RSA Security Blog: A Blog for Security Professiona

RSS Feed Homepage

Articles: 1, 2, 3, 4, 5, 6, 7

Top Five Intriguing Ideas for Authentication in 2008
2007-12-10 01:00:00
Controls as part of a broader strategy Organizations still make decisions on how to authenticate requests (often users) based on individual applications, infrastructure deployments or regulatory requirements. This is one of the contributors to a â??quilt of security doiliesâ?�, to paraphrase the CTO of a top bank who I met recently. Point security solutions have proliferated throughout organizations making it very difficult and costly to manage. In 2008 , organizations will increasingly adopt frameworks like Information Risk Management to assess which threats to mitigate, inventory the types of controls (including authentication) that they need and take a more holistic approach to implementing their strategy...
More About: Ideas , Authentication , Then

Speaking of Security Podcast #85
2007-12-03 01:00:00
Click here to listen/download (07:15). This week, hear from Ari Juels, Speaking of Security blogger and Chief Scientist for RSA Laboratories. Ari tells us about some projects that his team is working on including "Proofs of Retrievability" and the WARP token for wireless authentication.
More About: Podcast

Massive data loss by key U.K. government agency could effect millions of Br
2007-11-26 01:00:00
Not since the infamous U.S. Veterans Administration breach, when a laptop containing information on 26.5 million veterans was stolen in 2006, have we seen a breach of sensitive data like the one that occurred in the United Kingdom last week. According to news reports, two disks containing the records of 7.25 million families and around 25 million people were lost by Her Majesty's Revenue and Customs agency as they were being transferred to the UK's National Audit Office.
More About: Government , Agency , Data , Loss , Effect

Is the Bush Administration Getting Serious About Information Security?
2007-11-16 01:00:00
Earlier this month, President Bush requested $154 million in FY2008 funding for expanding cyber security initiatives at the Department of Homeland Security (DHS) and other federal agencies. The majority of the initial budget request (which would shift current government fiscal year money from other projects) will reportedly be focused on expanding DHS's "Einstein" program, which is run by the U.S. Computer Emergency Readiness Team. See this Federal Computer Week story by Jason Miller titled White House officials ask for $154 million in new cybersecurity spending for more background.
More About: Information , Bush administration , Information Security

Focus on software assurance increases in U.S., U.K. and other markets
2007-11-15 01:00:00
I traveled quite a bit during the month of October - which was National Cyber Security Awareness month here in the U.S. - and there was one issue that came up frequently during my various business trips to locations around the U.S. and one to London: software assurance. It's really a continuation of a theme that I have come across during the course of the last couple of years: as breaches of information security have become more and more frequent - whether perpetrated by cyber-criminals looking to make a fast buck; or by nefarious actors breaking into systems to commit espionage; or in the case of entire countries (e.g. Estonia) that have seen their critical infrastructure attacked via cyberspace - governments have become increasingly focused on product security. The issue of security within products that are integral parts of systems or networks is clearly gaining the attention of government decision makers around the world...
More About: Software , Markets , Focus

Speaking of Security Podcast #84
2007-11-12 01:00:00
Click here to listen/download (07:27). Paul Joyal speaks with Dan Wilson, Vice President and Co-Founder of Accuvant, one of RSA's key channel partners about their business, their information-centric strategy for security, and a recent award that they received. Please note that we will be taking a short break for the U.S. Thanksgiving holiday, but will be back with another podcast for the week of December 3, 2007.
More About: Security , Podcast , Speaking

Speaking of Security Podcast #83
2007-11-05 01:00:00
Click here to listen/download (09:56). Matt Buckley speaks with EMC Vice President of Technology Alliances, Chuck Hollis, about Security and Virtualization. Read more from Chuck at chucksblog.emc.com.
More About: Podcast , Speaking

