Showing Blog Posts: 61–70 of 71 tagged Enterprise Defense

  • Dan Geer gets it

    by Ben Rothke on December 17, 2009

    After reading Economics & Strategies of Data Security, you know that Dan Geer is a person who really gets what information security is all about. Too many organizations equate security with buying security products. While today's data centers are full of firewalls and intrusion detection systems, most organizations' IT systems are not getting more secure. Only risk-based methodologies can secure…

  • Currently reading: Enterprise Security for the Executive: Setting the Tone from the Top

    by Ben Rothke on December 16, 2009

    I am currently reading Enterprise Security for the Executive: Setting the Tone from the Top by Jennifer Bayuk. So far, a really good book. Will review this in the coming weeks…..

  • The best information security book I ever read is….

    by Ben Rothke on December 12, 2009

    Hands down, the best book I have read to date is Security Engineering: A Guide to Building Dependable Distributed Systems by Ross Anderson. The second edition came out in 2008. If you are looking for 50 pages of screen prints on how to install and configure a printer under Windows, this is the wrong book for that. What Anderson does, in great detail and with lucidity, is particularizing all of the…

  • Why the CSO/CISO Should Care About eDiscovery Part -7-

    by Stephen Wu on January 21, 2009

    Part -7- The Federal Rules of Evidence The Federal Rules of Evidence (FRE) provide a Court with rules about whether and upon what circumstances evidence may be considered admissible at trial. These rules were written in the era of the non-electronic, paper-and-ink, or physical evidence world, at a time when when paper records were the norm, and when such paper records constituted the most…

  • Authentication Requirement for Digital Evidence Admissibility

    by Stephen Wu on November 25, 2008

    The Bankruptcy Court in the Central District of California issued a decision in October following the Vinhnee approach to digital evidence authentication. It bears repeating that in order to have evidence considered by a jury (or a judge, in Bankruptcy court) it must first be authenticated in accordance with Federal Rules of Evidence Rule 901. The Bankruptcy Court in In re Vargas, --- B.R---, …

  • Why the CSO/CISO Should Care About eDiscovery Part -5-

    by Stephen Wu on November 13, 2008

    Part -5- eDiscovery Leads to Digital Evidence The path to enhanced CISO understanding of the importance (to the enterprise) of rock solid digital evidence generation must first traverse the twists and turns fo the electronic discovery process. The pathway through eDiscovery may best be described though what is called the Extended Electronic Discovery Reference Model (EEDRM). The model is extended…

  • Why The CSO/CISO Should Care About eDiscovery Part -4-

    by Stephen Wu on November 1, 2008

    Part -4- Recent Landmark Legal Precedents and Opinions Two important court decisions indicate an early trend underscoring the importance of eDiscovery and digital evidentiary issues to the CSO/CISO. The first case, In re Vee Vinhnee, 336 B.R. 437 (9th Cir. BAP 2005) is a precedent setting case in which the court excluded Amex's own corporate records offer of evidence necessary to establish its…

  • Security Implications of "Custody and Control"

    by Stephen Wu on October 25, 2008

    The terms "custody" and "control" should be very familiar to cyber-security stakeholders. We are, after all, concerned with internal security issues pertaining to role, access and location management as well as identity management. Note that data location means real or virtual, for those cloud type schema. It's well understood that data can't be protected unless we know what we want to protect, …

  • Why the CSO/CISO Should Care About eDiscovery - Part 2 -

    by Stephen Wu on October 24, 2008

    Legal risks related to electronic discovery present perhaps the most significant emerging enterprise information risk, but this new risk also provides a unique opportunity for the CSO/CISO to increase his or her strategic contributions to the enterprise. In everyday civil (and criminal) litigation. and regulatory investigations and proceedings, electronic discovery ("eDiscovery") presents perhaps…

  • Definitions Matter in Electronic Discovery

    by Stephen Wu on October 4, 2008

    Court decisions focusing on the format of production for electronically stored information (ESI) have typically taken a hard line on inartfully crafted discovery requests. The Federal Rules of Civil Procedure, as amended in 2006, permit a party to request ESI, and gives the requesting party the option to choose format (for example, native data format, .tiff, or even .pdf files). If the party…

This document was retrieved from on Sat, 30 Aug 2014 08:11:39 -0400.
© 2014 EMC Corporation. All rights reserved.