Blogs

Showing Blog Posts: 1–10 of 58 tagged Risk Management

  • Cybersecurity Requires Qualified Personnel

    by Christopher Burgess on September 25, 2014

    The community of cybersecurity professionals is an energetic, creative, and highly sought-after one. It's also incredibly small, with hiringdemands outpacing available supply of professionals. Ask your chief information security officer, chief information officer, or chief security officer if they have all the information security personnel they want, and the answer will be almost always be a…

  • Targeted Cyber Attacks: Multi-staged Attacks Driven by Exploits and Malware

    by Ben Rothke on September 22, 2014

    Targeted cyber attacks are for the most part the same as an APT (advanced persistent threat). It was last year’s report on APT1 from Mandiant that brought this important information security topic to the forefront. In Targeted Cyber Attacks: Multi-staged Attacks Driven by Exploits and Malware, authors Aditya Sood and Richard Enbody write that there are a few different definitions of what a…

  • Data Protects Patient Privacy

    by Christopher Burgess on August 26, 2014

    Who wants his or her medical information shared beyond the healthcare professionals who need to know? It’s common sense that when it comes to medical privacy, no one wants to share his information. For the recent 2014 EMC Privacy Index,respondents from different countries were asked to rate their willingness to trade privacy for convenience on a scale from 0 to 100 (100 being the most willing and 0…

  • Security Metrics: How Are You Measuring Security?

    by Joshua Marpet on August 12, 2014

    Do you have an information security practice? How do you measure its effectiveness? By the number of tickets generated? The number of viruses found and stamped out? Or by how quiet it is?—"If they don't bother me, they must be doing their job!" Have the security metrics guidelines changed in the last few years as infosec moved away from a helpdesk mentality, towards a penetration tester's…

  • Carry On: Sound Advice from Schneier on Security

    by Ben Rothke on August 11, 2014

    Bruce Schenier has been called an information security rock star. If that’s the case, then Carry On: Sound Advice from Schneier on Security is his greatest hits collection 2008-2013. The roughly 175 essays in the book represent a collection of articles Schneier wrote for this Crypto-Gram newsletter, his blog and other blogs, magazines, newspapers and other periodicals. Some of the articles, such…

  • Robust Security Intelligence: How Different Security Infrastructures Measure Up

    by Christopher Burgess on July 25, 2014

    What constitutes good security infrastructure? Ask a member of a security vendor's sales team, and he might hand you an order book with all the boxes checked. Ask a consultant, and her solution might focus on an extended hand-holding engagement. Ask a member of a country's cybersecurity emergency response team (CERT), and he will talk about national infrastructure and public-private partnerships. …

  • Incident Response: Is the House Really on Fire?

    by Christopher Burgess on July 16, 2014

    The comparison of incident response teams to fire departments has been around for many years, with well-funded entities within enterprises likened to professional fire departments in a large city and the less-funded teams within small-medium businesses (SMBs) likened to volunteer fire departments found in smaller communities. The difference between the well-funded and volunteer teams can be…

  • Risky Business: Changing Models for Information Risk Management

    by John Linkous on July 10, 2014

    For many years, information risk management (IRM) has been an evolving discipline. Never having been quite as advanced as financial or operational risk-modeling capabilities within the enterprise, IRM has often been relegated to a more esoteric, simplistic role in organizations. At this year's RSA Conference 2014 in San Francisco, however, the evolving—and improving—maturity of IRM in the…

  • Data-Driven Security: Analysis, Visualization and Dashboards

    by Ben Rothke on July 7, 2014

    There is a not so fine line between data dashboards and other information displays that provide pretty but otherwise useless and unactionable information; and those that provide effective answers to key questions. Data-Driven Security: Analysis, Visualization and Dashboards is all about the later. In this extremely valuable book, authors and noted experts Jay Jacobs and Bob Rudis bring their…

  • Right-Sizing Information Risk for the Global Enterprise

    by John Linkous on June 4, 2014

    For many years, the most commonly accepted standard model of risk has been the verbatim formula (or a close variation of it): risk = [likelihood of threat] * [consequence of threat] * [asset value] This model is the foundation of most risk management activities; it was a topic in several RSA Conference 2014 sessions, including Malcolm Harkins' "Business Control and Velocity: Balance Security, …

This document was retrieved from http://www.rsaconference.com/blogs on Thu, 02 Oct 2014 00:22:21 -0400.
© 2014 EMC Corporation. All rights reserved.