Fish, Subprime Mortgages, and Data Storage
2007-11-02 01:00:00
In his Histories, Herodotus tells the story of Polykrates, overlord of the island of Samos. The king of Egypt counseled Polykrates to throw away some possession of great value, lest a surplus of good fortune bring him tragedy. Heeding this advice, Polykrates pitched his most prized possession, an emerald ring, into the sea. Several days later, a fisherman brought Polykrates a fish as tribute. When the fish was cut open, it was discovered to contain the fatal ring. (Polykrates was, of course, brutally murdered soon afterward.) Herodotus's story (and book) was crafted as a parable about hubris. It is also a good parable about banking--and more generally about risk...
More About: Fish , Storage , Data , Mortgages , Subprime

Smart Cards and Risk
2007-10-29 17:03:00
One of the concepts that RSA and EMC are starting to focus on more is risk. For some, risk has a negative connotation, such as the chance of suffering some type of loss or damage. From a finance perspective, risk is perhaps a more neutral term in that with increased risks (there is a relationship to volatility), one expects a greater return. This has relevance in information-centric security as well...
More About: Smart , Risk , Cards , Smart Car

Speaking of Security Podcast #82
2007-10-29 01:00:00
Click here to listen/download (08:07).Last week's RSA Conference Europe is over but you can hear from some of last week's expert speakers, like Marika Konings, Director of European Affairs for the Cyber Security Industry Alliance, in the Conference Podcast s section of www.rsaconference.com/2007/europe. Paul gets an event recap from the Conference Manager, Linda Lynch, and we share part of an interview with Marika from the show floor in this week's podcast.
More About: Speaking

Hey, do I know you?
2007-10-26 11:38:00
My friends have gotten tired of hearing me talk about how dreadful it is to be single. One of my friends S. (who has four children and a mortgage) suggested that I take over looking after his kids while *he* wakes up with a hangover next to a half-empty bottle of Jack Daniels and photos of a wild party and the younger sister of one of my work colleagues (Hi M!). Another friend, R, asked me why I don't frequent the singles bar scene. I replied that I'm looking for a sun-drenched wind-swept Ingrid Bergman kiss, a heart touching romance and a soul companion -- not some sordid meaningless fling. He sagely nodded his head and voiced his hopes that I enjoy the rest of my long life looking forward to dying alone...

U.S. House Passes Resolution on Cyber Security
2007-10-23 15:43:00
As issues around cyber security continue to heat up in the wake of several high profile data security breaches in the public sector -- and with increasing concern about cyber vulnerabilities in our nation's critical infrastructures, the U.S. House of Representatives passed a resolution this week recognizing the importance of the issue. The resolution, H. RES. 716, was introduced by Congressman Jim Langevin (D-RI) with strong bi-partisan support. The purpose of the Resolution was for: "Expressing the sense of Congress with respect to raising awareness and enhancing the state of computer security in the United States, and supporting the goals and ideals of National Cyber Security Month."...

IT Industry to Congress: Help Needed to Fight Cyber-crime
2007-10-23 15:25:00
On October 16th, in the bowels of the U.S. Capitol Building, the Business Software Alliance organized a briefing on cyber-crime issues that was attended by congressional staff members, industry experts and media representatives. Art Coviello, President of RSA, The Security Division of EMC, delivered the industry keynote; U.S. Representative Steve Chabot (R-OH) provided remarks from a congressional perspective. Congress man Chabot is a co-sponsor of H.R. 2290, the Cyber Security and Enhancement Act of 2007, along with U.S. Representative Adam Schiff (D-CA). H.R. 2290, if passed, would include changes to law that would: criminalize malicious botnet attacks...
More About: Industry , Crime , Fight

Speaking of Security Podcast #81
2007-10-23 12:19:00
Click here to listen/download (07:07).This week we revisit a recent RSA web seminar held in late September. Nick Selby, Security Research Director from the analyst firm, The 451 Group, shares some key tips for securing web portals, by providing the right protection and level of access to information for trusted identities. To review the entire 9/25 webcast replay, visit www.rsa.com/webseminars.
More About: Podcast , Speaking

Speaking of Security Podcast #80
2007-10-13 00:10:00
Click here to listen/download (08:07).October is National Cyber Security Awareness Month. We celebrate by speaking with James A. Lewis, Director and Senior Fellow, Technology and Public Policy Program at the Center for Strategic and International Studies in Washington, D.C., about cyber security in the federal government and around the world.
More About: Podcast , Speaking

