Action Plan for Small Enterprises

In my last blog we created a security baseline to help organizations adequately protect sensitive data.  While this series has been focused on guidance for smaller companies,  the basic principles can be applied to any organizations.  The key difference is that smaller companies will be under pressure to spend on compliance and their secrets which…

GRC Driving School: Avoiding Control Blind Spots

by Mason Karrer Remember driver education class when the instructor would sound like a broken record telling you to look over your shoulder to check the “blind spot” before changing lanes? Never mind the questionable wisdom of consciously looking in the opposite direction of travel. I could never wrap my head around the supposed reality…

Groove Theory of GRC – Postulate #3: The Creative Process

In my last blog post, I talked about the importance of building collaboration across the organization to bring the greatest value to your GRC program.  For this blog, I am borrowing a piece of wisdom from an old sage of rock and roll.  I heard an interview recently with Mick Fleetwood (of Fleetwood Mac fame)…

Implementing Advanced Authentication to Satisfy CJIS Security Policy Compliance – Podcast #247

IT Director Lesley Chaney of New Hanover County North Carolina joins the Speaking of Security Podcast to talk about her experience with the newly updated Criminal Justice Information Systems (CJIS) Security Policy. Lesley recently led her team to implement RSA SecurID to protect remote access via laptops and mobile devices for more than 270 police…

New Commercial Trojan #INTH3WILD: Meet Beta Bot

By Limor S. Kessem, Cybercrime and Online Fraud Communications Specialist, RSA It appears that a much anticipated event has finally transpired in the cybercrime arena, with the release and active sale of a new commercially-available Trojan family that has begun around January this year, circulating under the name Beta Bot. RSA researchers have recently come…

Introducing The SBIC Blog — Strategic Guidance from Global Security Executives

By Laura Robinson, SBIC Chair Imagine if you had regular access to a group of top-notch advisors – security leaders from global brand-name companies – to help you build your security strategies? Companies like The Coca-Cola Company, Fed-Ex, Intel, Johnson & Johnson, JPMorgan Chase, SAP AG and Walmart Stores, Inc. For the last five years,…

Creating a Baseline for Small Business

In my last blog ‘To Cybercriminals, The Size of a Company No Longer Matters” I discussed the fact that the latest PwC Information Security Breaches Survey 2013 shows that there has been a significant rise in the number of small businesses that were attacked by an unauthorized outsider in the last year – up by…

Mandiant Malware? Not Exactly.

By Alex Cox, Senior Researcher, RSA FirstWatch team The RSA FirstWatch team uses a number of techniques to detect emergent threats and trends.  Much of the output of the analysis process becomes inputs for the RSA FirstWatch Feeds and new rules to detect botnet variants, malicious user-agent strings, and suspicious queries that would be strong…

Groove Theory of GRC – Postulate #2: Duet, Trio, Quartet, Orchestra

The initial inspiration of my “Groove Theory of GRC” was Rocco Prestia, the bass player for the funk band Tower of Power.  His definition, or lack thereof, of the term groove started my thought process on how very important things can exist without exact scientific explanation.   In my last blog, I talked about combining Musicality…

Don’t Fear the Hangover – Network Detection of Hangover Malware Samples

By Alex Cox, Senior Researcher, RSA FirstWatch team Today, Norman and Shadowserver released a paper that revealed a large attack infrastructure in which they detailed an ongoing campaign, running as far back as September 2010.  This campaign, reportedly run out of India, used spear-phishing attacks and multiple strains of malware to breach targets of interest…