Blogs

Showing Blog Posts: 11–20 of 72 tagged Compliance

  • The “New” Cybersecurity Framework: Did They Get the Marketing Right This Time?

    by Gib Sorebo on February 17, 2014

    This last week, the Obama Administration announced the release of its Framework for Improving Critical Infrastructure Cybersecurity and instantly sought to distinguish this framework from the plethora of other government and industry-sponsored frameworks that seem to be more interested in who the guidance was intended to serve rather than the substance of the guidance. For example, the Department…

  • “Keeping Up with the Joneses” May Not Mean Keeping Up With Security

    by Gib Sorebo on February 3, 2014

    As a cybersecurity consultant, I’m often asked by customers how they compare with their peers in the industry. This can vary from requests for simply anecdotal comparisons of products used to a full-fledged benchmarking of their entire cybersecurity program. Either way, it’s clear that aligning practices and spending with peers is important to many, particularly among critical infrastructure…

  • What the Target Breach Teaches Us About Standards, Regulations, and Critical Infrastructure

    by Gib Sorebo on January 30, 2014

    The recently disclosed security breach of Target’s® point of sale terminals and related infrastructure is likely a lesson on the limitations of standards and regulations to adequately protect sensitive information and critical systems despite the political piling on that traditionally visits a high-profile data breach. However, absent some newly discovered evidence of incompetence, the Target…

  • Data Leakage: The Human End-Around to DLP

    by Christopher Burgess on January 28, 2014

    The old adages "still water finds its own level" and "moving water finds a path of least resistance" both have applicability when we think of data leakage and employees' engagement with data loss prevention (DLP) processes, policies, procedures, and software. With still water, data is at rest; with moving water, your data in transit. There are also two types of employees: Those who are trying to…

  • Security Awareness? "Once and Done" Does Not Teach Awareness

    by Christopher Burgess on January 23, 2014

    A new employee shows up on day one and walks through his ID card briefing, compensation and benefits brief, and security brief, meets his new team and manager, and tries to retain all the information rushing out at him via the orientation fire hose. All boxes checked, the employee is good to go, and the security team notes that 100 percent of all new employees continue to receive security…

  • 5 Tips for Handling Compromised Customer Data

    by Christopher Burgess on January 21, 2014

    Rarely does a week go by when you don't hear or read of a data breach and the accompanying loss of customer data or client personal identifying information (PII). Having a data breach plan in place that provides an honest, direct, and customer-centric solution will go a long way toward retaining the customers or clients affected. Though no one ever wants these things to happen, data breaches do…

  • FedRAMP: It's Not Just for the Government Anymore

    by John Linkous on January 9, 2014

    For years, information security professionals, analysts, and pundits have all been pointing out the security risks inherent in cloud computing. Far from being a "Chicken Little" message, these concerns have been backed up by nonstop real-world incursions into cloud services, including major successful attacks on customer-facing cloud environments hosted by Adobe, LinkedIn, CloudFlare, and others. …

  • Event Denial: If I Don't Report It, Did It Really Happen?

    by Christopher Burgess on January 7, 2014

    "If a tree falls in the forest and no one is there to hear it, does it make a sound?" The technological equivalent of this query within cyber security exists, unfortunately: "If a compromise occurs and no one reports it, did it really happen?" The answer in both instances is, "of course." Yet the recent survey of 200 security professionals by Opinion Matters for Threat Track reveals that two-th…

  • Information Security Governance Simplified: From the Boardroom to the Keyboard

    by Ben Rothke on December 2, 2013

    Juggling two balls is something that most people can do, but juggling six balls takes dexterity and practice. Juggling the complexities of current IT environments requires a significant amount of skill. Besides considerations of technical, business, and financial elements, there also are regulatory requirements for oversight and governance. In Information Security Governance Simplified: From the…

  • California’s New “Eraser” Privacy Law Aimed at Protecting Minors

    by Stephen Wu on September 29, 2013

    On September 23, 2013, Governor Jerry Brown signed a new piece of legislation aimed at the online protection of minors. Designated Senate Bill 568, the new law received publicity for giving minors an “Internet eraser,” requiring online services to provide a mechanism by which minors can remove their own social media and other online content. This mechanism is intended to give minors the ability…

This document was retrieved from http://www.rsaconference.com/blogs on Thu, 31 Jul 2014 19:39:44 -0400.
© 2014 EMC Corporation. All rights reserved.