Directory —
Technology —
Blog Details for "RSA Security Blog: A Blog for Security Professiona"
RSA Security Blog: A Blog for Security ProfessionaRSA Security Blog: A Blog for Security ProfessionaThe RSA Security Blog, Speaking of Security, features a group of experts, each of whom has knowledge and interest in different areas of the industry: research, developer solutions, engineering and government policy. A Security Blog for anyone seriou Articles
Internet Gangsta or Fall Guy for the Dark Cloud?
2009-08-19 02:00:00 I think most of us have heard this proverb: “It takes a village to raise a child,” (popularized by U.S. Secretary of State Hillary Clinton). It also, though, takes a community to raise a criminal, to foster him or her and to create the economies that allow criminals to “cash out” effectively. More About: Internet , Dark , The Dark , Cloud , Fall
Payday Loan Scam Just One of Many Ways Fraudsters Can Exploit Personal Info
2009-08-18 02:00:00 The Better Business Bureau recently issued an alert that warned consumers about a scam where fraudsters are calling people who have taken out payday loans (also known as a paycheck advance or payday advance) and coercing them into paying off the loans or risk being arrested. The scary thing about the scam is the type of information the fraudsters have been able to collect on the individuals. More About: Personal , Exploit , Info , Loan , Scam
Dark Cloud
2009-08-18 02:00:00 Everyone seems to be in the Cloud s these days. Cloud Computing is certainly something we hear about more and more. The IT industry races full steam ahead into the great shapeless nebula that promises unfathomable rewards such as vast economy of scale and unimaginable resource effectiveness. More About: Dark
Speaking of Security Podcast #158
2009-08-17 02:00:00 Click to Download/Listen As the current economic downturn continues, global companies are evaluting outsourced solutions for many functions. This week's Speaking of Security podcast features a discussion on security in an outsourced world. Christoper Leach, SVP and CSO from Affiliated Computer Services is our guest. More About: Podcast
How accidentally leaving your bag on the bus can cost £100m
2009-08-11 02:00:00 RSA's research shows that accidental insider risk incidents are much more common than deliberate insider threats — but many organizations underestimate their scale and potential impact. More About: Cost , Pound
Speaking of Security Podcast #157
2009-08-10 02:00:00 Click to Download/Listen The Speaking of Security podcast this week features a discussion with Burt Kaliski from EMC's Innovation Network. He talks about how EMC is encouraging the sharing of ideas among its employees around the theme of innovation at a multi-venue event this fall. More About: Podcast
Kwon departs government but can still contribute a lot to improving our nat
2009-08-10 02:00:00 It's true. Mischel Kwon has resigned from her post of Director of the U.S. CERT at the Department of Homeland Security. A significant loss for the Department will be a major gain for RSA, The Security Division of EMC, as Mischel is a talented, hard working senior security professional with experience in both the public and private sectors. We are delighted to have her join our company as a member of the RSA/EMC team. More About: Government , Contribute
Although motivated by personal gain, insider theft also causes harm
2009-08-05 02:00:00 When insiders steal confidential information from their employers, they're usually thinking about personal profit. The person who sold confidential information about British MPs' expenses to the Daily Telegraph certainly seems to have been motivated primarily by financial gain — rather than public interest — given the sums of money that have been mentioned. More About: Personal , Theft , Insider , Harm
Keep the Bar High to Avoid Clickjacking (and Anything-jacking/Anything-ishi
2009-08-04 02:00:00 Well, the arms race continues in the world of online fraud; and some of the latest hype appears to be around Clickjacking. Just last week, I had a partner call me regarding this attack vector and it was held up matter-of-factly to them as the be-all, end-all, latest and greatest attack on the Internet. I call it hype because it's a next step in a chain of incremental refinements in online attack techniques: this truly is an arms race. More About: High , Avoid , Jacking
Dan Kaminsky's New PKI Hack Discovery - The EMC/RSA viewpoint
2009-07-30 02:00:00 At the BlackHat Conference on July 29, Dan Kaminsky from IOActive talked about new collision attacks against the global X.509 CA infrastructure. Here’s a brief vendor view about this issue with some background about the effort that went in over the last few weeks by the various vendors affected by the issue from the time Dan identified it, and the steps EMC/ RSA is taking to remediate the impact across its products and protect its customers. More About: Discovery , Hack , Viewpoint
Defining Software Assurance
2009-07-29 02:00:00 The term “software assurance” is often used interchangeably with the term “software security” to refer to the practices of avoiding and detecting unintentional vulnerabilities during the software development process. More About: Software
New data breach research looks at 'misuse and abuse' of corporate resources
2009-07-28 02:00:00 I recently came across the very useful '2009 Data Breach Investigations Report' from Verizon Business. It makes some particularly interesting points about insider risk. More About: Abuse , Resources , Research , Corporate
Securing the Software Supply Chain – Industry Releases Framework for
2009-07-27 02:00:00 I wrote in two blog posts last October that the U.S. government and other nations around the world are focusing more attention on product security and technology supply chain issues. In my blog on October 14, 2008 I stated: “Government buyers nearly everywhere are insisting on more secure products and some level of assurance that the software or hardware that you are selling them is secure.” More About: Software , Industry , Supply Chain , Framework , Chain
Speaking of Security Podcast #156
2009-07-27 02:00:00 Click to Download/Listen This week's Speaking of Security podcast features an extended interview with Uri Rivner, Head of New Technologies for RSA's Identity Protection and Verification Solutions group. He touches upon many different topics in this podcast including some of the major trends that the RSA Anti-Fraud Center has identified in the past year. More About: Podcast
Speaking of Security Podcast #155
