In light of recent news that the FBI arrested another NSA contractor for allegedly stealing state secrets in August, we sat down with insider threat expert Dawn Cappelli, Vice President and Chief Information Security Officer at Rockwell Automation, to talk about what businesses can do to combat malicious insider activity. RSAC: What are the different types of insider threats companies need to be…
When it comes to Edward Snowden, the question has often been posed as: is he a patriot or a traitor? In The War on Leakers: National Security and American Democracy, from Eugene V. Debs to Edward Snowden (The New Press 1620970635), author Lloyd Gardner, professor emeritus of history at Rutgers University, has written a fascinating work showing that the question of leakers and whistleblowers is…
The good thing about encryption is that it can make your data virtually impossible to be read by anyone except those you allow. The bad thing about encryption is that it’s relatively easy to do wrong. And in many cases, people have made configuration errors such that they have locked themselves out of their own data. In Encryption Made Simple for Lawyers (American Bar Association - 978-16342505…
We're all familiar with the attacker versus defender dynamic, and how it plays out culturally in the security industry -- just say the word "cyber" and see who winces, for example. But it all used to stay "in the family," where red and blue team activities were confined to security professionals, either within security vendor companies or within organizations that had their own security staff. …
Devices provide imperfect information security protection, even if they are considered acceptable for purposes of satisfying a legal obligation to follow industry security standards. An advanced warning system that predicts the likelihood of cyber attack may ultimately be more effective and less costly if well designed and executed. Private organizations have tremendous technical capacity to…
By all means, you should try to attend at least one Peer-2-Peer session while at RSA Conference this year. These sessions let you dig into a specific security topic you care about with your industry peers. It is a great opportunity to learn what other people are doing and walk away with new ideas. Wondering which conversation will be the most relevant to your job role and concerns? We asked each…
A firm can spend decades building a brand into one that inspires trust. Unfortunately, social media can quickly destroy that trust in an instant. In Social Media Security: Leveraging Social Networking While Mitigating Risk, author Michael Cross provides a comprehensive overview of the security and privacy risks around social media. The book lives up to its title and effectively shows the reader…
The President’s State of The Union address Tuesday night addressed Information Security for the second time in three years. Two years ago, in 112 words, the President announced the NIST Framework, increased information sharing through executive action, and called for the nation to “face the rapidly growing threat from cyber-attacks.” The threat then was theft of corporate secrets and “real threats…
The U.S. government launched a major law enforcement project, the National Data Exchange (N-DEx), in March 2008 to facilitate cases, criminal information, and available evidence among cooperating agencies. It's 2014, and the project is languishing. N-DEx was designed as an information repository that federal, state, and local law enforcement could tap for a variety of purposes, with the basic idea…
One of my favorite quotes—attributed to either Admiral Grace Hopper or computer science professor Andy Tanenbaum—goes something like this: "The nice thing about standards is that there are so many to choose from." It’s true in the information security world, too. Standards, Standards Everywhere! Let’s first settle what we mean by security standards. There's no shortage of recommendations on how to…
Are you interested in contributing to the RSA Conference blog? Download our 2018 Editorial Calendar for more info.
This document was retrieved from http://www.rsaconference.com/blogs on Sun, 24 Jun 2018 16:49:17 -0400.