Blogs

Showing Blog Posts: 1–10 of 53 tagged Risk Management

  • Robust Security Intelligence: How Different Security Infrastructures Measure Up

    by Christopher Burgess on July 25, 2014

    What constitutes good security infrastructure? Ask a member of a security vendor's sales team, and he might hand you an order book with all the boxes checked. Ask a consultant, and her solution might focus on an extended hand-holding engagement. Ask a member of a country's cybersecurity emergency response team (CERT), and he will talk about national infrastructure and public-private partnerships. …

  • Incident Response: Is the House Really on Fire?

    by Christopher Burgess on July 16, 2014

    The comparison of incident response teams to fire departments has been around for many years, with well-funded entities within enterprises likened to professional fire departments in a large city and the less-funded teams within small-medium businesses (SMBs) likened to volunteer fire departments found in smaller communities. The difference between the well-funded and volunteer teams can be…

  • Risky Business: Changing Models for Information Risk Management

    by John Linkous on July 10, 2014

    For many years, information risk management (IRM) has been an evolving discipline. Never having been quite as advanced as financial or operational risk-modeling capabilities within the enterprise, IRM has often been relegated to a more esoteric, simplistic role in organizations. At this year's RSA Conference 2014 in San Francisco, however, the evolving—and improving—maturity of IRM in the…

  • Data-Driven Security: Analysis, Visualization and Dashboards

    by Ben Rothke on July 7, 2014

    There is a not so fine line between data dashboards and other information displays that provide pretty but otherwise useless and unactionable information; and those that provide effective answers to key questions. Data-Driven Security: Analysis, Visualization and Dashboards is all about the later. In this extremely valuable book, authors and noted experts Jay Jacobs and Bob Rudis bring their…

  • Right-Sizing Information Risk for the Global Enterprise

    by John Linkous on June 4, 2014

    For many years, the most commonly accepted standard model of risk has been the verbatim formula (or a close variation of it): risk = [likelihood of threat] * [consequence of threat] * [asset value] This model is the foundation of most risk management activities; it was a topic in several RSA Conference 2014 sessions, including Malcolm Harkins' "Business Control and Velocity: Balance Security, …

  • New Threats, New Requirements: Time to Update Your Information Security Policies

    by John Linkous on April 15, 2014

    In the rapid scale of technology time, it's safe to say that we're no longer living in the world of your father's Internet. Of course, this has ramifications for Internet security: The rapid adoption of the mobile device as the primary interface for many users, the mass-scale outsourcing of infrastructure, services, and data to cloud providers, and the now-ubiquitous "Internet of Things" that…

  • The Oil and Gas Industry: A Surge in Cybersecurity Vigilance?

    by Gib Sorebo on March 31, 2014

    Last week I chaired a cybersecurity summit in Houston, Texas, one of many cybersecurity conferences focused on this sector. While the American Petroleum Institute (API) has sponsored such conferences for nearly a decade, the proliferation of these conferences along with the resurrection of an Information Sharing and Analysis Center (ISAC) for the oil and gas industry is a reflection of greater…

  • Secure Global Open Source Calling and Message Tools

    by David Wallace on March 25, 2014

    Risk versus reward? Open source versus packaged? Security or flexibility? All of these decisions matter deeply when considering personal safety for international travelers. Because today's cell phones send a signal beacon that identifies your location, network, and movement, companies are turning to more secure open source applications to protect phone conversations and hide the email trail in…

  • Threat Modeling: Designing for Security

    by Ben Rothke on March 3, 2014

    When it comes to measuring and communicating threats, the most ineffective example in recent memory was the Homeland Security Advisory System; which was a color-coded terrorism threat advisory scale. The system was rushed into use and its output of colors was not clear. What was the difference between levels such as high, guarded and elevated? From a threat perspective, which color was more severe -…

  • “Keeping Up with the Joneses” May Not Mean Keeping Up With Security

    by Gib Sorebo on February 3, 2014

    As a cybersecurity consultant, I’m often asked by customers how they compare with their peers in the industry. This can vary from requests for simply anecdotal comparisons of products used to a full-fledged benchmarking of their entire cybersecurity program. Either way, it’s clear that aligning practices and spending with peers is important to many, particularly among critical infrastructure…

This document was retrieved from http://www.rsaconference.com/blogs on Thu, 31 Jul 2014 15:35:58 -0400.
© 2014 EMC Corporation. All rights reserved.