on May 29, 2015

    Peer-2-Peer sessions give RSAC attendees the opportunity to dig deeply into a single topic area with a group of like-minded peers. Robin Slade, of Shared Assessments, facilitated a P2P discussion on peer collaboration for risk management at RSA Conference 2015 in San Francisco. In this post, Slade continues the discussion from that session. Professionals in finance/banking, healthcare, insurance, …

  • The Human Element of Computer Security

    by Robert Moskowitz on May 25, 2015

    Most organizations spend significant sums on high-tech defenses such as firewalls, anti-virus software, intrusion detection systems, and biometric locking devices as part of their computer security efforts. But even the strongest hardware and software defenses cannot withstand the human element. The damage can be inflicted intentionally by demotivated employees or unintentionally by…

  • What's Next in Our Security Conversation

    by Fahmida Y. Rashid on May 18, 2015

    There were a lot of interesting conversations at RSA Conference last month. With everyone back home and back to the pressures of the daily job, what happens next? Where does all that energy and excitement go? Hopefully, it is being channeled into informal conversations and new initiatives. One of the key themes was that security is broken and it needs to change. Every company needs a holistic…

  • SANS NetWars at RSAC 2015

    by Fahmida Y. Rashid on May 15, 2015

    SANS Institute brought its NetWars competition to RSA Conference 2015 in San Francisco. A hands-on, interactive learning environment, SANS NetWars lets information security professionals develop and master skills they need in their jobs. The program focuses on developing skills in vulnerability assessment, system hardening, malware analysis, digital forensics, incident response, packet analysis, …

  • Today’s Attack Mode Mindset to Pen Testing

    by Eric Cowperthwaite on May 13, 2015

    Let’s start off by getting on the same page about what a penetration test is. The goal is generally to provide or your management team with an evaluation and snapshot of the organization’s security posture at a specified time. The actual testing involves mimicking what real attackers do, usually by leveraging a chain of vulnerabilities (i.e. attack path) in an attempt to reach critical assets. …

  • Transforming Security into THE Business Enabler

    by Rook Security on May 11, 2015

    When I began my security career, shortly after the Y2K scare, there were many conversations about security as a roadblock. “Can’t do that ‘cause security won’t let us!” Most of the time security had the best interest of the company in mind, but other times it was because security professionals didn’t always understand the business objective. Silos existed in IT, IT Security, Business, and…

  • Phishing Dark Waters: The Offensive and Defensive Sides of Malicious Emails

    by Ben Rothke on April 29, 2015

    All encryption (with the exception of a one-time pad) can be broken. Bruce Schneier likes to use the analogy of a pole in the ground for encryption. You can try to break the pole (encryption); or simply go around the pole. Rather than finding problems with a proven encryption algorithm, attackers will try to go around it via how it’s implemented, and other similar attacks. In Phishing Dark Waters:…

  • Is Defense in Depth Dead? Part 2: The Lesson of Babylon

    by Danelle Au on April 28, 2015

    A few weeks ago, when I asked, Is Defense in Depth Dead? I used the example of Dover Castle to illustrate the point that, as weapons and warfare change, defensive strategies must also evolve to meet new realities. Dover Castle and other fortresses offered their occupants centuries of effective protection—until the advent of gunpowder and cannon on the battlefields of medieval Europe. Which is not…

This document was retrieved from http://www.rsaconference.com/blogs on Sun, 05 Jul 2015 15:25:16 -0400.
© 2015 EMC Corporation. All rights reserved.