Menu

Blogs

Showing Blog Posts: 21–30 of 64 tagged Risk Management

  • “Keeping Up with the Joneses” May Not Mean Keeping Up With Security

    by Gib Sorebo on February 3, 2014

    As a cybersecurity consultant, I’m often asked by customers how they compare with their peers in the industry. This can vary from requests for simply anecdotal comparisons of products used to a full-fledged benchmarking of their entire cybersecurity program. Either way, it’s clear that aligning practices and spending with peers is important to many, particularly among critical infrastructure…

  • Introduction to Computer Networks & Cybersecurity

    by Ben Rothke on January 2, 2014

    To use a boxing analogy, Introduction to Computer Networks and Cybersecurity is a superheavyweight of a book, coming in at nearly 10 pounds and more than 1,300 pages. And there is hardly a networking or data security topic that is not detailed in this reference. Today, nearly every piece of data that needs to be secured is in some way or another connected to a network. With that in mind, the book…

  • Four Trends Driving Cyber Security - Part 1

    by Todd Inskeep on November 12, 2013

    Cyber security has been changing constantly since before I started working at the National Security Agency in what is now the Information Assurance group. And while the underlying pressures, technology, and people have changed over time, the underlying need to protect information, and the principals of confidentiality, integrity and availability have remained the same. We do find ourselves in an…

  • The Perils of Audits

    by Gib Sorebo on August 31, 2013

    Among critical infrastructure asset owners, a common device for ensuring that their cybersecurity risk posture is appropriate is an audit. We'll leave aside whether the motivation is compliance or simply a desire to be as secure as possible against attacks. In essence, both motivations often lead to the disaster that is the audit whether it is driven by "best practices" or a particular compliance…

  • The Evolution of What We Value and How Much

    by Gib Sorebo on August 19, 2013

    In the current controversies involving what our intelligence community is collecting about its citizens, the issue has frequently been framed as a balance of protecting the personal safety of people versus protecting one’s privacy. While delving deeper may reveal a false dichotomy, we nonetheless must acknowledge that such tradeoffs do exist. At the very least, we’ve come to expect and accept…

  • The Chinese Information War

    by Ben Rothke on May 13, 2013

    Author Dennis Poindexter begins The Chinese Information War: Espionage, Cyberwar, Communications Control and Related Threats to United States Interests with the observation that his book is about a war that many will doubt the US will have, an information war with China. In the months since the Mandiant APT1: Exposing One of China's Cyber Espionage Units report was released, I think the reality is…

  • Cybersecurity: Public Sector Threats and Responses

    by Ben Rothke on May 2, 2013

    One of the myriad benefits of the Internet has been the increase in efficiency and speed of communications. What used to take days and weeks to transmit can now be sent instantly with Facebook, e-mail, Twitter, and the like. In Cybersecurity: Public Sector Threats and Responses, author Kim Andreasson provides an over­view of how government agencies and other public-sector groups can use the…

  • The Death of the Internet - Markus Jakobsson

    by Ben Rothke on April 15, 2013

    When I first heard about the book The Death of the Internet, it had all the trappings of a second-rate book; a histrionic title and the fact that it had nearly 50 contributors. I have seen far too many books that are pasted together by myriad disparate authors, creating a jerry-rigged book with an ISBN, but little value or substance. The only negative thing about the book is the over the top…

  • PRAGMATIC Security Metrics: Applying Metametrics to Information Security

    by Ben Rothke on March 14, 2013

    Like all books on metrics, early in the book in PRAGMATIC Security Metrics: Applying Metametrics to Information Security makes the statement that “you can't manage what you can't measure”. The authors claim that other books on information security metrics discuss number theory and statistics in academic terms. This title promises to be light on mathematics and heavy on utility and is meant as a…

  • Security Engineering: A Guide to Building Dependable Distributed Systems

    by Ben Rothke on February 15, 2013

    Security Engineering: A Guide to Building Dependable Distributed Systems by Ross Anderson is one of, if not the best information security book ever written. With a list price of $80, it's worth every penny. With that, thanks to Robert Slade for pointing out today in Risks Digest 27.16 that Ross Anderson has made all chapters from the second edition now available free online. You can get it here. …

This document was retrieved from http://www.rsaconference.com/blogs on Sun, 21 Dec 2014 12:59:38 -0500.
© 2014 EMC Corporation. All rights reserved.