Menu

Blogs

  • Security By Any Other Name

    by Wendy Nather on May 21, 2015

    Leading image

    If you went up to a pharmacist and said, “Hi, I need something to cure a case of the APTs,” what do you think she would recommend? A big issue with the security industry has to deal with the way we market and describe security technology. It used to be that products were described by functionality, with point features that were well understood: firewall, anti-virus, anti-spam, web filter, log management, and so on. Things became one layer removed when marketing trotted out the term…

  • Intellectual Property Theft: The Insider

    by Christopher Burgess on May 20, 2015

    If you are responsible for protecting your company from the risk of a trusted insider stealing intellectual property, consider packing a lunch because it's going to be a bit of a journey. Intellectual property (IP) means different things to different people. And far too many believe they don’t have access to the company's IP, and therefore are not responsible for protecting it. First, …

  • The Terrorists of Iraq: Inside the Strategy and Tactics of the Iraq Insurgency 2003-2014

    by Ben Rothke on May 18, 2015

    The infinite monkey theorem states that a monkey hitting random typewriter keys for an infinite amount of time will eventually be able to create the complete works of Shakespeare. Various scientists such as Nobel laureate Arno Penzias have shown how the theorem is mathematically impossible. Using that metaphor, if you took every member of United States Congress and House of Representatives and…

  • What's Next in Our Security Conversation

    by Fahmida Y. Rashid on May 18, 2015

    There were a lot of interesting conversations at RSA Conference last month. With everyone back home and back to the pressures of the daily job, what happens next? Where does all that energy and excitement go? Hopefully, it is being channeled into informal conversations and new initiatives. One of the key themes was that security is broken and it needs to change. Every company needs a holistic…

  • CSA Guide to Cloud Computing: Implementing Cloud Privacy and Security

    by Ben Rothke on May 16, 2015

    Full disclosure: this book is sponsored by the Cloud Security Alliance of which I am a founding member. I am also friends with 2 of the authors. Even though cloud computing is mainstream such that even the Federal Government is on board; it’s not necessarily so that it will always make computing cheaper and faster. And all the more so when it comes to security and privacy. The challenge is how to…

  • SANS NetWars at RSAC 2015

    by Fahmida Y. Rashid on May 15, 2015

    SANS Institute brought its NetWars competition to RSA Conference 2015 in San Francisco. A hands-on, interactive learning environment, SANS NetWars lets information security professionals develop and master skills they need in their jobs. The program focuses on developing skills in vulnerability assessment, system hardening, malware analysis, digital forensics, incident response, packet analysis, …

  • Mining Your Banking Data Gold Mine

    by Dale "Woody" Wooden on May 14, 2015

    Dale "Woody" Wooden illustrates security concepts through stories. His past posts discussed how attackers mine employees' social media accounts for information and how social media can be used against you. This story is about companies asking for way too much information about your business. Would you give up all your itemized bank statements to a third party? Hand over information about…

  • Today’s Attack Mode Mindset to Pen Testing

    by Eric Cowperthwaite on May 13, 2015

    Let’s start off by getting on the same page about what a penetration test is. The goal is generally to provide or your management team with an evaluation and snapshot of the organization’s security posture at a specified time. The actual testing involves mimicking what real attackers do, usually by leveraging a chain of vulnerabilities (i.e. attack path) in an attempt to reach critical assets. …

  • Transforming Security into THE Business Enabler

    by Rook Security on May 11, 2015

    When I began my security career, shortly after the Y2K scare, there were many conversations about security as a roadblock. “Can’t do that ‘cause security won’t let us!” Most of the time security had the best interest of the company in mind, but other times it was because security professionals didn’t always understand the business objective. Silos existed in IT, IT Security, Business, and…

  • Lessons Learned at RSAC 2015

    by Tony Kontzer on May 5, 2015

    Now that the curtain has fallen on the RSA Conference 2015, San Francisco edition, what have you learned? I can't speak for anyone else, but I returned from RSAC with a number of things bouncing around my head. For instance, right out of the gate, we learned that Amit Yoran is an energetic and forceful speaker who will carry the RSA Conference keynote torch with great aplomb. Yoran took the stage…

  • Next Stop for the CISO: The Office of the CIRO?

    by Tony Kontzer on May 4, 2015

    As if CISOs didn't have enough to worry about already, now we are hearing they should be seriously considering acquiring the skills they need to become the chief information risk officer. Few organizations today have a CIRO, but if the scuttlebutt at the recently concluded RSA Conference is to be believed, they will soon, and CISOs are the logical choices to fill that role. It's reasonable to…

This document was retrieved from http://www.rsaconference.com/blogs on Wed, 27 May 2015 07:38:05 -0400.
© 2015 EMC Corporation. All rights reserved.