Menu

Blogs

Showing Blog Posts: 1–10 of 80 tagged Risk Management

  • Cybercrime and Threats Are Growing in 2016

    by RSAC Contributor on January 21, 2016

    This post in our VC-series comes from Alberto Yépez and Don Dixon, managing directors of Trident Capital Cybersecurity. It’s a new year, and we are poised again for another round of malicious, often successful cyberattacks, many of which will draw upon ever more sophisticated technology. And some of which will be surprisingly deceptive. Take, for example, so-called “onion-layered” security…

  • The Security Reading Room: The Best Information Security Books of 2015

    by Ben Rothke on December 23, 2015

    There were a lot of good information security books that came out in 2015, and many that were not worth reading. The following books stand out as the best, listed in no particular order: Data and Goliath: The Hidden Battles to Collect Your Data and Control Your World: Bruce Schneier could have justifiably written an angry diatribe full of vitriol against President Obama, his administration, and…

  • How to Enjoy the Holidays in Peace (While Keeping the Network Secure)

    by Tony Bradley on December 10, 2015

    I’m not sure why we even bother showing up to work in the month of December. The first week is spent coming down off of the Thanksgiving-gluttony food coma and frantically shopping online during work hours to find holiday gift bargains. We show up for the next two weeks because of a mandatory requirement to be physically present (even though you’ve already mentally checked out) and you’re just…

  • Insuring Cyber the Same Way as Natural Disasters

    by Rook Security on September 30, 2015

    There is no doubt that cyberinsurance is a fast-growing product with an important role in our current landscape where security breaches are happening at a breakneck pace. And many claim the market is nowhere near fully saturated...lots of companies remain unprotected. Most every Risk Manager has a disaster plan for what we typically think of as natural disasters: hurricane, fire, even polar…

  • Glass Houses are Cheaper: the Case for Transparent Pentesting

    by Wendy Nather on September 16, 2015

    When you engage an external company to do vulnerability assessments and penetration testing, you have a few options on how to scope it. Here are some of them: Win/lose engagement: either they get in, or they don't. In a previous life, I bought pizza for the consultants if they got in during the annual pentest. For four years I bought pizza, and then in the fifth year my wallet finally got a break. …

  • A Note on #CISOProblems

    by Eric Cowperthwaite on August 11, 2015

    What is it about this time of year? In the past month or so I’ve noticed even more headlines and reports than usual about the problems plaguing today’s CSOs and CISOs. If you’ve somehow managed to dodge the onslaught of grim stats, I’ll sum it up for you: The “bad guys” are proliferating and becoming more sophisticated. Security managers are having a hard time getting enough “good guys” on their…

  • Peers Discuss Risks in the Payments World

    by RSAC Contributor on July 16, 2015

    Mike Vergara, vice-president of consumer risk management at PayPal led 25 security and risk professionals in a discussion about risk in the payments world as part of the Peer-to-Peer discussion at RSA Conference 2015 in San Francisco. Below is Vergara's notes from the session. The attendees of Misconceptions of Risk in the Payments World provided a lively discussion and we all came away with new…

  • Peers Discuss Vulnerability/Risk Scoring and What Ratings Really Mean

    by RSAC Contributor on June 26, 2015

    Security professionals break into small groups to discuss specific topics of interest during the RSA Conference Peer-2-Peer sessions. Tyler Reguly, manager of security research and development at Tripwire, facilitated a P2P discussion about scoring vulnerabilities and risk. Read on for Tyler's thoughts about the discussion. This year, at RSAC 2015, I was fortunate enough to host a Peer-2-Peer…

  • Growing Up: A Roadmap to Vulnerability Management Maturity

    by Eric Cowperthwaite on June 8, 2015

    At this year’s RSA Conference, there was strong focus on identifying where your company’s security posture is in terms of maturity. As Brian Krebs touched on in a recent post, there are many different maturity models outlining what your company is doing, and what it should be doing. Of course each company is different, and the path to reducing risk is never a straight line. It is, however, …

  • Intellectual Property Theft: The Insider

    by Christopher Burgess on May 20, 2015

    If you are responsible for protecting your company from the risk of a trusted insider stealing intellectual property, consider packing a lunch because it's going to be a bit of a journey. Intellectual property (IP) means different things to different people. And far too many believe they don’t have access to the company's IP, and therefore are not responsible for protecting it. First, …

This document was retrieved from http://www.rsaconference.com/blogs on Thu, 11 Feb 2016 12:07:12 -0500.
© 2016 EMC Corporation. All rights reserved.