Directory —
Technology —
Blog Details for "RSA Security Blog: A Blog for Security Professiona"
RSA Security Blog: A Blog for Security ProfessionaRSA Security Blog: A Blog for Security ProfessionaThe RSA Security Blog, Speaking of Security, features a group of experts, each of whom has knowledge and interest in different areas of the industry: research, developer solutions, engineering and government policy. A Security Blog for anyone seriou 
Articles
Speaking of Security Podcast #155
2009-07-22 02:00:00 Click to Download/Listen RSA announces the availability of a software token for iPhone devices. Hear about it on a Special Edition of the Speaking of Security podcast. More About: Podcast
Putting the "I" in Information (and in Internet, RSA SecurID, and iPhone)
2009-07-22 02:00:00 I recall when Generation X was the “Me” generation, but I think that title was a little premature. In fact, it might be that Generation Y and the ones that follow will be more empowered than good old Gen X ever was. Generation Y is really the “I” generation, so as long as you pronounce “Y” like “eye” we should be fine. More About: Internet , Information , Iphone , Putting
Speaking of Security Podcast #154
2009-07-20 02:00:00 Click to Download/Listen RSA Conference Europe is approaching fast. The Speaking of Security podcast presents an overview of the event, including early-bird registration information. More About: Podcast
XMLDsig flaw and the case for vendor collaboration on security vulnerabilit
2009-07-14 02:00:00 Today, the U.S. CERT published an advisory (VU#466161; CVE-2009-0217) reviewing how the support for HMAC truncation by XMLDsig can lead to an authentication bypass. While the advisory needs to be taken seriously to address potential vulnerabilities in applications that require message authentication and integrity, I wanted to write some of my thoughts about its impact and also how vendor collaboration on this issue led us to create an effective and timely remediation strategy for EMC and RSA customers. More About: Security , Case , Collaboration
Speaking of Security Podcast #153
2009-07-13 02:00:00 Click to Download/Listen Derek Brink from Aberdeen Group joins us on the Speaking of Security podcast to discuss building a cost-based case for Data Protection. More About: Podcast
An Opportunity to Influence the Art of Secure Software Development
2009-07-08 02:00:00 Until the end of July, all who have a passion for software assurance can turn their passion into an opportunity to influence the content of one of the foremost reference documents on the topic. More About: Software , Software Development , Development , Opportunity , Influence
A Paradigm Shift in Protecting Cardholder Data?
2009-07-07 02:00:00 Lately, many customers have asked about their options for meeting PCI’s data protection requirements. While encryption and key management are the most widely adopted technologies – and continue to be the preferred solution for most - I’ve seen a major increase in the number of organization interested in using a token (or alias) as a substitute for storing real credit card numbers in their environment. More About: Data , Shift
Speaking of Security Podcast #152
2009-07-06 02:00:00 Click to Download/Listen This week's Speaking of Security podcast tackles the topic of Virtualization, with Sam Curry, VP of Product Management for RSA. More About: Podcast
Security When Things Go 'Boom' Part III - Returning to Normal
2009-07-01 02:00:00 OK, we're in the home stretch - this is the final entry in my 'Security and Disaster Recovery' series. So far we've covered security incidents as disasters, DR for security controls and the security of your DR environment. The last area of consideration is what happens when you need to return to normal operations. The disaster has occurred, you've successfully moved to your DR environment, and things have been humming along. Now the damage to your primary site has been repaired and you're ready to move back - how does this impact security? More About: Part , Things , Boom
The Birth of the Virtual Datacenter Administrator
2009-07-01 02:00:00 I recently spoke at a VMware user group conference about securing virtualization. The audience comprised datacenter administrators and managers who are at the center of their organization's virtualization initiatives. I was fortunate to be able to talk with several of them at length about their experiences in virtualizing datacenters. There are several trends to note. More About: Virtual , Birth , Administrator
The expanding complexity of 'insiders': what you need to take into account
2009-06-30 02:00:00 At the April 2009 RSA Conference, over 500 speakers discussed the most pressing information security issues organizations face today. I was very interested to hear the Carnegie Mellon University Software Engineering Institute (SEI) talking about best practices for mitigating insider threat. (As discussed in my previous blog, this is the aspect of insider risk dealing with insiders who deliberately exploit security vulnerabilities to cause harm or for personal gain.) More About: Insiders , Account
ISO-ish
2009-06-25 02:00:00 The conversation develops with such consistency and regularity I've begun to wonder why I still ask. But I do. Without fail, at every customer I meet I utter the question "do you use any frameworks to help with your governance, risk, and compliance?"
Insider risk and insider threat: what's the difference and why does it matt
2009-06-23 02:00:00 What does the term 'insider risk' mean to you? Does it make you think about employees sabotaging systems, or stealing confidential information for their own benefit? More About: Risk , Matt , Difference , Insider
Speaking of Security Podcast #151
2009-06-22 02:00:00 Click to Download/Listen Roland Cloutier, VP and CSO of EMC joins us on this week's Speaking of Security podcast. More About: Podcast
Security When Things Go 'Boom' Part II - Securing Your DR Environment
2009-06-18 02:00:00 Sorry for the delay in updating my blog - for some reason Q2 seems to be the event season, and we've been pretty busy here at RSA supporting HIMSS, RSA Conference, MS TecEd, EMC World and a bunch of other events. Anyway, it's time to continue our discussion of the relationships between security and disaster recovery. In this entry we'll take a look at what needs to be considered to ensure your DR environment itself remains secure. More About: Security , Environment , Part , Things , Boom
The more things change the more they seem to stay the same. When are we goi
2009-06-11 02:00:00 Recently there has been a lot of chatter about how security teams need to get out ahead of the latest technology advances. There is talk about how cloud computing and virtualization are going to take business to new levels and enable new relationships. On top of this social networking is finding its way into the business environment and raising concern that with mounting financial pressures businesses won’t be prepared to address the increased risks these technologies introduce. More About: Change , Things , Stay
The Security Apartheid: The beginning of the end?
