Menu

Blogs

Showing Blog Posts: 1–10 of 64 tagged Risk Management

  • The Human Element in the Data Breach

    by Christopher Burgess on November 17, 2014

    We are all familiar with the adage, "to err is human; to really foul things up requires a computer," which implies that the computer may be to blame for many data breach calamities. Alas, it appears the erring human is also culpable. Take, for example, the recent kerfuffle surrounding Apple's iCloud and the compromise of celebrity accounts containing salacious photos. After much slinging of…

  • Security Reality: Special Challenges in Q4

    by Fahmida Y. Rashid on November 3, 2014

    The end of the year is a busy time for information security professionals. There are a lot of balls to juggle, and our adversaries are poised to attack if we look in the wrong direction. The team behind Target’s data breach last year took advantage of the retailer’s increased traffic volume—both online as well as through its brick-and-mortar stores—to sneak in and infect the point-of-sale…

  • Measuring and Managing Information Risk: A FAIR Approach

    by Ben Rothke on October 27, 2014

    If you work in IT, you can’t go a day without some sort of data about information security and risk. Research from firms like Gartner are accepted without question; even though they can get their results from untrusted and unvetted sources. The current irrational panic around Ebola shows how people are clueless about risk. While distressing over Ebola, the media is oblivious to legitimate public…

  • No ROI Means No Priority: The Fallacy of Why Cybersecurity Doesn’t Get the Attention It Deserves

    by Gib Sorebo on October 13, 2014

    For years, cybersecurity professionals and many IT specialties have lamented that our concerns don’t get enough attention and (more importantly) funding from senior management. We complain that we’re relegated to one of many back office functions like procurement, human resources, or facilities, functions that we, ironically, treat with the same level of boredom and disdain that we feel are…

  • Threats and Risk Management: Protect Your IP From Computer Hacking

    by Christopher Burgess on October 10, 2014

    There isn't a company in existence that doesn't have trade secrets and intellectual property worth protecting. The threats may come from computer hacking or from careless end users not paying attention to processes and procedures. One does not exclude the other. Poor cyber-hygiene makes the likelihood of systems and device compromises a real possibility. Tim Mather of Cadence Design Systems…

  • Pre-review: Measuring and Managing Information Risk: A FAIR Approach

    by Ben Rothke on October 5, 2014

    Some of the music composed by Rachmaninoff had monstrously difficult parts that were full of big, fat chords. In Measuring and Managing Information Risk: A FAIR Approach, authors Jack Freund and Jack Jones have created the equivalent of an information security concert, full of big, fat chords. The book is nearly 400 pages of densely packed chords, which can lead the reader to truly understand the…

  • Cybersecurity Requires Qualified Personnel

    by Christopher Burgess on September 25, 2014

    The community of cybersecurity professionals is an energetic, creative, and highly sought-after one. It's also incredibly small, with hiringdemands outpacing available supply of professionals. Ask your chief information security officer, chief information officer, or chief security officer if they have all the information security personnel they want, and the answer will be almost always be a…

  • Targeted Cyber Attacks: Multi-staged Attacks Driven by Exploits and Malware

    by Ben Rothke on September 22, 2014

    Targeted cyber attacks are for the most part the same as an APT (advanced persistent threat). It was last year’s report on APT1 from Mandiant that brought this important information security topic to the forefront. In Targeted Cyber Attacks: Multi-staged Attacks Driven by Exploits and Malware, authors Aditya Sood and Richard Enbody write that there are a few different definitions of what a…

  • Data Protects Patient Privacy

    by Christopher Burgess on August 26, 2014

    Who wants his or her medical information shared beyond the healthcare professionals who need to know? It’s common sense that when it comes to medical privacy, no one wants to share his information. For the recent 2014 EMC Privacy Index,respondents from different countries were asked to rate their willingness to trade privacy for convenience on a scale from 0 to 100 (100 being the most willing and 0…

  • Security Metrics: How Are You Measuring Security?

    by Joshua Marpet on August 12, 2014

    Do you have an information security practice? How do you measure its effectiveness? By the number of tickets generated? The number of viruses found and stamped out? Or by how quiet it is?—"If they don't bother me, they must be doing their job!" Have the security metrics guidelines changed in the last few years as infosec moved away from a helpdesk mentality, towards a penetration tester's…

This document was retrieved from http://www.rsaconference.com/blogs on Sun, 21 Dec 2014 18:55:27 -0500.
© 2014 EMC Corporation. All rights reserved.