Menu

Blogs

Showing Blog Posts: 21–30 of 124 tagged Enterprise Defense

  • Smashing the Binary

    by Wendy Nather on March 16, 2015

    One big problem in security is the tendency to think in binary terms. Either you’re breached or you’re not; either you’re secure or you’re not. But this black-and-white worldview can be the cause of both technology and people problems. Is it possible to be a “little bit pwned”? Most would say no, although if you’re used to dealing with a wide spectrum of incidents within an organization, you know…

  • Is Defense In Depth Dead?

    by Danelle Au on March 12, 2015

    When Great Britain’s Royal Engineer, Maurice built Dover Castle in the late 1100s, he focused not just on the grandeur but on the security of its architecture. In Medieval times, castles were the backbone of power, meaning that it had to withstand assaults from enemies. When building Dover Castle, Maurice The Engineer, who served King Henry II, designed a castle with multiple layers of defense…

  • Security Awareness Training: We're Doing it Wrong!

    by Rook Security on March 3, 2015

    This post comes from Arlie Hartman, a senior security advisor at Rook Security. It’s a relentless mantra in information security community: “People are the weakest link.” The success of email phishing, watering hole attacks, and over-the-phone social engineering tactics proves that attackers just have to target people in order to sidestep several layers of defense in depth measures. Most security…

  • An Anthem to Get Behind: Enable Two-Factor Authentication

    by Eric Cowperthwaite on February 17, 2015

    In the security industry, we all know it’s just a matter of time, sometimes minutes, before the next breach makes headlines. We’re stopping and blocking attacks left and right, and it only takes that one time for a hacker to be right, that one mistake before we have to answer the question, “What happened?” The latest victim was Anthem, a huge health insurance provider who had 80 million customer…

  • Changing the Security Conversation One Topic at a Time

    by Fahmida Y. Rashid on February 3, 2015

    Just two months into 2015, and there is already a theme in information security: let's talk. Let's talk within the organization, within the industry, with the government, with everyone else. It's not a new concept. The hallmark of a good security professional is one who can communicate effectively with end users, business stakeholders, and the board of directors. Information security…

  • Catching Up With Innovation Sandbox Winners: Sourcefire

    by Fahmida Y. Rashid on February 2, 2015

    The Innovation Sandbox Contest turns 10 this April! Every year, RSA Conference showcases 10 companies with innovative information security products on the market as part of its Innovation Sandbox Contest. Teams from each company present and demonstrate their product in front a panel of judges and answer questions. This year's winner will be named “Most Innovative Company at RSA Conference 2015.”…

  • Loose Lips Sink Ships (And Profit Margins!)

    by Dale "Woody" Wooden on January 27, 2015

    Dale "Woody" Wooden illustrates security concepts through stories. This story looks at how attackers monitor employee social media accounts. There is also a Part 2. One of the largest threats facing any corporation is the leak of critical information and the ease at which it can be monitored by criminals and terrorists. Few organizations properly train their employees how to protect themselves at…

  • The Practical Guide to HIPAA Privacy and Security Compliance

    by Ben Rothke on January 25, 2015

    From an information security perspective, there is nothing overly onerous with the HIPAA security and privacy requirements. But like all regulations, the devil is in the details. While HIPAA is meant to protect large-scale disclosure of patient data, some of it includes absurd requirements such as ensuring white-boards in hospital wards don’t have full patient information and that intravenous…

  • SBN: Running Adobe Flash? You Need to Read This Today

    by Security Bloggers Network on January 23, 2015

    Adobe has released a critical security patch for an Adobe Flash vulnerability that is being exploited by online criminals. The vulnerability, known as CVE-2015-0310, can be used by hackers to “circumvent memory randomization mitigations” on versions of Windows. Obviously it would be sensible to ensure that your version of Flash is updated as soon as possible. If you’re using Google Chrome or…

  • Enterprise Software Security: A Confluence of Disciplines

    by Ben Rothke on January 15, 2015

    To date, most software security books have focused solely on writing secure code and educating developers on how to do that. In Enterprise Software Security: A Confluence of Disciplines, authors Kenneth van Wyk, Mark Graff, Dan Peters and Diana Burley take a different, and ultimately necessary approach. Their tactic is that treating software security as an autonomous discipline doesn’t work. With…

This document was retrieved from http://www.rsaconference.com/blogs on Mon, 25 May 2015 15:37:22 -0400.
© 2015 EMC Corporation. All rights reserved.