Blogs

Showing Blog Posts: 51–60 of 61 tagged Risk Management

  • Protect Your Windows Network: From Perimeter to Data

    by Ben Rothke on January 14, 2010

    Protect Your Windows Network: From Perimeter to Data is a must read for anyone involved with Windows security. The problem with some computer security books is that they are nothing more than pages of checklists with myriad dos and don'ts. But after all the checklists have been dutifully completed, readers still don't understand the underlying concept of how to secure a computer. Within a short…

  • Information Security Architecture: An Integrated Approach to Security in the Organization

    by Ben Rothke on January 8, 2010

    Information Security Architecture: An Integrated Approach to Security in the Organization is a good foundation upon which to build a security architecture. Architecture is the art and science of designing buildings and other structures. Using some creative license, it also encompasses the design of any entity, including information systems and their security components. But while no one would…

  • Enterprise Security for the Executive: Setting the Tone from the Top

    by Ben Rothke on January 6, 2010

    My full review of Enterprise Security for the Executive: Setting the Tone from the Top is on Slashdot. If Shakespeare were to write an information security tragedy, it would not be titled Hamlet, ratherBayuk. The story of Jennifer Bayuk is tragic in that she spent a decade as CISO at Bear, Stearns, building up its security group to be one of the best in the business; only to find it vaporized when…

  • CISO Leadership: Essential Principles for Success

    by Ben Rothke on December 22, 2009

    CISO Leadership: Essential Principles for Success is a valuable guidebook for the serious information security professional. Contemporary information security is a relatively new specialty that continues to evolve. Even newer is the job title "chief information security officer." As a result, those who don the CISO mantle do so without an established playbook. In CISO Leadership: Essential…

  • Alaska Data Protection Law

    by Stephen Wu on August 26, 2009

    This is another in our series of articles about data protection laws around the country. The focus for this post is on Alaska. On June 19, 2008, Alaska became the 44 th state with a breach notification law when then-Governor Sarah Palin signed HB 65, the Alaska Personal Information Protection Act (“Alaska Act”). Most of the Alaska Act became effective on July 1, 2009. The Alaska Act contains a…

  • Connecticut Data Protection Law

    by Stephen Wu on July 22, 2009

    As part of our ongoing efforts to keep you up-to-date concerning information security legislation around the country, this post covers a fairly recent Connecticut law of interest to information security professionals, executives, risk managers, and attorneys. Connecticut enacted a new data protection law that became effective October 31, 2008. It includes both protection of Social Security…

  • California Health Care Data Protection Law Addresses Worker Snooping

    by Stephen Wu on April 12, 2009

    Last year, Governor Arnold Schwarzenegger signed into law new data protection laws to prevent health care workers from peeking at celebrities’ medical records, although the legislation strikes at lax data protection practices generally. The scope of the security breaches at the UCLA Medical Center is impressive in terms of the number of people involved, the number of records viewed, and the long…

  • Why the CSO/CISO Should Care About eDiscovery Part -7-

    by Stephen Wu on January 21, 2009

    Part -7- The Federal Rules of Evidence The Federal Rules of Evidence (FRE) provide a Court with rules about whether and upon what circumstances evidence may be considered admissible at trial. These rules were written in the era of the non-electronic, paper-and-ink, or physical evidence world, at a time when when paper records were the norm, and when such paper records constituted the most…

  • Why the CSO/CISO Should Care About eDiscovery Part -6-

    by Stephen Wu on January 1, 2009

    ESI Admissibility Strategy The previous section identified "presentation" as a critical phase in the discovery process. That section discussed how enterprise ESI is evaluated to determine its admissibility as evidence. Is there a fundamental strategy that can be taken? The answer depends upon whether the enterprise is the plaintiff or the defendant in a lawsuit. Accordingly, there are two…

  • Authentication Requirement for Digital Evidence Admissibility

    by Stephen Wu on November 25, 2008

    The Bankruptcy Court in the Central District of California issued a decision in October following the Vinhnee approach to digital evidence authentication. It bears repeating that in order to have evidence considered by a jury (or a judge, in Bankruptcy court) it must first be authenticated in accordance with Federal Rules of Evidence Rule 901. The Bankruptcy Court in In re Vargas, --- B.R---, …

This document was retrieved from http://www.rsaconference.com/blogs on Wed, 22 Oct 2014 11:23:55 -0400.
© 2014 EMC Corporation. All rights reserved.