Blogs

Showing Blog Posts: 21–30 of 77 tagged Compliance

  • 5 Tips for Handling Compromised Customer Data

    by Christopher Burgess on January 21, 2014

    Rarely does a week go by when you don't hear or read of a data breach and the accompanying loss of customer data or client personal identifying information (PII). Having a data breach plan in place that provides an honest, direct, and customer-centric solution will go a long way toward retaining the customers or clients affected. Though no one ever wants these things to happen, data breaches do…

  • FedRAMP: It's Not Just for the Government Anymore

    by John Linkous on January 9, 2014

    For years, information security professionals, analysts, and pundits have all been pointing out the security risks inherent in cloud computing. Far from being a "Chicken Little" message, these concerns have been backed up by nonstop real-world incursions into cloud services, including major successful attacks on customer-facing cloud environments hosted by Adobe, LinkedIn, CloudFlare, and others. …

  • Event Denial: If I Don't Report It, Did It Really Happen?

    by Christopher Burgess on January 7, 2014

    "If a tree falls in the forest and no one is there to hear it, does it make a sound?" The technological equivalent of this query within cyber security exists, unfortunately: "If a compromise occurs and no one reports it, did it really happen?" The answer in both instances is, "of course." Yet the recent survey of 200 security professionals by Opinion Matters for Threat Track reveals that two-th…

  • Information Security Governance Simplified: From the Boardroom to the Keyboard

    by Ben Rothke on December 2, 2013

    Juggling two balls is something that most people can do, but juggling six balls takes dexterity and practice. Juggling the complexities of current IT environments requires a significant amount of skill. Besides considerations of technical, business, and financial elements, there also are regulatory requirements for oversight and governance. In Information Security Governance Simplified: From the…

  • California’s New “Eraser” Privacy Law Aimed at Protecting Minors

    by Stephen Wu on September 29, 2013

    On September 23, 2013, Governor Jerry Brown signed a new piece of legislation aimed at the online protection of minors. Designated Senate Bill 568, the new law received publicity for giving minors an “Internet eraser,” requiring online services to provide a mechanism by which minors can remove their own social media and other online content. This mechanism is intended to give minors the ability…

  • SCADA and Me

    by Ben Rothke on September 12, 2013

    When is the right time to talk to your kids about SCADA? According to the new book SCADA and Me, the time is now. The book bills itself as a book for children and management. Truth be told, that is a hard, if not impossible combination to write for. The reality is that SCADA is not child’s play. The underlying theme of the book is that SCADA is critical to our national infrastructure and that it’s…

  • The Perils of Audits

    by Gib Sorebo on August 31, 2013

    Among critical infrastructure asset owners, a common device for ensuring that their cybersecurity risk posture is appropriate is an audit. We'll leave aside whether the motivation is compliance or simply a desire to be as secure as possible against attacks. In essence, both motivations often lead to the disaster that is the audit whether it is driven by "best practices" or a particular compliance…

  • Assessing Vendors: A Hands-On Guide to Assessing Infosec and IT Vendors

    by Ben Rothke on July 10, 2013

    Every organization has external software, hardware and 3 rd -party vendors they have to deal with. In many cases, these vendors will have direct access to the corporate networks, confidential and proprietary data and more. Often the software and hardware solutions are critical to the infrastructure and security of the organization. If the vendors don’t have effective information security and…

  • Legal Issues in Managing Mobile Devices in the Enterprise

    by Stephen Wu on May 17, 2013

    This month, I completed a book on the legal issues involved with managing mobile devices in the enterprise. The publisher will be the American Bar Association Section of Science & Technology Law. I served as Chair of the Section from 2010 to 2011. I expect the Section to publish the book in time for the American Bar Association Annual Meeting in August in San Francisco. But the purpose of this…

  • Managing Risk and Information Security: Protect to Enable

    by Ben Rothke on March 20, 2013

    Risk management in the real world is not an easy endeavor. On one side, people use toilet seat covers thinking they do something, on the other side, millions of people smoke cigarettes, ignoring the empirical evidence of their danger. In Managing Risk and Information Security: Protect to Enable, author Malcolm Harkins deals with the inherent tension of information security – that between…

This document was retrieved from http://www.rsaconference.com/blogs on Tue, 21 Oct 2014 03:05:12 -0400.
© 2014 EMC Corporation. All rights reserved.