Blogs

Showing Blog Posts: 1–10 of 18 tagged CISO

  • Architecting the Cloud: Design Decisions for Cloud Computing Service Models

    by Ben Rothke on September 8, 2014

    Most books about cloud computing are either extremely high-level quasi-marketing tomes (sometimes written by cloud vendors) about the myriad benefits of the cloud without any understanding of how to practically implement the technology under discussion. The other type of cloud books are highly technical references guides, that provide technical details, but for a limited audience. In Architecting…

  • Carry On: Sound Advice from Schneier on Security

    by Ben Rothke on August 11, 2014

    Bruce Schenier has been called an information security rock star. If that’s the case, then Carry On: Sound Advice from Schneier on Security is his greatest hits collection 2008-2013. The roughly 175 essays in the book represent a collection of articles Schneier wrote for this Crypto-Gram newsletter, his blog and other blogs, magazines, newspapers and other periodicals. Some of the articles, such…

  • The Business of Security

    by Christopher Burgess on August 6, 2014

    Some of the most affable salespersons any of us have ever encountered are in the business of selling security. The business of security takes on many personas: technology, intelligence, awareness, knowledge, automation, hardware, software, legal, identity, BYOD, privacy, insider or outsider, risk and risk tolerance, and identity. At the recent RSA Conference 2014, many presentations touched one…

  • A Comprehensive Cloud Strategy for Data Security

    by Robert Moskowitz on August 1, 2014

    As popular as cloud computing has become, and as fast as it continues to grow, it brings with it a whole new set of data security concerns. Without a robust cloud strategy for ensuring security capabilities, cloud computing has little strategic value, particularly since a single data breach can cost an organization far more than it has gained from the advantages of cloud-based data storage. …

  • Security Metrics You Should Be Watching for New Insights

    by David Wallace on June 30, 2014

    It's been more than 15 years since my identity, bank account, and credit history were taken hostage by some folks in the Bronx. By one set of security metrics, last year was a good year because there was no repeat failure. I've used "fraud alerts" on accounts to notify me in case of improper activity and been vigilant about credit reports and monitoring FICO scores, but I don't know if I'm any…

  • Blurring the Lines: How CISOs Become True Business Leaders

    by John Linkous on June 25, 2014

    It was interesting to note that this year's RSA Conference 2014 focused on the CISO leader, and how CISOs and other security professionals can expand their roles throughout the organization. The first full day of the conference included a half-day session discussing the many aspects of business that affect CISOs, from audits to understanding employee behavior and dealing with Boards of Directors. …

  • BYOD: Security and Privacy

    by Christopher Burgess on June 18, 2014

    If your office has a BYOD (bring your own device) policy, your employees are connecting your ecosystem with their own devices, as are your partners with your intranet—and you may have little knowledge about these devices. The good news is that BYOD security and privacy implementation has a number of defined paths that can help you navigate through this jungle of privacy, security, and legal…

  • Choose, but Choose Wisely: What Skills Does a CISO Really Need?

    by John Linkous on June 9, 2014

    The role of the CISO has shifted dramatically in the past ten years. Almost 20 years ago, in the early years of the information security officer role, the person who filled that position was focused on the very basics of security: antivirus, firewalls, and file system access control. At the time, there were no data security laws like HIPAA, no industry standards such as PCI or NERC, and no best…

  • Right-Sizing Information Risk for the Global Enterprise

    by John Linkous on June 4, 2014

    For many years, the most commonly accepted standard model of risk has been the verbatim formula (or a close variation of it): risk = [likelihood of threat] * [consequence of threat] * [asset value] This model is the foundation of most risk management activities; it was a topic in several RSA Conference 2014 sessions, including Malcolm Harkins' "Business Control and Velocity: Balance Security, …

  • Losing Faith with Retail POS?

    by Christopher Burgess on May 28, 2014

    The technology section of every newspaper, magazine or online entity lately is describing how point of sale (POS), and the use of your credit cards is a bit like playing Russian roulette with the retail POS terminals — are they or are they not compromised? The recent batch of retail breaches of payment card industry (PCI) data began with Target, then Neiman Marcus, Michaels, and a bevy of…

This document was retrieved from http://www.rsaconference.com/blogs on Tue, 16 Sep 2014 23:32:11 -0400.
© 2014 EMC Corporation. All rights reserved.