Menu

Blogs

Showing Blog Posts: 1–10 of 19 tagged IT

  • Collecting Security Metrics and What They Mean

    by Fahmida Y. Rashid on July 1, 2015

    Perhaps you are in the middle of a security rollout, or have new security initiatives in place. How do you know your project is successful? How do you identify problem spots, the areas which need fine-tuning or modifications? Simply put, what metrics do you have in place to help you understand the project's effectiveness? Measurements aren't supposed to be easy. Threats change on a regular basis, …

  • Out of the Shadows: Fear is the Real Cloud Threat

    by Danelle Au on June 15, 2015

    Shadow IT is a misnomer, and we need to stop pretending that so-called rogue software applications are going to bring down the enterprise. That kind of fear mongering is misleading and doesn’t help advance the cause of securing data in the cloud. In fact, it is more of a threat to the security of the cloud than the software it demonizes. The term Shadow IT was coined out of a vestigial, …

  • Is Defense in Depth Dead? Part 2: The Lesson of Babylon

    by Danelle Au on April 28, 2015

    A few weeks ago, when I asked, Is Defense in Depth Dead? I used the example of Dover Castle to illustrate the point that, as weapons and warfare change, defensive strategies must also evolve to meet new realities. Dover Castle and other fortresses offered their occupants centuries of effective protection—until the advent of gunpowder and cannon on the battlefields of medieval Europe. Which is not…

  • Give Boards Metrics They Can Actually Understand

    by Tony Kontzer on April 22, 2015

    Troy Braban was only half-joking with this slide he shared at the RSA Conference in San Francisco: "83.45% of metric presentations at 96.82% of security conferences suck." Fortunately for the the more than 500 attendees who packed his session to hear about security metrics boards actually care about, Braban, the CISO of Australia Post, wasn't talking about himself. The problem most CISOs have in…

  • Breaking the Glass Firewall: Women in IT Security Panel

    by Tony Kontzer on April 20, 2015

    Despite notable progress in the acceptance and treatment of female IT security employees, the industry continues to struggle in establishing itself as a career track for women. During a panel discussion at the RSA Conference Monday, a few of the world's best-known female security executives made it clear that the challenges of yesteryear are dropping away, but that the industry still must do a…

  • RSA Conference Preview: Meet Your Guide

    by Tony Kontzer on April 20, 2015

    Hello, RSA Conference attendees. We probably haven't met before; my name is Tony, and I'll be one of your guides throughout this week. I am one of the contributors to the RSAC editorial team, and this year, we are going to take a different approach on how we cover the conference on the blog. This is a change for me, as in the past, I attended as a member of the technology media. As a journalist, …

  • Security Innovation is Live and Well, With Plenty of Room for More

    by Fahmida Y. Rashid on March 24, 2015

    Is innovation in information security dead? It's easy to think so when each day there is a new headline about yet another massive organization's data breach, or a new report points out that enterprises aren't taking care of the security basics. All while cyber-attackers are gleefully scooping up our private data and looting our bank accounts. These breaches aren't happening because organizations…

  • We Welcome Our New Automation Overlords

    by Securosis Team on February 5, 2015

    This post is by Rich Mogull, analyst and CEO of Securosis, an independent security research firm. I am inherently lazy. If I can come up with some new, automated way to solve a problem and save some time, I'll spend many hours more than it would take to knock it out manually on the off chance of some future time savings. But I understand I'm a bit unusual that way (and it is sometimes to my…

  • Getting the InfoSec Budget You Need

    by Fahmida Y. Rashid on October 1, 2014

    There is a tongue-in-cheek saying that goes something like this: How do security professionals get the security budget they want? Wait for a data breach. It's a sad state of affairs that there is a grain of truth to this poor joke. This month, we explore how security professionals can tackle budget planning for next year. Security spending as a percentage of the overall IT budget has remained…

  • Security Metrics: How Are You Measuring Security?

    by Joshua Marpet on August 12, 2014

    Do you have an information security practice? How do you measure its effectiveness? By the number of tickets generated? The number of viruses found and stamped out? Or by how quiet it is?—"If they don't bother me, they must be doing their job!" Have the security metrics guidelines changed in the last few years as infosec moved away from a helpdesk mentality, towards a penetration tester's…

This document was retrieved from http://www.rsaconference.com/blogs on Fri, 03 Jul 2015 21:46:22 -0400.
© 2015 EMC Corporation. All rights reserved.