Menu

Blogs

Showing Blog Posts: 1–10 of 103 tagged Compliance

  • The Evolution of InfoSec Through 25 Years of RSA Conference Sessions, Part 3: That’s How We Do

    by Wade Baker on February 8, 2016

    This is the third post in a four-part series exploring 25 years of RSA Conference session titles. If you’re new to the series, Part 1 (“From Crypto to Cyber”) and Part 2 (“Hot Trends and Has Beens”) are waiting for you; get ‘em while supplies last. If you’re a repeat customer—welcome back and thanks for your loyalty. This time we’re going to see what the RSAC session corpus says about who we are…

  • The CISO's End-of-Year Questionnaire: How Do You Show Security Success

    by RSAC Contributor on December 28, 2015

    With the end-of-the-year looming, CSOs/CISOs have to update the Board of Directors on how the company fared security-wise over the past year. Todd Feinman, CEO and founder of data management company Identity Finder, provides a checklist to guide that conversation. How do CSOs show security successes? The end of year boardroom discussion will focus primarily on 5 principal questions: 1. Were there…

  • Why Threat Matters for Critical Infrastructure

    by Gib Sorebo on December 15, 2015

    As the drumbeat of cybersecurity breaches seems ever-present in the media, we’re starting to see some real attention being paid to this function in a number of verticals, and a willingness to go beyond their regulatory compliance obligations. For example, large retailers have reorganized their security teams and made significant investments in personnel and technology. Healthcare organizations, …

  • Five Ways Security Metrics Do More Harm Than Good

    by Tony Bradley on August 31, 2015

    There is no shortage of data out there. Virtually everything with a power source is logging events and churning out data almost constantly—including all of your security tools. That data—your security metrics—can uncover valuable truths about your security posture if used and analyzed properly, but it can also be very misleading or completely useless. Aaron Levenstein is credited with this little …

  • Peers Discuss Supply Chain, Governance

    by RSAC Contributor on August 3, 2015

    Puneet Kukreja, senior security advisor of National Australia Bank, led security and risk professionals from financial services, automotive, and energy sectors in a roundtable discussion about supply chain security as part of the Peer-to-Peer session at RSA Conference 2015 in San Francisco. Below is Kukrejas notes from the session. Approximately 30 attendees were present for the roundtable…

  • Peers Share Stories About Adopting the Cybersecurity Framework

    by RSAC Contributor on June 12, 2015

    Peer-2-Peer sessions give RSAC attendees the opportunity to dig deeply into a single topic area with a group of like-minded peers. Timothy Shea, a member of RSA’s Global Public Sector (GPS) Team, facilitated a P2P discussion about experiences adopting the cybersecurity framework (CSF) at RSA Conference 2015 in San Francisco. In this post, Shea continues the discussion from that session. The Cyb…

  • CSA Guide to Cloud Computing: Implementing Cloud Privacy and Security

    by Ben Rothke on May 16, 2015

    Full disclosure: this book is sponsored by the Cloud Security Alliance of which I am a founding member. I am also friends with 2 of the authors. Even though cloud computing is mainstream such that even the Federal Government is on board; it’s not necessarily so that it will always make computing cheaper and faster. And all the more so when it comes to security and privacy. The challenge is how to…

  • Phishing Dark Waters: The Offensive and Defensive Sides of Malicious Emails

    by Ben Rothke on April 29, 2015

    All encryption (with the exception of a one-time pad) can be broken. Bruce Schneier likes to use the analogy of a pole in the ground for encryption. You can try to break the pole (encryption); or simply go around the pole. Rather than finding problems with a proven encryption algorithm, attackers will try to go around it via how it’s implemented, and other similar attacks. In Phishing Dark Waters:…

  • Stop the Insanity! My First Year as a PCI QSA

    by Rook Security on April 27, 2015

    I’ve been involved with PCI-DSS in some way, shape, or form over the past eight years. For most of this time, I worked for corporations that needed to achieve or maintain PCI DSS compliance. A little over a year ago, I received Qualified Security Assessor (QSA) training and became a full-fledged QSA. It’s quite different being on the other side of the fence. I also understand my clients’…

  • Dive into Deep Conversations at Peer-2-Peer Sessions at RSAC 2015

    by Fahmida Y. Rashid on April 16, 2015

    At RSA Conference, you can meet in a group to explore a specific security topic in-depth as part of a Peer-2-Peer session. Wondering which conversation will be the most relevant to your job role and concerns? We asked each session facilitator to provide a short summary to help you decide. This post highlights five P2P sessions (Scroll down for answers). Links to other session summaries are at the…

This document was retrieved from http://www.rsaconference.com/blogs on Sat, 13 Feb 2016 10:12:51 -0500.
© 2016 EMC Corporation. All rights reserved.