Menu

Blogs

Showing Blog Posts: 1–10 of 28 tagged IT

  • Treat Yourself to a SPA, Not a Pen Test

    by Rook Security on August 27, 2015

    A lot of companies are asked to do a pen test by their clients, because they think a pen test will let them know if their business partner’s technology is “secure” against cyber threats. The scan happens. The areas that need to be fixed are fixed. And the client feels warm and fuzzy inside. However, this feeling is misleading as the company isn't necessarily more secure— all it says is that you…

  • Security Metrics to Drive Change

    by Tony Bradley on August 24, 2015

    What’s the point, really? You've dedicated terabytes of storage to capture insane volumes of log data, but for what? Yes, you can distill the highlights which make you look good and drop them in your reports. Be warned that those types of vanity metrics don’t provide any real value. Use the right security metrics in the right way, and you can clearly illustrate the issues. And that's how you…

  • What Black Hat and the NFL Have in Common: Strategy

    by Eric Cowperthwaite on August 19, 2015

    This time of year is a merging of two of my favorite things, Hacker Summer Camp aka BSidesLV, Black Hat and DefCon, and the beginning of the football season. On the surface it might not appear that these things have a lot in common. However, a bit deeper analysis tells us that the strategies employed by your security team and your favorite football team revolve around many of the same principles…

  • Change Your Gears

    by Securosis Team on August 17, 2015

    I'm a cyclist. Not necessarily a very good one, but I can hold my own in the middle of the pack. On group rides you always have the person who locks into a gear and sticks with it. Their pedaling cadence slows on hills, speeds up on inclines, and they don't really shift a lot. It isn't overly efficient, especially compared to the pro-level riders who keep a constant cadence and work the shifter…

  • Peers Discuss Partner Security

    by RSAC Contributor on July 31, 2015

    Ken Morrison, principal of IT consultancy Morrison Consulting, led security and risk professionals in a discussion about outsourcing as part of the Peer-to-Peer discussion at RSA Conference 2015 in San Francisco. Below is Morrison's notes from the session. Outsourcing to global partners is a regular activity by companies seeking to leverage their resources. Our session, Who’s invited to Your…

  • Security Program Governance, Application Security Domains

    by RSAC Contributor on July 28, 2015

    This is the last in a three-part series on IT security from Forsythe Technology. This post looks at governance and application security. Previous posts covered core infrastructure and threat and vulnerability management and data protection and identity and access management. Innovating Your Security Mindset In the previous post, I talked about the role data protection and identity and access…

  • Data Protection and Identity and Access Management Domains

    by RSAC Contributor on July 24, 2015

    This is the second in a three-part series on IT security from Forsythe Technology. This post looks at data protection and identity and access management. Other posts covered core infrastructure and threat and vulnerability management and governance and application security. Your Data Has Left the Building: Are You Protecting It? In the previous post, I talked about the current role of perimeter and…

  • Mobile Security Start Up SODA Wins Innovation Sandbox Contest at RSAC APJ

    by Fahmida Y. Rashid on July 23, 2015

    Singapore-based startup Soda won the most innovative start up crown at the conclusion of the RSA Conference Asia Pacific & Japan 2015 Innovation Sandbox Most Innovative Start Up competition on Tuesday. The competition was a precursor to the actual conference, which officially began Wednesday. Soda provides security infrastructure for mobile communications, offering encryption via a software layer…

  • Security 2.0: Survival in the New Threatscape

    by RSAC Contributor on July 20, 2015

    This is the first in a three-part series on IT security from Forsythe Technology. This post looks at core infrastructure and threat and vulnerability management. Security breaches are inevitable. Organizations needs to shift from aging mindsets and predictable tools to comprehensive prevention, detection and response capabilities in order to neutralize potential damage. In this blog series, …

  • Collecting Security Metrics and What They Mean

    by Fahmida Y. Rashid on July 1, 2015

    Perhaps you are in the middle of a security rollout, or have new security initiatives in place. How do you know your project is successful? How do you identify problem spots, the areas which need fine-tuning or modifications? Simply put, what metrics do you have in place to help you understand the project's effectiveness? Measurements aren't supposed to be easy. Threats change on a regular basis, …

This document was retrieved from http://www.rsaconference.com/blogs on Tue, 01 Sep 2015 08:08:53 -0400.
© 2015 EMC Corporation. All rights reserved.