RSA Security Blog: A Blog for Security Professiona

RSS Feed Homepage

Articles: 1, 2, 3, 4, 5, 6, 7

Mr. President, it's Time to Make Cyber Security a National Priority
2009-05-11 02:00:00
It is vitally important to national security and economic security that President Barak Obama fulfills a pledge that he made on the campaign trail concerning the security of our nation’s information infrastructure.  During the 2008 presidential campaign, Mr. Obama compared cyber security threats with other 21st century national security challenges such as biological and nuclear weapons.  He said at the time that he would declare the country’s critical infrastructure a national asset and that he would appoint a cyber advisor that would report directly to him.
More About: Security , National , Time , Cyber

Will the Real GRC Please Stand Up?
2009-05-05 02:00:00
Ok – I have to say that I am getting pretty tired of GRC as an abused acronym. This is Governance, Risk and Compliance for the very few of you who haven't had the good fortune to see it actually spelled out; or "Grick" if you haven't had the opportunity of hearing someone pronounce an acronym without a vowel in it.  
More About: Real , Stand Up , Stand

Remote Access Critical in Contingency Planning
2009-05-04 02:00:00
I have seen an interesting phenomenon in the last 24 hours: a lot of folks are calling and asking for sudden, urgent help with remote access.  The cause is apparently related to Swine Flu, but the root cause is both a fear for real people in our companies and a concern about maintaining business functions in a time of doubt, worry and fear.
More About: Planning , Access , Remote Access , Remote

What is RSA Anyway?
2009-04-29 02:00:00
At the RSA Conference, I was asked a lot about what we “are” as the security division of EMC.  I think I’ve come up with a pretty clean and clear way to answer that in a few simple statements.

Speaking of Security Podcast #146
2009-04-28 02:00:00
Click to Download/Listen (8:37) On this week's podcast, Forrester's Rob Koplowitz talks about the growth of Microsoft SharePoint in enterprises and the importance of putting governance around SharePoint as the platform becomes more strategic to companies.
More About: Security , Podcast , Speaking

RSA Answers the Call To Arms
2009-04-27 02:00:00
In Art’s keynote last week at RSA Conference, he made a clear call to the industry.  We have to be more organized, more coordinated and more collaborative than either the enemy or than the industry has a history of being.  Art had three calls to action: Integrate and Interoperate Create and Adopt Standards Share Technology
More About: Answers , Arms , Call

Who is the Man in the Middle?
2009-04-27 02:00:00
So, at RSA Conference, I think I met the actual Man-in-the-Middle .  He was pretty tall and was smoking a cigar outside the Moscone center.  He was hanging out with a sort of shady-looking guy with a nondescript accent, covered in tattoos. This man was the actual Man-in-the-Browser.

What do RSA's Announcements at Conference mean for Europe?
2009-04-23 02:00:00
RSA Conference in San Francisco is unusually “hot” this week. With temperatures reaching record highs outdoors, in the second of my posts from Conference, I thought I’d take shelter inside and consider the announcements delivered by RSA at the show, and specifically my thoughts on their impact for us over in EMEA.
More About: Europe

The Goby and the Shrimp
2009-04-23 02:00:00
What if virtualization makes security more effective and eficient? What if virtualization actually reduces the cost of security? The relationship between virtualization and security is indeed symbiotic. It reminds me of the endearing mutualism between the goby fish and the pistol shrimp.
More About: Shrimp

Learning lessons (at RSA Conference) the easy way
2009-04-22 02:00:00
On Monday April 20th, I had the pleasure of speaking at and taking part in two forums: "Harnessing the Power of Digital Identity: 2009 and the Promising Road Ahead" sponsored by Project Concordia and the Liberty Alliance, and the RSA Conference eFraudNetwork Forum.
More About: Learning , Easy , Lessons , Easy Way

PCI Compliance and Virtualization: Feedback from QSAs
2009-04-22 02:00:00
So the RSA Conference is off to great start.  It’s definitely one of my favorite times of the year given the tremendous amount of information security interest and expertise in one place.
More About: Virtualization , Feedback , Compliance

RSA Conference 2009: An EMEA Perspective
2009-04-22 02:00:00
Greetings from RSA Conference 2009 in San Francisco. As the only RSA blogger currently based in Europe, I’ve given myself the challenge of trying to use my blog to bring a EMEA perspective to the thoughts, themes and announcements from this year’s show.
More About: Perspective

Why is Risk-Based, Adaptive Authentication so Important in Providing Choice
2009-04-21 02:00:00
Consider two gunslingers – we’ve all seen this one on TV and in the movies.  One has his gun drawn, the other has a gun in his holster.  Some witty dialog ensues.  Eventually, the one with his gun in his holster goes for the draw…and gets shot and dies. 
More About: Risk , Choice , Authentication

The RSA Share Project: A Software Security Developer Community
2009-04-21 02:00:00
This week, RSA, the Security Division of EMC, launched the RSA Share Project --  an important milestone for those of us interested in advancing the adoption of security practices across the software developer community.  According to the press release, the project is “designed to bring world-class security tools within reach of corporate and independent software developers” and “features the launch of a new online community designed to provide support, answers and strategies from security experts as well as no-cost access to technology from RSA”.
More About: Software , Community , Developer

Speaking of Security Podcast #145
2009-04-21 02:00:00
Click to Download/Listen (7:06) The Speaking of Security Podcast is providing extensive coverage of RSA news during RSA Conference week. We will be presenting two podcasts. The first is an overview of all the product and solution announcements made by RSA this week. The second (featured here) is a podcast discussing an addition to the authentcation solution portfolio.

