Menu

Blogs

Showing Blog Posts: 21–30 of 662

  • Security Storage: To HSM or Not To HSM?

    by Joshua Marpet on November 18, 2014

    Information security storage is necessary; without it, how would Amazon know what it is selling or what product recommendations to make? How could it store the shopper’s credit card information to make purchases with a single click? While consumers would like to think their credit card information, purchase history, and other personalized data is stored securely, that is not always the case. …

  • The Human Element in the Data Breach

    by Christopher Burgess on November 17, 2014

    We are all familiar with the adage, "to err is human; to really foul things up requires a computer," which implies that the computer may be to blame for many data breach calamities. Alas, it appears the erring human is also culpable. Take, for example, the recent kerfuffle surrounding Apple's iCloud and the compromise of celebrity accounts containing salacious photos. After much slinging of…

  • Social Engineering 2.0: Old-Fashioned Targets, Cutting-Edge Techniques

    by John Linkous on November 14, 2014

    Back in 2006, a large company in Chicago contracted my company to conduct an advanced information security controls assessment. In addition to looking for technical vulnerabilities—unpatched servers, web app vulnerabilities, open ports that should be closed, and the like—we were also contracted to conduct a social engineering assessment. On the first day of our technical assessment, our team…

  • Source Code: The Last Frontier of Security Threats

    by John Linkous on November 13, 2014

    My consulting firm is increasingly receiving requests from customers to help them address what seems to be the last frontier of security analysis: source code. As an analyst, I have a lot of tools at my disposal for identifying problems in both compiled code and p-code. Security, after all, started out as a black box-oriented approach to figuring out answers to problems; we know what the specs of…

  • Are Security Teams Ready to Handle the End of Year Challenges?

    by Fahmida Y. Rashid on November 12, 2014

    While we continue with the budget discussion, it's important to think about some of the unique challenges present as we approach the end of the calendar year. There are various things security professionals need to do at this time of the year, and David Matthews discusses some of them on Nov. 20 in Incident Response: Are You Ready for the End of the Year? As the former director of incident…

  • Preventing Another Holiday Season Data Breach

    by Fahmida Y. Rashid on November 11, 2014

    Businesses—not just retailers—spend months developing plans for the holiday shopping season. Unfortunately, many of them haven't thought about security during those strategy sessions. "People have different mentalities when they look at the end of the year," says Chris Strand, senior director of compliance at Bit9. We've already listed some of the challenges associated with the end-of-the-year…

  • Countdown to Zero Day: Stuxnet and the Launch of the World's First Digital Weapon

    by Ben Rothke on November 10, 2014

    A word to describe Takedown: The Pursuit and Capture of America's Most Wanted Computer Outlaw was hyperbole. While the general storyline from the 1996 book was accurate, filler was written that created the legend of Kevin Mitnick. This in turn makes the book a near work of historical fiction. Much has changed in nearly 20 years and Countdown to Zero Day: Stuxnet and the Launch of the World's First…

  • Critical Infrastructure Security Is Key to Homeland Security

    by Christopher Burgess on November 10, 2014

    The US Department of Homeland Security (DHS) is the model that most often comes to mind when broaching the subject of national security. The DHS takes critical role in the protection of its infrastructure—electric, water, gas, transport, etc. The DHS, via the US-CERT (Cyber Emergency Response Team), produces alerts, advisories, and reports that not only keep government clientele well informed, but…

  • The Bright Future of Mobile Payments

    by John Linkous on November 7, 2014

    Cashless payment for goods and services continues to evolve, and mobile payments are quickly becoming the battleground for new products and technologies that drive consumer and merchant convenience. Such payments ensure rapid payment for credit issuers and other constituents in the transaction chain. Some of these technologies are still evolving and represent truly revolutionary approaches, while…

  • The Evolution of Data Mining for Security Operations

    by John Linkous on November 6, 2014

    One of the more depressing pieces of information from Verizon's 2014 Data Breach Investigations Report is the fact that, over the past five years, the time difference between when a data breach occurs and when it is discovered has been on the rise. Yes, that's right: despite investing in countless security tools to detect security threats, we're actually getting worse at the job. This is largely…

This document was retrieved from http://www.rsaconference.com/blogs on Sat, 20 Dec 2014 17:17:39 -0500.
© 2014 EMC Corporation. All rights reserved.