Blogs

Showing Blog Posts: 1–10 of 14 tagged CISO

  • Security Metrics You Should Be Watching for New Insights

    by David Wallace on June 30, 2014

    It's been more than 15 years since my identity, bank account, and credit history were taken hostage by some folks in the Bronx. By one set of security metrics, last year was a good year because there was no repeat failure. I've used "fraud alerts" on accounts to notify me in case of improper activity and been vigilant about credit reports and monitoring FICO scores, but I don't know if I'm any…

  • Blurring the Lines: How CISOs Become True Business Leaders

    by John Linkous on June 25, 2014

    It was interesting to note that this year's RSA Conference 2014 focused on the CISO leader, and how CISOs and other security professionals can expand their roles throughout the organization. The first full day of the conference included a half-day session discussing the many aspects of business that affect CISOs, from audits to understanding employee behavior and dealing with Boards of Directors. …

  • BYOD: Security and Privacy

    by Christopher Burgess on June 18, 2014

    If your office has a BYOD (bring your own device) policy, your employees are connecting your ecosystem with their own devices, as are your partners with your intranet—and you may have little knowledge about these devices. The good news is that BYOD security and privacy implementation has a number of defined paths that can help you navigate through this jungle of privacy, security, and legal…

  • Choose, but Choose Wisely: What Skills Does a CISO Really Need?

    by John Linkous on June 9, 2014

    The role of the CISO has shifted dramatically in the past ten years. Almost 20 years ago, in the early years of the information security officer role, the person who filled that position was focused on the very basics of security: antivirus, firewalls, and file system access control. At the time, there were no data security laws like HIPAA, no industry standards such as PCI or NERC, and no best…

  • Right-Sizing Information Risk for the Global Enterprise

    by John Linkous on June 4, 2014

    For many years, the most commonly accepted standard model of risk has been the verbatim formula (or a close variation of it): risk = [likelihood of threat] * [consequence of threat] * [asset value] This model is the foundation of most risk management activities; it was a topic in several RSA Conference 2014 sessions, including Malcolm Harkins' "Business Control and Velocity: Balance Security, …

  • Losing Faith with Retail POS?

    by Christopher Burgess on May 28, 2014

    The technology section of every newspaper, magazine or online entity lately is describing how point of sale (POS), and the use of your credit cards is a bit like playing Russian roulette with the retail POS terminals — are they or are they not compromised? The recent batch of retail breaches of payment card industry (PCI) data began with Target, then Neiman Marcus, Michaels, and a bevy of…

  • Windows XP: The COBOL of the 21st Century

    by Joshua Marpet on April 21, 2014

    What happened when Windows XP went into end of life (EOL)? That fateful day happened on April 8, 2014. It doesn't mean that WinXP computers will suddenly stop working. It doesn't mean that the world of WinXP computing will end. To be honest, it probably doesn't even mean that WinXP-based programming will end. So what does it actually mean? New drivers won't be developed. It will get increasingly…

  • Privacy in the Age of Ubiquitous Computer Vision

    by Joshua Marpet on April 17, 2014

    With Google Glass, cell phone cameras, hidden cameras, and ever cheaper surveillance cameras, can there truly be user privacy? With Google Glass and facial recognition apps, tagging people can happen at full walking speed, without a pause or possibility of the action being recognized. Is there any parallel in other realms? At one point, a car with an expired registration would only get exposed…

  • The Security Threat Posed by Social Engineering

    by Christopher Burgess on April 10, 2014

    When one uses the words "security threat" and "social engineering" together, the analogy of hand-in-glove is appropriate. At the RSA Conference 2014, this was adroitly explained in the session "When the Phone Is More Dangerous Than Malware" hosted by Christopher Hadnagy and Michele Fincher, both of Social-Engineer, Inc., as they walked the attendees through how social engineers collect, sort, …

  • CISOs, Business Security, and the Business of Security

    by Christopher Burgess on April 3, 2014

    So you want to be a CISO, really? Business security, or the business of security, has evolved and is evolving, according to Todd Fitzgerald of Grant Thornton International, who shared his thoughts in his RSA Conference 2014 session, "So Why on Earth Would You WANT to Be a CISO?" Fitzgerald captured the challenge facing all who are thinking of moving into the CISO career track when he shared a…

This document was retrieved from http://www.rsaconference.com/blogs on Wed, 23 Jul 2014 22:09:59 -0400.
© 2014 EMC Corporation. All rights reserved.