Menu

Blogs

Showing Blog Posts: 1–10 of 33 tagged CISO

  • Working With Government: Legal Authority and Law

    by Todd Inskeep on February 18, 2015

    This is the third post in a multi-part series. You can read the first and second parts here. A second major aspect of the current National Cyber Security call for action considers the legal authority to investigate and prosecute cyber-crimes. We also need to agree what would be the appropriate role for law enforcement authorities. There are differing views on whether the Computer Fraud and Abuse Act…

  • The Seeds of Security

    by Wendy Nather on February 12, 2015

    My colleague Garrett Bekker once described the security industry as a pomegranate. It is brilliantly accurate: from the outside it looks like one piece, but when you open up the fruit, you see hundreds of little seeds, and it all makes a big mess (and leaves stains on everything you touch). Is the industry really this bad? Yes, it is. Consider that in our 451 Research master list, we have over…

  • PRAGMATIC Security Metrics - Applying Metametrics to Information Security

    by Ben Rothke on January 27, 2015

    Like all books on metrics, early in PRAGMATIC Security Metrics: Applying Metametrics to Information Security authors Krag Brotby and Gary Hinson state that “you can't manage what you can't measure”. The authors claim that other books on information security metrics discuss number theory and statistics in academic terms. This title promises to be light on mathematics and heavy on utility and is…

  • CISOs Need a Board Coach

    by Rook Security on January 23, 2015

    Boards are concerned about cybersecurity, specifically about how it impacts their reputation and securities (stock). The CISO is capable of assisting the organization in selecting, deploying, and managing the capabilities to address risks identified by the board. What sounds like a perfect match is often not, as many CISOs don't have the business acumen required to be an active participant in…

  • A Guide for CISOs Concerned About Data Collection

    by Fahmida Y. Rashid on January 22, 2015

    In A CISOs Guide to Principles of Data Privacy and Security, David Sheidlower, a CISO of an international media and advertising firm examines the key issues surrounding data privacy and security. The eBook is currently publicly available on Security Current . The Guide addresses privacy policies, Big Data, consent, governance, and security. In the introduction, Sheidlower quotes Ed Mierzwinski, …

  • InfoSec Needs to Work With Government to Shape New Laws

    by Todd Inskeep on January 21, 2015

    The President’s State of The Union address Tuesday night addressed Information Security for the second time in three years. Two years ago, in 112 words, the President announced the NIST Framework, increased information sharing through executive action, and called for the nation to “face the rapidly growing threat from cyber-attacks.” The threat then was theft of corporate secrets and “real threats…

  • State of the Union Puts Cybersecurity on National Agenda

    by Fahmida Y. Rashid on January 21, 2015

    Buried among the slew of national issues such as equal pay, immigration reform, climate change and Ebola, President Barack Obama spent a few seconds talking about net neutrality and cybersecurity in his State of the Union speech Tuesday evening. While it's nice to see security on the general agenda, it's still too early to know the government's plans. The full paragraph from the State of the Union…

  • Inquiring Minds Want to Know: How Do You Implement Business Security?

    by Christopher Burgess on January 16, 2015

    Business security is not a new concept. Storeowners have alarms, video, and guards to keep the ne'er-do-wells of the world at bay. Corporations that handle money have to worry about embezzlers (does the fact that it is “white-collar crime” mean it is more sanitary as a crime?). And all who handle data must address the business of securing their data. Never Assume The number of data breaches and…

  • Enterprise Software Security: A Confluence of Disciplines

    by Ben Rothke on January 15, 2015

    To date, most software security books have focused solely on writing secure code and educating developers on how to do that. In Enterprise Software Security: A Confluence of Disciplines, authors Kenneth van Wyk, Mark Graff, Dan Peters and Diana Burley take a different, and ultimately necessary approach. Their tactic is that treating software security as an autonomous discipline doesn’t work. With…

  • Lockdown: Information Security Threats on the Edge of 2015

    by John Linkous on December 26, 2014

    As we look forward to 2015, this is a good time to take stock of how the information security threats and attack landscape have been changing. Let’s see: major data breaches at global, brand-name organizations, state-sponsored hacking activity, revelations of our own government's attempts to access personal data. It would be easy to proclaim 2014 as the "Year of the Security Threat," but that's…

This document was retrieved from http://www.rsaconference.com/blogs on Fri, 27 Feb 2015 20:56:41 -0500.
© 2015 EMC Corporation. All rights reserved.