Menu

Blogs

Showing Blog Posts: 1–10 of 65 tagged Business

  • Five Ways Security Metrics Do More Harm Than Good

    by Tony Bradley on August 31, 2015

    There is no shortage of data out there. Virtually everything with a power source is logging events and churning out data almost constantly—including all of your security tools. That data—your security metrics—can uncover valuable truths about your security posture if used and analyzed properly, but it can also be very misleading or completely useless. Aaron Levenstein is credited with this little …

  • Security Metrics to Drive Change

    by Tony Bradley on August 24, 2015

    What’s the point, really? You've dedicated terabytes of storage to capture insane volumes of log data, but for what? Yes, you can distill the highlights which make you look good and drop them in your reports. Be warned that those types of vanity metrics don’t provide any real value. Use the right security metrics in the right way, and you can clearly illustrate the issues. And that's how you…

  • If You Don't Know Where You Are, How Do You Know Where You Are Going?

    by Tony Bradley on August 21, 2015

    Business intelligence and big data analytics are valuable tools for organizations. Collecting and analyzing the right metrics related to current and past performance helps businesses develop effective plans for the future. This is especially true when it comes to securing your network and protecting your data. Think of it like making a trip to the grocery store. You can just walk in and shop. You…

  • What Black Hat and the NFL Have in Common: Strategy

    by Eric Cowperthwaite on August 19, 2015

    This time of year is a merging of two of my favorite things, Hacker Summer Camp aka BSidesLV, Black Hat and DefCon, and the beginning of the football season. On the surface it might not appear that these things have a lot in common. However, a bit deeper analysis tells us that the strategies employed by your security team and your favorite football team revolve around many of the same principles…

  • CISO Guide to Being an Effective Security Leader

    by Fahmida Y. Rashid on August 10, 2015

    With all the data breaches and security headlines of the past year, it was inevitable that the role of the CISO would become much more visible. Organizations are increasingly hiring CISOs or creating senior-level security positions, but there is still a lot of confusion about what a CISO actually does. The job description has changed from mitigating exposure and securing the perimeter, to one of…

  • Your Security Posture is Only as Good as Your Security Awareness

    by Tony Bradley on July 29, 2015

    Everyone knows they’re not supposed to open file attachments or click on links in unsolicited emails, right? At this stage in the game after all those headlines, it’s tempting to assume everyone has gotten the memo. Everyone exercises a healthy dose of cautious skepticism when online. Wrong. The average user is definitely better educated about security risks and potential threats than he or she…

  • Security Program Governance, Application Security Domains

    by RSAC Contributor on July 28, 2015

    This is the last in a three-part series on IT security from Forsythe Technology. This post looks at governance and application security. Previous posts covered core infrastructure and threat and vulnerability management and data protection and identity and access management. Innovating Your Security Mindset In the previous post, I talked about the role data protection and identity and access…

  • Practice Security Like Your Job Depends on It (Because It Does)

    by Tony Bradley on July 27, 2015

    For those who work in information security it’s hard to imagine not viewing the world through that lens. The fact of the matter, though, is that the vast majority of users don’t really give security a second thought. Unfortunately, that cavalier attitude could affect the company and possibly even cost those people their jobs. Many workers are just there to do their jobs. They assume that IT and…

  • RSA Conference APJ 2015 Ends With Call to Change the World

    by Fahmida Y. Rashid on July 24, 2015

    In life, there is always room for improvement, and that holds true for how people live, work, and interact. The last day of RSA Conference Asia Pacific & Japan 2015 reiterated that message through sessions, Expo floor, and keynotes. Organizations—and individual professionals—can improve how they operate internally and how they engage as part of a globalized society. Security professionals can—and…

  • Data Protection and Identity and Access Management Domains

    by RSAC Contributor on July 24, 2015

    This is the second in a three-part series on IT security from Forsythe Technology. This post looks at data protection and identity and access management. Other posts covered core infrastructure and threat and vulnerability management and governance and application security. Your Data Has Left the Building: Are You Protecting It? In the previous post, I talked about the current role of perimeter and…

This document was retrieved from http://www.rsaconference.com/blogs on Sat, 05 Sep 2015 01:43:18 -0400.
© 2015 EMC Corporation. All rights reserved.