Showing Blog Posts: 71–80 of 83 tagged Enterprise Defense

  • CISO Leadership: Essential Principles for Success

    by Ben Rothke on December 22, 2009

    CISO Leadership: Essential Principles for Success is a valuable guidebook for the serious information security professional. Contemporary information security is a relatively new specialty that continues to evolve. Even newer is the job title "chief information security officer." As a result, those who don the CISO mantle do so without an established playbook. In CISO Leadership: Essential…

  • Schneier on Security - the best of rock star of information security

    by Ben Rothke on December 21, 2009

    My full review of Schneier on Security is on Slashdot. There is a perception in both the private and government sector, that security, both physical and digital, is something you can buy. Witness the mammoth growth of airport security products following 9/11, and the sheer number of vendors at security conferences. With that, government officials and corporate executives often think you can simply…

  • Dan Geer gets it

    by Ben Rothke on December 17, 2009

    After reading Economics & Strategies of Data Security, you know that Dan Geer is a person who really gets what information security is all about. Too many organizations equate security with buying security products. While today's data centers are full of firewalls and intrusion detection systems, most organizations' IT systems are not getting more secure. Only risk-based methodologies can secure…

  • Currently reading: Enterprise Security for the Executive: Setting the Tone from the Top

    by Ben Rothke on December 16, 2009

    I am currently reading Enterprise Security for the Executive: Setting the Tone from the Top by Jennifer Bayuk. So far, a really good book. Will review this in the coming weeks…..

  • The best information security book I ever read is….

    by Ben Rothke on December 12, 2009

    Hands down, the best book I have read to date is Security Engineering: A Guide to Building Dependable Distributed Systems by Ross Anderson. The second edition came out in 2008. If you are looking for 50 pages of screen prints on how to install and configure a printer under Windows, this is the wrong book for that. What Anderson does, in great detail and with lucidity, is particularizing all of the…

  • Why the CSO/CISO Should Care About eDiscovery Part -7-

    by Stephen Wu on January 21, 2009

    Part -7- The Federal Rules of Evidence The Federal Rules of Evidence (FRE) provide a Court with rules about whether and upon what circumstances evidence may be considered admissible at trial. These rules were written in the era of the non-electronic, paper-and-ink, or physical evidence world, at a time when when paper records were the norm, and when such paper records constituted the most…

  • Authentication Requirement for Digital Evidence Admissibility

    by Stephen Wu on November 25, 2008

    The Bankruptcy Court in the Central District of California issued a decision in October following the Vinhnee approach to digital evidence authentication. It bears repeating that in order to have evidence considered by a jury (or a judge, in Bankruptcy court) it must first be authenticated in accordance with Federal Rules of Evidence Rule 901. The Bankruptcy Court in In re Vargas, --- B.R---, …

  • Why the CSO/CISO Should Care About eDiscovery Part -5-

    by Stephen Wu on November 13, 2008

    Part -5- eDiscovery Leads to Digital Evidence The path to enhanced CISO understanding of the importance (to the enterprise) of rock solid digital evidence generation must first traverse the twists and turns fo the electronic discovery process. The pathway through eDiscovery may best be described though what is called the Extended Electronic Discovery Reference Model (EEDRM). The model is extended…

  • Why The CSO/CISO Should Care About eDiscovery Part -4-

    by Stephen Wu on November 1, 2008

    Part -4- Recent Landmark Legal Precedents and Opinions Two important court decisions indicate an early trend underscoring the importance of eDiscovery and digital evidentiary issues to the CSO/CISO. The first case, In re Vee Vinhnee, 336 B.R. 437 (9th Cir. BAP 2005) is a precedent setting case in which the court excluded Amex's own corporate records offer of evidence necessary to establish its…

  • Security Implications of "Custody and Control"

    by Stephen Wu on October 25, 2008

    The terms "custody" and "control" should be very familiar to cyber-security stakeholders. We are, after all, concerned with internal security issues pertaining to role, access and location management as well as identity management. Note that data location means real or virtual, for those cloud type schema. It's well understood that data can't be protected unless we know what we want to protect, …

This document was retrieved from on Sun, 23 Nov 2014 02:12:14 -0500.
© 2014 EMC Corporation. All rights reserved.