Subscribe to the RSA blogs and podcasts for the latest posts and security updates!
RSA recently published the SBIC report entitled ‘Getting Ahead of Advanced Threats’ a copy of which can be found here; Security for Business Innovation Council report. It introduces the concept of Intelligence Driven Security as ‘Developing real-time knowledge on threats and the organizations posture against those threats in order to prevent, detect, and/or predict attacks, make risk decisions, optimize defensive strategies and enable actions’.
RSA released the ninth installment of the Security for Business Innovation Council report last month, and through a series of blog posts on Speaking on Security, we’re going to analyze the various areas highlighted in the findings. Today I’m going to explore the concept of Intelligence-Driven Security. In our world, intelligence-driven means that information coming in from all of our available sources will influence our actions—some of which will become automated over time.
One of the best things about moving to Europe has been learning about and getting engaged with European-based research initiatives. One of these initiatives is the FuturICT project. I was introduced to FuturICT by Donagh Buckley, EMC Director of Research for EMEA, and through him met the Chair of the FuturICT Steering Committee, Dr. Dirk Helbing, who works at the ETH here in ZÜrich. Dirk, Anna Carbone (also of the FuturICT project) and I got together for dinner last week to discuss the project and its points of intersection with EMC technologies and programs.
Of all the terms describing identity theft methods, “Vishing” (which stands for “Voice Phishing”) is perhaps the most ambiguous one. A simple Google query for the definition of the term shows just some of its multiple interpretations. But why are fraudsters using this type of attack?
RSA recently published the SBIC report entitled ‘Getting Ahead of Advanced Threats’. One of the recommendations from the report is about finding the right people with the right skills to become Cyber Security Analysts. Dave Martin, CSO for the EMC suggests “ Cyber Risk intelligence requires a skill set combining abilities to understand threats, the business environment and security controls in order to determine the risks to the business and what controls would mitigate this risk.” This is a pretty tall order for most organizations. They may have many individuals whose skills match one of these areas, but rarely all of them.
It’s 2012 and the reality of 2011′s shifting security landscape should have set in by now. As much as many of you may want to go back to the days of worrying about Anti-Virus definition files, basic patching, and a single border firewall as the makeup of your entire security posture, its time to take a serious look at how you will plan your defenses for 2012.
Ten years ago this month, Bill Gates issued a memo to all Microsoft employees announcing the Trustworthy Computing Initiative. Development was halted for several weeks to review code and to train Microsoft software engineers on security. This memo was later followed by the publication of Microsoft’s Security Development Lifecycle, as well as the release of multiple security tools. Michael Howard from Microsoft recently provided in a blog post an insider view of this anniversary. Let me share with you my views on the impact of Microsoft security push on EMC and on the industry as a whole.
Over the past 6+ years at RSA I’ve seen a lot of changes at RSA from acquisitions to new product launches to the dreaded “end of life” of a product. I’ve seen the group I originally start in grow from less than a dozen people to one of the largest segments of the company. I’ve [...]
Despite large amounts of data and case studies singing the praises of ITSM, there are still managers reluctant to adapt to a change toward an ITSM system for a variety of reasons, including…
This is part two in a conversation that I had with Ben Tomhave (@falconsview) last week over Twitter. What started out as a quick question about busting PCI myths turned into corporate responsibility. If you haven’t seen this article about a company who is facing massive penalties, give it a read. It will help set [...]
