Showing Blog Posts: 31–40 of 896

  • What Do Companies Expect From a CISO?

    by Tony Bradley on September 15, 2015

    The role of CISO is an important one. It must be. It has Chief right in the title. The question, though, is what exactly does a company expect a CISO to do? You can’t meet or manage expectations if you don’t know what they are, and there’s a good chance you won’t keep your CISO job very long if you can’t meet expectations. A CISO is responsible for securing and protecting information assets but…

  • Taking Responsibility for Information Security

    by Tony Bradley on September 9, 2015

    It’s impossible for any one person to manage every aspect of securing the network, endpoints and data of an entire organization. The top of the security chain of command in most cases is the Chief Information Security Officer, though, so ultimately that responsibility falls on the shoulders of the CISO. Security is everyone’s job. Each and every employee within a company has to have some basic…

  • InfoSec People Are Doing It For Themselves

    by RSAC Contributor on September 8, 2015

    I founded Peerlyst as a no-spin zone where the information security community can share real-world experience, coming up with solutions to common (and not-so-common) problems. To my delight, that’s exactly what’s been happening—and we announced an exciting milestone earlier this month. PeerSource Budget is a crowdsourced tool that gives InfoSec professionals powerful new capabilities for…

  • Criminals Use CEO Emails to Target Companies

    by RSAC Contributor on September 3, 2015

    That email from the CEO in your inbox may not be real. Stop and pick up the phone to make sure it's legitimate before you take action. The FBI said cybercriminals stole nearly $750 million from more than 7,000 companies in the United States between October 2013 and August 2015. When you include international victims, total losses from busness-to-email attacks exceed $1.2 billion. Attackers, …

  • VC CyberInvestment Landscape is White-Hot

    by RSAC Contributor on September 2, 2015

    This post on security investment trends comes from Alberto Yépez, managing director of venture capital firm Trident Capital Cybersecurity. Cybersecurity is an incredibly important investment arena for venture capitalists. There are two things to note: Experts estimate cyberattacks result in a $100 billion annual loss in the U.S. economy. And while cybersecurity spending is growing, it remains a…

  • Forget IoT. Your Antivirus is under Heavy Fire

    by RSAC Contributor on September 1, 2015

    This post comes from Bogdan Botezatu, a security researcher with BitDefender. While the general public awaits the IoT apocalypse, the rest of us know the real threat actually runs much deeper. Highly skilled and extremely well financed computer experts are targeting the apex link in the security ecosystem: the anti-malware vendor itself. Recent revelations have shown the National Security Agency…

  • Five Ways Security Metrics Do More Harm Than Good

    by Tony Bradley on August 31, 2015

    There is no shortage of data out there. Virtually everything with a power source is logging events and churning out data almost constantly—including all of your security tools. That data—your security metrics—can uncover valuable truths about your security posture if used and analyzed properly, but it can also be very misleading or completely useless. Aaron Levenstein is credited with this little …

  • Introduction to Social Media Investigation

    by Ben Rothke on August 28, 2015

    Had you Googled social media investigation a decade ago, you would have gotten a handful of responses. Today, it has become a key part of law enforcement, family law and more. Social media played predominantly in the terrible murder last week of journalists Alison Parker and Adam Ward. Law enforcement poured over the social media profiles of the perpetrator. In Introduction to Social Media…

  • Treat Yourself to a SPA, Not a Pen Test

    by Rook Security on August 27, 2015

    A lot of companies are asked to do a pen test by their clients, because they think a pen test will let them know if their business partner’s technology is “secure” against cyber threats. The scan happens. The areas that need to be fixed are fixed. And the client feels warm and fuzzy inside. However, this feeling is misleading as the company isn't necessarily more secure— all it says is that you…

  • Security Metrics to Drive Change

    by Tony Bradley on August 24, 2015

    What’s the point, really? You've dedicated terabytes of storage to capture insane volumes of log data, but for what? Yes, you can distill the highlights which make you look good and drop them in your reports. Be warned that those types of vanity metrics don’t provide any real value. Use the right security metrics in the right way, and you can clearly illustrate the issues. And that's how you…

This document was retrieved from on Sat, 28 Nov 2015 00:53:18 -0500.
© 2015 EMC Corporation. All rights reserved.