Menu

Blogs

Showing Blog Posts: 11–20 of 102 tagged Compliance

  • Which Peer-2-Peer Session Will You Attend at RSAC 2015?

    by Fahmida Y. Rashid on April 13, 2015

    What is a Peer-2-Peer session? Peer2Peer sessions enable groups that share a common interest to come together and explore a specific security topic. You will be digging into a topic you really care about in a room with like-minded peers and a facilitator. Wondering which conversation will be the most relevant to your job role and concerns? We asked each session facilitator to provide a short…

  • Securosis Guide: 2015 Endpoint Security Trends

    by Securosis Team on April 7, 2015

    This post is part of a multi-part series about the Securosis Guide to the RSA Conference (download the RSAC-G PDF). Please scroll to the bottom for links to other posts in the series. What you'll see at the RSAC in terms of endpoint security is really more of the same. Advanced attacks blah, mobile devices blah blah, AV-vendor hatred blah blah blah. Just a lot of blah... But we are still recovering…

  • Securosis Guide: P.Compliance.90X

    by Securosis Team on March 27, 2015

    This post is part of a multi-part series about the Securosis Guide to the RSA Conference (download the RSAC-G PDF). Please scroll to the bottom for links to other posts in the series. Compliance. It's a principle driver for security spending, and vendors know this. That's why each year compliance plays a major role in vendor messaging on the RSAC show floor. A plethora of companies claiming to be…

  • Working With Government: Security Standards

    by Todd Inskeep on March 5, 2015

    This is the fifth post in a multi-part series following the President’s State of the Union speech back in January. The series examines how the information security community needs to engage with the government to shape laws which will affect the industry. You can see the first, second, third, and fourth posts. Let's take a look at prescriptive requirements. There has been little discussion of…

  • Security Awareness Training: We're Doing it Wrong!

    by Rook Security on March 3, 2015

    This post comes from Arlie Hartman, a senior security advisor at Rook Security. It’s a relentless mantra in information security community: “People are the weakest link.” The success of email phishing, watering hole attacks, and over-the-phone social engineering tactics proves that attackers just have to target people in order to sidestep several layers of defense in depth measures. Most security…

  • We Welcome Our New Automation Overlords

    by Securosis Team on February 5, 2015

    This post is by Rich Mogull, analyst and CEO of Securosis, an independent security research firm. I am inherently lazy. If I can come up with some new, automated way to solve a problem and save some time, I'll spend many hours more than it would take to knock it out manually on the off chance of some future time savings. But I understand I'm a bit unusual that way (and it is sometimes to my…

  • Social Media Security: Leveraging Social Networking While Mitigating Risk

    by Ben Rothke on February 3, 2015

    A firm can spend decades building a brand into one that inspires trust. Unfortunately, social media can quickly destroy that trust in an instant. In Social Media Security: Leveraging Social Networking While Mitigating Risk, author Michael Cross provides a comprehensive overview of the security and privacy risks around social media. The book lives up to its title and effectively shows the reader…

  • Designing and Building a Security Operations Center

    by Ben Rothke on January 28, 2015

    Many organizations are overwhelmed by the onslaught of security data from disparate systems, platforms and applications. They have numerous point solutions (anti-virus, firewalls, IDS/IPS, ERP, access control, IdM, single sign-on, etc.) that can create millions of daily log messages. In addition to directed attacks becoming more frequent and sophisticated, there are regulatory compliance issues…

  • PRAGMATIC Security Metrics - Applying Metametrics to Information Security

    by Ben Rothke on January 27, 2015

    Like all books on metrics, early in PRAGMATIC Security Metrics: Applying Metametrics to Information Security authors Krag Brotby and Gary Hinson state that “you can't manage what you can't measure”. The authors claim that other books on information security metrics discuss number theory and statistics in academic terms. This title promises to be light on mathematics and heavy on utility and is…

  • The Practical Guide to HIPAA Privacy and Security Compliance

    by Ben Rothke on January 25, 2015

    From an information security perspective, there is nothing overly onerous with the HIPAA security and privacy requirements. But like all regulations, the devil is in the details. While HIPAA is meant to protect large-scale disclosure of patient data, some of it includes absurd requirements such as ensuring white-boards in hospital wards don’t have full patient information and that intravenous…

This document was retrieved from http://www.rsaconference.com/blogs on Sun, 07 Feb 2016 10:05:00 -0500.
© 2016 EMC Corporation. All rights reserved.