Speaking of Security Podcast #79
2007-10-09 17:21:00
Click here to listen/download (10:39).Martin McKeay, among others, have recently blogged about the value of the CISSP (Certified Information Systems Security Professional) certification. Paul Joyal speaks with leading IT author, Shon Harris, about the CISSP and other certifications that IT Security Professionals seek to add to their credential lists and knowledge-bases.
More About: Podcast , Speaking

PCI certification on Websites
2007-10-05 18:23:00
A reader recently asked me about obtaining a seal of compliance for websites that have passed a PCI audit. This is an interesting topic, because many merchants have expressed interest in this. Currently, there is no official seal or website logo for merchants that are PCI DSS compliant. However, there are a number of popular seals that web merchants may use to represent good security practices. These include:...
More About: Websites , Certification , Cert

National Cyber Security Month Kicks Off at the National Press Club
2007-10-03 21:53:00
This month, I'll be posting blogs several times a week given that this is National Cyber Security Awareness Month. To kick off this year's campaign, the 2007 National Cyber Security Awareness Summit was held at the National Press Club in Washington, D.C. on October 1st. Below, you will find a post from the Summit: I was encouraged by the strong turnout at the inaugural National Cyber Security Awareness Summit, the 4th time that October has been recognized officially as National Cyber Security Awareness Month. You know that you are going to have good event when the room is half full 30 minutes before start time. I thought that Assistant Secretary Greg Garcia captured the heightened interest in the topic...

Speaking of Security #78
2007-10-03 16:04:00
Click here to listen/download (06:12).RSA announces its solution for Information Risk Management for financial services organizations worldwide this week at SIBOS in Boston. Listen to Ann King, Senior Manger for Solutions Marketing, talk about this approach to following information within a financial institution throughout its lifecyle -- revealing where the risks lie to present a holistic view of risk related to information across the enterprise.
More About: Security , Speaking

Speaking of Security Podcast #77
2007-09-25 17:52:00
Click here to listen/download (10:27).This week we welcome back two previous guests, Dave Howell and Peter Beardmore. First, we share information about the PCI DSS (Payment Card Industry Data Security Standard) from a recently commissioned survey by Forrester. And we also talk about unified credential management in the enterprise.
More About: Podcast , Speaking

Another 'shoe' drops -- DHS cyber security breach top of news this week
2007-09-25 17:52:00
On the cyber security front, the nation's capital is abuzz this week about breaches of information systems at the U.S. Department of Homeland Security (DHS). In a Washington Post article on Monday, September 24, writers Ellen Nakashima and Brian Krebs reported that the "...FBI is investigating a major information technology firm with a $1.7 billion Department of Homeland Security contract after it allegedly failed to detect cyber break-ins traced to a Chinese-language Web site and then tried to cover up its deficiencies, according to congressional investigators."
More About: News , Week , Cyber , Breach

U.S. Ratcheting up Cyber Defenses in Wake of High Profile Cyber Attacks in
2007-09-21 17:54:00
Finally, the cyber security issue may just be getting the attention that it deserves at the national leadership level in the United States. In an RSA Speaking of Security blog post in early July, I asked the question: Will the recent cyber attacks on Estonia be a wake up call for European and U.S. leaders?
More About: Profile , Wake , Cyber , High , Defenses

Security is Everybody's Job
2007-09-18 19:19:00
It was blasphemy at the time. At the 2007 RSA Conference in San Francisco, our President, Art Coviello, made the claim that the standalone security market was not long for this world. Some in the audience must have thought he was Looney Tunes, making a claim like that at a longtime venue dedicated to all things security. In my role driving integrated solutions of RSA technology and EMC products, I speak with security, IT, and storage professionals regularly to understand their requirements and preferences for integrating security into information infrastructure products. The single biggest common thread between them is this: security seems to be everybody's job these days. These things tie: security-baked-in and security-as-everybody's-job...
More About: Security , Everybody

