Menu

Blogs: Security Reading Room

  • Secure Data Deletion

    by Ben Rothke on November 30, 2016

    The law of conservation of energy is that energy remains constant; it can be neither created or destroyed. It simply transforms from one form to another. While not a perfect analogy, data on a hard drive or other physical media is quite difficult to completely transform to the state of fully erased. While many have lost files and been unsuccessful in retrieving them, for an information security…

  • DNS Security: Defending the Domain Name System

    by Ben Rothke on November 22, 2016

    That you are reading this review, and my ability to post it are due in large part due to the Domain Name System (DNS). DNS is Wikipedia describes it is a hierarchical decentralized naming system for computers, services, or any resource connected to the Internet or a private network. It associates various information with domain names assigned to each of the participating entities. Most…

  • Hack-Proof Your Life Now! The New Cybersecurity Rules

    by Ben Rothke on November 2, 2016

    Far Side creator Gary Larson wrote that a high-school biology teacher once told him she showed her class a number of Far Side comics at the beginning of the school year and most of the students didn't get the humor. She said a goal of the class was that by the end of the year, they should have learned enough science to see the humor in the comics. Similarly, by the time a novice reader finishes …

  • Cybersecurity and Applied Mathematics

    by Ben Rothke on October 26, 2016

    Mathematics is an integral (no pun intended) part of information security and cryptography. The RSA cryptosystem is one of many examples—its foundation is based on mathematics. The core security of RSA is based on the practical difficulty of factoring the product of two very large prime numbers, known as the factoring problem. In elliptic curve cryptography (ECC), its security is based on the…

  • Information Security Policies, Procedures, and Standards: A Practitioner's Reference

    by Ben Rothke on October 13, 2016

    Security policies are like fiber (the kind you eat, not the telco type). Everyone agrees they are important, but often don’t want to deal with it. Most organizations eventually realize there comes a time that they are forced to tame the beast known as information security policies. They are often forced into this when it they get requests for a 3rd-party audit, PCI DSS compliance, visit from the…

  • Obfuscation: A User's Guide for Privacy and Protest

    by Ben Rothke on October 6, 2016

    Certain things in life just don't mix. When it comes to personal privacy, using Amazon and Facebook simultaneously is perhaps an example of a potentially dangerous privacy mix. With each site tracking your every search and click, it doesn’t take long until these merchants have a detailed dossier on your on-line habits. That's in addition to profiting of your personal buying habits. This is what…

  • Cyber-Physical Attack Recovery Procedures: A Step-by-Step Preparation and Response Guide

    by Ben Rothke on September 25, 2016

    Dr. Karyn Hall wrote The Emotionally Sensitive Person: Finding Peace When Your Emotions Overwhelm You to help such people identify emotional triggers, and to develop strong and healthy identity without becoming upset. When it comes to the world of building equipment, while these systems look tough and resilient on the outside, they are often quite sensitive and vulnerable. In Cyber-Physical…

  • Bitcoin and Cryptocurrency Technologies: A Comprehensive Introduction

    by Ben Rothke on September 6, 2016

    Bitcoin is a topic that evokes a sort of whodunit to many people. Created by an international man of mystery named Satoshi Nakamoto, it leads many to think this is a protocol that lends itself to a John Grisham novel. Many even think Bitcoin is a government conspiracy. But none of that could be further from the truth. As in introduction, Bitcoin is a digital currency and payment system created by…

  • Infrastructure as Code: Managing Servers in the Cloud

    by Ben Rothke on August 19, 2016

    Many organizations have entered the world of cloud services, only to find it is not the panacea that they were lead to believe it would be. For example, while it’s relatively easy to spin up new servers in AWS (Amazon Web Services), managing those servers once they are operational is not such an easy endeavor. In Infrastructure as Code: Managing Servers in the Cloud (O'Reilly Media ISBN-10:…

  • Insider Threat: Prevention, Detection, Mitigation, and Deterrence

    by Ben Rothke on August 1, 2016

    Insider threats have been the bane of organizations from time immemorial. When it comes to data threats, for over a decade, the CERT Insider Threat Center has been dedicated to combatting cybersecurity insider threats. Their scientific-based research is the gold standard on the topic. In the newly released Insider Threat: Prevention, Detection, Mitigation, and Deterrence (Butterworth-Heinemann ISBN…

This document was retrieved from https://www.rsaconference.com/blogs on Sun, 04 Dec 2016 07:13:18 -0500.
© 2016 EMC Corporation. All rights reserved.