Speaking of Security Podcast #144
2009-04-20 02:00:00
Click to Download/Listen (6:49) The Speaking of Security Podcast is providing extensive coverage of RSA news during RSA Conference week. We will be presenting two podcasts. The first (featured here) is an overview of all the product and solution announcements made by RSA this week. The second is a podcast discussing an addition to the authentcation solution portfolio.

Tetraktys: A Cryptographic Thriller Novel
2009-04-20 02:00:00
My cryptographic thriller novel Tetraktys is slated for official release in July. My publisher is launching it this week, however, in a pre-release event at the RSA Conference.
More About: Thriller

The Downfall of Chao: Behind the Scenes of an Online Fraudster's Arrest
2009-04-20 02:00:00
When Chao was arrested in September 2008, something in the veil of anonymity surrounding cyber crime was lifted. This blog will reveal previously undisclosed information regarding this case.
More About: Arrest , Behind The Scenes , Online , Scenes

The Greatest Internet Generation...or Threat 2.0?
2009-04-20 02:00:00
On the plane out to RSA Conference this weekend, I thought about some not-so-obvious results of the recent economic downturn.  I was watching a movie that involved WWII and the effect of de-mobilization on the U.S. economy in post-war years.  This is a positive example of what a large group of organized, motivated people can do: what Tom Brokaw termed “the greatest generation” 
More About: Internet , Generation

"My software is secure, I use encryption!"
2009-04-17 02:00:00
“My software is secure, I use encryption!” How many times have we, software security practitioners, heard this when engaging with software development teams?
More About: Software , Encryption , Secure

PCI DSS Compliance and Virtualization: Guidance Needed
2009-04-16 02:00:00
Earlier this week, I was meeting with a customer, discussing how some of their strategic IT projects they are undertaking in 2009 would impact their efforts around PCI DSS compliance.  This customer is a manufacturer for the consumer market and is classified as a Level 1 Merchant.  Like many organizations in today’s environment, their overarching goal in 2009 is “doing more with less.”
More About: Virtualization , Compliance

Not with a whimper but with a bang*
2009-04-15 02:00:00
We’ve had a lot of activity at RSA around hosted services, and the tremendous potential of things like Virtualization and Cloud Computing have naturally come up given the EMC and VMware emphasis on these subjects.  Some of the recent activity has come in wake of a spike in interest in the financial services vertical specifically for the SaaS version of RSA Adaptive Authentication, which continues to experience a growth in interest in the past few quarters. 
More About: Bang

DLP and Voodoo Metrics
2009-04-13 02:00:00
About two weeks, I had the opportunity to deliver a keynote at the CSO Executive Seminar Series on DLP.  After my “15 minutes of fame”, I had the opportunity to sit in on one of the DLP talks from one of the other vendors.  The speaker shared a Ginormiacous (free drinks from me at RSA Conference for the first person to correctly identify this cultural reference) quantity of data that drove home the point that a lot of sensitive data is getting lost and that this is costing organizations lots of money.
More About: Metrics , Voodoo

A Recipe for a Successful Software Security Assurance Initiative
2009-04-07 02:00:00
Having the responsibility for securing a portfolio of more than 100 products, I have dealt with thousands of engineers, product managers and other stakeholders across EMC and RSA to get them to adopt security development best practices.
More About: Software , Security , Recipe , Initiative

Speaking of Security Podcast #143
2009-04-07 02:00:00
Click to Download/Listen (7:42) This week's Speaking of Security podcast features Part Two of a discussion on the latest online fraud trends.
More About: Podcast

Security When Things Go 'Boom' - DR for Security Controls
2009-04-06 02:00:00
In the previous two installments of my blog we discussed some of the considerations when evaluating security in the context of disaster recovery, and drilled down a bit into the specific area of security as a disaster. Now let’s look at another aspect of the relationship between security and disaster recovery (DR) - making sure your security controls are available when a disaster occurs.
More About: Security , Things , Boom

Speaking of Security Podcast #142
2009-04-01 02:00:00
Click to Download/Listen (11:00) This week's Speaking of Security podcast features a discussion of the latest online fraud issues and trends.
More About: Podcast

Should PCI Standards Be Scrapped?
2009-04-01 02:00:00
The heightened focus on cyber security and cyber crime issues in Washington, D.C. continued today with a hearing in the House of Representatives Homeland Security Committee.  Entitled “Do the Payment Card Industry Data Standards Reduce Cybercrime,” the hearing was convened by the Subcommittee on Emerging Threats, Cyber Security, and Science and Technology, which is chaired by U.S. Rep. Yvette Clarke (D-NY).  

Understanding the Crowd Part II: You Must Think Like a Thief
2009-03-26 01:00:00
At the end of my last blog entitled Understanding the Crowd : To Catch a Thief (Part I) posted on  March 23rd, I referred to a formula that Amrit Williams and I have created for assessing the likelihood of a given method of security attack’s launch over the Internet and the relative probability that an exploit will occur.
More About: The Crowd

Understanding the Crowd: To Catch a Thief (Part I)
2009-03-23 01:00:00
Last week, Amrit Williams and I presented the results of our research paper at SOURCE Conference that we’ve been working on and thinking about for over a decade now.  It started when I did Malware research at a previous company, and watching the ebb and flow of malware (and the related FUD). This reminded me of watching the tide rise on a shore, or perhaps a slightly more intelligent phenomenon like the movement of a flock of birds or a school of fish.  We’ve all seen flocks of birds, and the sudden changes come about that cause a curtain-like ripple throughout the flock.  I couldn’t escape the feeling that there was a pattern here among the samples that could be both modeled and predicted.
More About: The Crowd , Part , Catch , Understanding , Crowd