Speaking of Security Podcast #76
2007-09-17 17:17:00
Click here to listen/download (07:41).Online fraud is becoming more like a traditional industry. Researchers at the RSA Anti-Fraud Command Center are hard at work as they learn more and more about how the underground world of online fraud works and how security professionals can get one step ahead. This week, Jens Hinrichsen, Senior Product Marketing Manager in RSA's Identity and Access Assurance Group, takes us deeper into this world. Learn even more on the 9/18 Web Seminar: A VIEW OF THE GROWING CRIMEWARE THREAT IN ACTION.
More About: Security , Podcast , Speaking

Increased Interest in Device-Specific Strong Authentication
2007-09-14 18:32:00
Customers are expressing an increased interest in having strong authentication mechanisms on a variety of client devices. Service providers, also, are interested in ensuring that end users are able to employ their mobile phones for two-factor authentication. Such organizations may also play the role of outsourcer and are concerned with the provisioning of credentials and new support models. Some of the drivers for this are longstanding, such as increased proliferation of mobile devices to remote employees, partners and consumers. Ericsson1 predicts that global mobile subscriptions will reach 5.5 billion by 2012. Since people are used to carrying phones, these mobile devices become very convenient containers for strong authentication credentials needed for secure remote access. Others drivers are more visionary...
More About: Interest , Device , Authentication , Specific , Strong

Speaking of Security Podcast #75
2007-09-11 12:34:00
Click here to listen/download (09:58).Paul Joyal talks with Bret Hartman, RSA's CTO, about the Common Security Platform, the process that integrates EMC and RSA technologies. And Matt Buckley introduces our newest Speaking of Security blogger, Manju Mude, Senior Compliance Analyst at RSA.
More About: Podcast

Speaking of Security Podcast #74
2007-08-27 02:00:00
Click here to listen/download (10:38).As a follow-up to the Aug. 13 podcast, we present an excerpt from the Aug. 15 RSA web seminar: "Combining Network Access Control (NAC) with Strong Authentication." Denzil Wessels, technical marketing manager, Juniper Networks, takes us through what a NAC solution provides to an IT infrastructure. Click here for the entire replay of the webcast and/or download the accompanying slide deck. The Podcast Team will take Sept. 3 off for the U.S. Labor Day holiday but will return on Sept. 10 with a new edition.
More About: Security , Speaking

A Data Security Philosophy, According to Sisyphus
2007-08-22 02:00:00
In Greek mythology, Sisyphus was a king who was extremely crafty and dishonest, and the punishment brought down upon him from the gods was to roll a very large boulder up a hill. each time Sisyphus attempted to do this, the boulder would escape him before he was able to reach the top, and so he had to begin the task all over again... This continued throughout eternity. This analogy has been applied to many problems over the course of history, including within the world of IT - where no matter how many resources are employed to solve a particular problem, it can be quite typical for the issue at hand to remain either largely or completely unsolved, and just as daunting as it had been before. While I don't think we have quite reached a "Sisyphean state" in data security, an RSA survey conducted by Forrester Consulting...
More About: Philosophy , Security , Data Security , Data , Cord

PCI Data Collection: Your CVV isn't special
2007-08-22 02:00:00
There are so many regulations out there that ask you to secure, protect and encrypt data - but, in reality, doesn't it all truly boil down to managing your customer relationships and meeting your obligations to them, while keeping your competitive business edge? Some merchants have no choice but to collect and store card data for extended periods of time, for bookkeeping, transmission or customer service needs. Additionally, an extremely limited number of them may even have to collect CVV2 information, to ease the customer experience. PCI is very clear about forbidding the storage of PIN and CVV2 information and most merchants understand that this will cause serious problems in their audit results if they continue to collect this information...
More About: Data , Special , Coll

Speaking of Security Podcast #73
2007-08-20 02:00:00
Click here to listen/download (08:06).Matt Buckley discusses the state of data security with Paul Stamp, Principal Analyst, Forrester Research. Paul is a leading expert on enterprise security technology, focusing on security architecture, and data security technologies, such as enterprise encryption.
More About: Security , Podcast , Speaking , Peak