Menu

Blogs: Security Reading Room

  • The Security Reading Room: The Best Information Security Books of 2016

    by Ben Rothke on February 5, 2017

    There were a lot of good information security books that came out in 2016, and many that were not worth reading. With that, here’s my list of the information security books stand out as the best, listed in no particular order: The Car Hacker's Handbook: A Guide for the Penetration Tester - plus ça change, plus c’est la même chose. Lots of features combined with poor security make cars the next big…

  • Ransomware: Defending Against Digital Extortion

    by Ben Rothke on January 11, 2017

    As an early piece of malware, the 1989 Yankee Doodle virus was limited to playing the patriotic song of the same name. Much has changed over the years, and the rise of ransomware is playing out a very, and much less melodious tone. Countless individuals and businesses of all sizes are being locked out of their own data and their systems made unavailable, until a ransom is paid to the ransomware…

  • Advanced Persistent Security: A Cyberwarfare Approach to Implementing Adaptive Enterprise Protection, Detection, and Reaction Strategies

    by Ben Rothke on December 29, 2016

    Advanced persistent threats (APT) have gotten significant amounts of press over the last few years. When I first scanned the title of this book, I assumed it was on that topic. While Advanced Persistent Security: A Cyberwarfare Approach to Implementing Adaptive Enterprise Protection, Detection, and Reaction Strategies (Syngress 978-0128093160) does details APT, that’s not the main focus. The books…

  • Hiding Behind the Keyboard: Uncovering Covert Communication Methods with Forensic Analysis

    by Ben Rothke on December 18, 2016

    In chapter 2 of Hiding Behind the Keyboard: Uncovering Covert Communication Methods with Forensic Analysis (Syngress ISBN 978-0128033401), authors Brett Shavers and John Bair discuss the Tor browser and how it can offer tremendous levels of security and privacy. Their goal in the book is to help security professionals and investigators use investigative techniques against those employing such…

  • Secure Data Deletion

    by Ben Rothke on November 30, 2016

    The law of conservation of energy is that energy remains constant; it can be neither created or destroyed. It simply transforms from one form to another. While not a perfect analogy, data on a hard drive or other physical media is quite difficult to completely transform to the state of fully erased. While many have lost files and been unsuccessful in retrieving them, for an information security…

  • DNS Security: Defending the Domain Name System

    by Ben Rothke on November 22, 2016

    That you are reading this review, and my ability to post it are due in large part due to the Domain Name System (DNS). DNS is Wikipedia describes it is a hierarchical decentralized naming system for computers, services, or any resource connected to the Internet or a private network. It associates various information with domain names assigned to each of the participating entities. Most…

  • Hack-Proof Your Life Now! The New Cybersecurity Rules

    by Ben Rothke on November 2, 2016

    Far Side creator Gary Larson wrote that a high-school biology teacher once told him she showed her class a number of Far Side comics at the beginning of the school year and most of the students didn't get the humor. She said a goal of the class was that by the end of the year, they should have learned enough science to see the humor in the comics. Similarly, by the time a novice reader finishes …

  • Cybersecurity and Applied Mathematics

    by Ben Rothke on October 26, 2016

    Mathematics is an integral (no pun intended) part of information security and cryptography. The RSA cryptosystem is one of many examples—its foundation is based on mathematics. The core security of RSA is based on the practical difficulty of factoring the product of two very large prime numbers, known as the factoring problem. In elliptic curve cryptography (ECC), its security is based on the…

  • Information Security Policies, Procedures, and Standards: A Practitioner's Reference

    by Ben Rothke on October 13, 2016

    Security policies are like fiber (the kind you eat, not the telco type). Everyone agrees they are important, but often don’t want to deal with it. Most organizations eventually realize there comes a time that they are forced to tame the beast known as information security policies. They are often forced into this when it they get requests for a 3rd-party audit, PCI DSS compliance, visit from the…

  • Obfuscation: A User's Guide for Privacy and Protest

    by Ben Rothke on October 6, 2016

    Certain things in life just don't mix. When it comes to personal privacy, using Amazon and Facebook simultaneously is perhaps an example of a potentially dangerous privacy mix. With each site tracking your every search and click, it doesn’t take long until these merchants have a detailed dossier on your on-line habits. That's in addition to profiting of your personal buying habits. This is what…

Are you interested in contributing to the RSA Conference blog?  Download our 2017 Editorial Calendar for more info. 

This document was retrieved from http://www.rsaconference.com/blogs on Fri, 24 Mar 2017 06:07:57 -0400.
© 2017 EMC Corporation. All rights reserved.