Blogs

Showing Blog Posts: 51–60 of 649

  • Targeted Cyber Attacks: Multi-staged Attacks Driven by Exploits and Malware

    by Ben Rothke on September 22, 2014

    Targeted cyber attacks are for the most part the same as an APT (advanced persistent threat). It was last year’s report on APT1 from Mandiant that brought this important information security topic to the forefront. In Targeted Cyber Attacks: Multi-staged Attacks Driven by Exploits and Malware, authors Aditya Sood and Richard Enbody write that there are a few different definitions of what a…

  • Data Privacy in the 21st Century

    by Robert Moskowitz on September 18, 2014

    Privacy impacts both the quality of life and business success. In today's highly automated and digitized world, the concept of "privacy" effectively boils down to data privacy.Simply put, you want to be able to keep certain information from being shared (voluntarily or involuntarily) with others. Although the word "privacy" does not appear in the United States Constitution, the Supreme Court has…

  • Mythbusters: RSAC Edition Part 2

    by Britta Glade on September 17, 2014

    In our last post we looked at RSA Conference myths that typically get associated with our call for submissions process. Here are a few more bubbles we’re more than happy to burst! Myth: RSAC Covers the Same Topics Every Year; Topics are Never Technical in Nature Although RSA Conference focuses primarily on the business of security, we do have technical tracks at our events. Our goal is to help our…

  • Compliance is Not Supposed to be Security

    by Fahmida Y. Rashid on September 17, 2014

    With all the high-profile data breaches at major retailers over the past few months, it’s really tempting to write off PCI DSS as being ineffective. It’s clearly not working, since the security standard clearly didn’t protect these companies from attack. Then again, perhaps we are looking at the standard all wrong. Businesses—and often auditors—measure their security effectiveness against PCI DSS…

  • The Once and Future Network Security Appliance

    by John Linkous on September 16, 2014

    In the early 2000s, the network security appliance became ubiquitous. Beginning with Web application firewalls (WAFs), and eventually extending through all seven layers of the network model, security appliances were being popped into server racks like candy. "Need to filter spam? There's an appliance for that!" "Do you want to analyze the flow data generated on your firewalls? There's an…

  • 3 Reasons to Consider a Managed Security Services Partner

    by Christopher Burgess on September 11, 2014

    Companies are generally cataloged as small, medium, or large. But size does not matter to a cybercriminal or an unethical competitor, who view companies as either soft and vulnerable, or hardened and difficult. Companies need to determine what level of "hardness" they need to achieve, and whether they want to build it themselves, partner with a managed security services entity, or a little of…

  • Mythbusters: RSAC Edition Part 1

    by Britta Glade on September 10, 2014

    The only thing people like more than a myth is separating fact from fiction. We all know some of the more famous myths: the explosive combination of soda and Pop Rocks candy will kill you, alligators roam the sewers of New York City and Walt Disney had himself cryogenically frozen. That said, you don’t have to be Jamie Hynemen or Adam Savage to bust the myths surrounding RSA Conference’s Call for…

  • Security Audit: The Pitfalls of Third-Party Assessments

    by John Linkous on September 9, 2014

    Everyone is aware of last year’s data breach at Target. Millions of records of cardholder data were stolen and Target is still recovering, with current costs at $148 million. What's not well-known, or openly discussed, is the behind-the-scenes conversations the company has had with its PCI assessor and the standards organization. The PCI Security Standards Council (SSC), consisting of major credit…

  • Architecting the Cloud: Design Decisions for Cloud Computing Service Models

    by Ben Rothke on September 8, 2014

    Most books about cloud computing are either extremely high-level quasi-marketing tomes (sometimes written by cloud vendors) about the myriad benefits of the cloud without any understanding of how to practically implement the technology under discussion. The other type of cloud books are highly technical references guides, that provide technical details, but for a limited audience. In Architecting…

  • Thinking About Compliance in September

    by Fahmida Y. Rashid on September 5, 2014

    Compliance is one of those never-ending things. If the organization is not in the middle of an audit, then it is either reviewing its results or preparing for an upcoming one. That isn’t a bad thing, since the point is to be always compliant, not just sometimes. Unfortunately, compliance has a bad reputation because those regulatory activities can be so time-consuming. It may be frustrating to…

This document was retrieved from http://www.rsaconference.com/blogs on Fri, 28 Nov 2014 13:02:25 -0500.
© 2014 EMC Corporation. All rights reserved.