Menu

Blogs

Showing Blog Posts: 11–20 of 99 tagged Compliance

  • Working With Government: Security Standards

    by Todd Inskeep on March 5, 2015

    This is the fifth post in a multi-part series following the President’s State of the Union speech back in January. The series examines how the information security community needs to engage with the government to shape laws which will affect the industry. You can see the first, second, third, and fourth posts. Let's take a look at prescriptive requirements. There has been little discussion of…

  • Security Awareness Training: We're Doing it Wrong!

    by Rook Security on March 3, 2015

    This post comes from Arlie Hartman, a senior security advisor at Rook Security. It’s a relentless mantra in information security community: “People are the weakest link.” The success of email phishing, watering hole attacks, and over-the-phone social engineering tactics proves that attackers just have to target people in order to sidestep several layers of defense in depth measures. Most security…

  • We Welcome Our New Automation Overlords

    by Securosis Team on February 5, 2015

    This post is by Rich Mogull, analyst and CEO of Securosis, an independent security research firm. I am inherently lazy. If I can come up with some new, automated way to solve a problem and save some time, I'll spend many hours more than it would take to knock it out manually on the off chance of some future time savings. But I understand I'm a bit unusual that way (and it is sometimes to my…

  • Social Media Security: Leveraging Social Networking While Mitigating Risk

    by Ben Rothke on February 3, 2015

    A firm can spend decades building a brand into one that inspires trust. Unfortunately, social media can quickly destroy that trust in an instant. In Social Media Security: Leveraging Social Networking While Mitigating Risk, author Michael Cross provides a comprehensive overview of the security and privacy risks around social media. The book lives up to its title and effectively shows the reader…

  • Designing and Building a Security Operations Center

    by Ben Rothke on January 28, 2015

    Many organizations are overwhelmed by the onslaught of security data from disparate systems, platforms and applications. They have numerous point solutions (anti-virus, firewalls, IDS/IPS, ERP, access control, IdM, single sign-on, etc.) that can create millions of daily log messages. In addition to directed attacks becoming more frequent and sophisticated, there are regulatory compliance issues…

  • PRAGMATIC Security Metrics - Applying Metametrics to Information Security

    by Ben Rothke on January 27, 2015

    Like all books on metrics, early in PRAGMATIC Security Metrics: Applying Metametrics to Information Security authors Krag Brotby and Gary Hinson state that “you can't manage what you can't measure”. The authors claim that other books on information security metrics discuss number theory and statistics in academic terms. This title promises to be light on mathematics and heavy on utility and is…

  • The Practical Guide to HIPAA Privacy and Security Compliance

    by Ben Rothke on January 25, 2015

    From an information security perspective, there is nothing overly onerous with the HIPAA security and privacy requirements. But like all regulations, the devil is in the details. While HIPAA is meant to protect large-scale disclosure of patient data, some of it includes absurd requirements such as ensuring white-boards in hospital wards don’t have full patient information and that intravenous…

  • Enterprise Software Security: A Confluence of Disciplines

    by Ben Rothke on January 15, 2015

    To date, most software security books have focused solely on writing secure code and educating developers on how to do that. In Enterprise Software Security: A Confluence of Disciplines, authors Kenneth van Wyk, Mark Graff, Dan Peters and Diana Burley take a different, and ultimately necessary approach. Their tactic is that treating software security as an autonomous discipline doesn’t work. With…

  • The Muddled State of Security Standards

    by John Linkous on December 22, 2014

    One of my favorite quotes—attributed to either Admiral Grace Hopper or computer science professor Andy Tanenbaum—goes something like this: "The nice thing about standards is that there are so many to choose from." It’s true in the information security world, too. Standards, Standards Everywhere! Let’s first settle what we mean by security standards. There's no shortage of recommendations on how to…

  • Three Reasons Why Employees Chafe at Security Policies

    by Christopher Burgess on December 12, 2014

    How often have you heard someone say, "We can't do it that way, because our security policies prohibit . . . " Perhaps they were discussing customer data security and the means to achieve frictionless engagement. Variants of this conversation occur every day, and if you are the chief information security officer (CISO), you need to maintain these policies. Here are three reasons why employees…

This document was retrieved from http://www.rsaconference.com/blogs on Mon, 03 Aug 2015 19:20:23 -0400.
© 2015 EMC Corporation. All rights reserved.