2009-07-22 02:00:00 Click to Download/Listen RSA announces the availability of a software token for iPhone devices. Hear about it on a Special Edition of the Speaking of Security podcast. More About: Podcast
Putting the "I" in Information (and in Internet, RSA SecurID, and iPhone)
2009-07-22 02:00:00 I recall when Generation X was the “Me” generation, but I think that title was a little premature. In fact, it might be that Generation Y and the ones that follow will be more empowered than good old Gen X ever was. Generation Y is really the “I” generation, so as long as you pronounce “Y” like “eye” we should be fine. More About: Internet , Information , Iphone , Putting
Speaking of Security Podcast #154
2009-07-20 02:00:00 Click to Download/Listen RSA Conference Europe is approaching fast. The Speaking of Security podcast presents an overview of the event, including early-bird registration information. More About: Podcast
XMLDsig flaw and the case for vendor collaboration on security vulnerabilit
2009-07-14 02:00:00 Today, the U.S. CERT published an advisory (VU#466161; CVE-2009-0217) reviewing how the support for HMAC truncation by XMLDsig can lead to an authentication bypass. While the advisory needs to be taken seriously to address potential vulnerabilities in applications that require message authentication and integrity, I wanted to write some of my thoughts about its impact and also how vendor collaboration on this issue led us to create an effective and timely remediation strategy for EMC and RSA customers. More About: Security , Case , Collaboration
Speaking of Security Podcast #153
2009-07-13 02:00:00 Click to Download/Listen Derek Brink from Aberdeen Group joins us on the Speaking of Security podcast to discuss building a cost-based case for Data Protection. More About: Podcast
An Opportunity to Influence the Art of Secure Software Development
2009-07-08 02:00:00 Until the end of July, all who have a passion for software assurance can turn their passion into an opportunity to influence the content of one of the foremost reference documents on the topic. More About: Software , Software Development , Development , Opportunity , Influence
A Paradigm Shift in Protecting Cardholder Data?
2009-07-07 02:00:00 Lately, many customers have asked about their options for meeting PCI’s data protection requirements. While encryption and key management are the most widely adopted technologies – and continue to be the preferred solution for most - I’ve seen a major increase in the number of organization interested in using a token (or alias) as a substitute for storing real credit card numbers in their environment. More About: Data , Shift
Speaking of Security Podcast #152
2009-07-06 02:00:00 Click to Download/Listen This week's Speaking of Security podcast tackles the topic of Virtualization, with Sam Curry, VP of Product Management for RSA. More About: Podcast
Security When Things Go 'Boom' Part III - Returning to Normal
2009-07-01 02:00:00 OK, we're in the home stretch - this is the final entry in my 'Security and Disaster Recovery' series. So far we've covered security incidents as disasters, DR for security controls and the security of your DR environment. The last area of consideration is what happens when you need to return to normal operations. The disaster has occurred, you've successfully moved to your DR environment, and things have been humming along. Now the damage to your primary site has been repaired and you're ready to move back - how does this impact security? More About: Part , Things , Boom
The Birth of the Virtual Datacenter Administrator
2009-07-01 02:00:00 I recently spoke at a VMware user group conference about securing virtualization. The audience comprised datacenter administrators and managers who are at the center of their organization's virtualization initiatives. I was fortunate to be able to talk with several of them at length about their experiences in virtualizing datacenters. There are several trends to note. More About: Virtual , Birth , Administrator
The expanding complexity of 'insiders': what you need to take into account
2009-06-30 02:00:00 At the April 2009 RSA Conference, over 500 speakers discussed the most pressing information security issues organizations face today. I was very interested to hear the Carnegie Mellon University Software Engineering Institute (SEI) talking about best practices for mitigating insider threat. (As discussed in my previous blog, this is the aspect of insider risk dealing with insiders who deliberately exploit security vulnerabilities to cause harm or for personal gain.) More About: Insiders , Account
ISO-ish
2009-06-25 02:00:00 The conversation develops with such consistency and regularity I've begun to wonder why I still ask. But I do. Without fail, at every customer I meet I utter the question "do you use any frameworks to help with your governance, risk, and compliance?"
Insider risk and insider threat: what's the difference and why does it matt
2009-06-23 02:00:00 What does the term 'insider risk' mean to you? Does it make you think about employees sabotaging systems, or stealing confidential information for their own benefit? More About: Risk , Matt , Difference , Insider
Speaking of Security Podcast #151
2009-06-22 02:00:00 Click to Download/Listen Roland Cloutier, VP and CSO of EMC joins us on this week's Speaking of Security podcast. More About: Podcast
Security When Things Go 'Boom' Part II - Securing Your DR Environment
2009-06-18 02:00:00 Sorry for the delay in updating my blog - for some reason Q2 seems to be the event season, and we've been pretty busy here at RSA supporting HIMSS, RSA Conference, MS TecEd, EMC World and a bunch of other events. Anyway, it's time to continue our discussion of the relationships between security and disaster recovery. In this entry we'll take a look at what needs to be considered to ensure your DR environment itself remains secure. More About: Security , Environment , Part , Things , Boom
The more things change the more they seem to stay the same. When are we goi
More articles from this author:2009-06-11 02:00:00 Recently there has been a lot of chatter about how security teams need to get out ahead of the latest technology advances. There is talk about how cloud computing and virtualization are going to take business to new levels and enable new relationships. On top of this social networking is finding its way into the business environment and raising concern that with mounting financial pressures businesses won’t be prepared to address the increased risks these technologies introduce. More About: Change , Things , Stay 1, 2, 3, 4, 5, 6, 7 |