2009-06-09 02:00:00 Security has been notably absent from earlier evolutions in the computing industry. For long, the industry has evolved through two parallel universes: 1) The IT infrastructure universe creating innovative techniques to compute, communicate and store information with little to no security consideration and 2) the IT security universe trying to solve the security problems newly created by IT innovators. More About: Security , The Beginning of the End
Speaking of Security Podcast #150
2009-06-09 02:00:00 Click to Download/Listen This week marks the 150th edition of the Speaking of Security podcast. We discuss the recent release of President Obama's 60- day cyber security review and the creation of a "cyber coordinator" position in his administration. We also have news on the 2009 Gartner Magic Quadrant for Security Information and Event Management. RSA/EMC is positioned in the leader's quadrant for the sixth consecutive year. More About: Podcast
The Security-aware Cloud
2009-06-05 02:00:00 To build security into the IT infrastructure demands much more than secure software. It is also about having the IT infrastructure products deliver intrinsic security value as a core capability of the product and fully integrated in terms of management and enforcement with the other non-security related capabilities of that product. More About: Security , Cloud , Aware
PCI Certified Products???
2009-06-02 02:00:00 Recently, I’ve been receiving inquiries from customers, asking if a certain product is PCI DSS “compliant,” “certified,” or “validated”. More About: Products
Generational Conflict, Security and an "Information Bill of Rights"
2009-06-01 02:00:00 In my college days, I would go into the wonderful old mills of UMass Lowell. I remember seeing signs on the walls that were old and, I suppose, historical pieces. One of them always struck me: it said “no singing, eating or dancing.” More About: Security , Information , Rights , Conflict , Bill of Rights
There Is No Spoon
2009-05-26 02:00:00 Over the last 12 months we’ve been hearing more and more from our customers about Governance, Risk, and Compliance (commonly known under the acronym “GRC”). Sam Curry began to dive into the subject with his blog entry Will the Real GRC Please Stand Up? and did a great job of summarizing the emerging attitudes from some of the market analysts. More About: Spoon
Speaking of Security Podcast #149
2009-05-26 02:00:00 Click to Download/Listen (11:05) This week's Speaking of Security podcast features a discussion on securing personally identifiable information with Jon Oltsik, Principal Analyst for Enterprise Strategy Group. More About: Podcast
Nothing Can Come of Nothing
2009-05-22 02:00:00 Two things amuse me when they are misunderstood in security, and they really are axioms of the industry. Folks involved in security should know and think about these two principles, and part of me is putting this out there in the hope that folks will take issue with this!
Little Orange Line – Breaking Out of the Zero Sum Security Curve
2009-05-20 02:00:00 I went to Courion’s Converge conference, where they bring their customers together to share wisdom around Identity Management and tips-and-tricks and the like – this is a lot like the early spirit of the EMC World and in fact like many user groups. More About: Security , Orange , Curve , Line , Breaking
Conspiracy Theory
2009-05-20 02:00:00 Don't you just love conspiracy theories? Here's a new one for you. April 21, 2009: F35 Fighter Jet Program Breached The Wall Street Journal reported a data breach in the F35 Joint Strike Fighter Jet program. According to the report, someone allegedly hacked into one of the program's databases – perhaps run by a third party involved in the project – and siphoned off an unknown amount of sensitive information. The breach was apparently in an area connected to the Internet and databases segregated from the Web were not affected. More About: Theory , Conspiracy , Conspiracy Theory
Speaking of Security Podcast #148
2009-05-18 02:00:00 Click to Download/Listen (7:15) This week's Speaking of Security podcast features a topical discussion on business continuity planning. Recent global concerns regarding a potential Swine Flu pandemic have organizations looking at possible operational and business disruptions. Sam Curry, VP of Product Management for RSA is our guest. More About: Podcast
A Security Engineering Training Framework
2009-05-12 02:00:00 If there is one topic on which most security practitioners agree, it is the fact that employee training must be part of your organization’s security strategy. More About: Security , Engineering , Training , Framework
Speaking of Security Podcast #147
2009-05-11 02:00:00 Click to Download/Listen (14:00) This week's Speaking of Security podcast presents a lively conversation with Shannon Kellogg, Director of Information Security Policy for EMC's Office of Government Relations on security related activity in Washington, DC. More About: Podcast
Ground-Up SharePoint Governance
More articles from this author:2009-05-11 02:00:00 In case you hadn't noticed, SharePoint is everywhere (a bit like pig flu hysteria). It's a great success story for Microsoft, and the release of MOSS 2007 added a ton of features that inspired businesses to either roll out the platform or upgrade. Once SharePoint is made available, there is no turning back... good luck wrestling a site out of the hands of a department that's come to rely on it. More About: Ground , Governance , Sharepoint 1, 2, 3, 4, 5, 6, 7 |
|
