NIST Event Highlights Advances in Maturity of Cloud Community

Recently, NIST hosted the Cloud Computing Workshop and Forum VIII at their headquarters in Gaithersburg, MD. It is part of the larger NIST ITL Cloud Computing Program. It was an impressive event, with four days of multiple simultaneous tracks. As security professionals, we all know it’s hard to juggle and stay abreast of all the topics…

Can businesses be resilient on their own?

Can businesses and organizations be resilient on their own? By this I mean is it enough for a business organization to build resilient internal processes, IT infrastructure, facilities, and even third party relationships and rest assured they’re prepared for the next big event that comes along. To answer this question, I think we have to…

A Use Case for Success

RSA’s Advanced Cyber Defense Practice routinely works with customers on optimizing their detection and response capabilities. Often times we observe a wide-ranging array of alerts and reports generating hundreds, if not thousands, of tickets in the incident management system. When that occurs, it’s essential to reflect on the true value of injecting those alerts and reports.…

Plan Your Journey to Wally World

Earlier this month, I wrote a blog about Information Security Metrics and their place in driving program maturity.  Every organization today is striving to be more mature in its information security program.  Given the constant deluge of media reports on hacks and attacks, security maturity has become a business imperative.  Metrics is one tool in the…

Understanding human triggers in fraudulent transactions

  Too often, discussions about fraud prevention emphasize the security controls organizations should put in place: risk engines, step-up authentication, biometrics… These are all necessary for a successful fraud prevention program, but we tend to minimize the ‘humans in the loop’ aka the end users. It’s human nature to have biases, and an effective security program should…

How to Tame the Digital Pitchfork Mob and Harmonize Your Identity Management

There’s nothing like a little login frustration to turn users against their IT gatekeepers, storming the help desk with their digital pitchforks and torches. People expect simplicity, ease-of-use and flexibility when accessing workplace resources. Whether they bring in their own devices, use personal apps for company work, or look for unfussy access to corporate resources while…

Advanced Won’t Replace Situational Awareness

Who hasn’t observed their leadership chase the proverbial silver bullet for targeted attack detection? Often, as practitioners, we fall victim to chasing the perfect detection system and we forget about the basics. Countless times we work with organizations that fail to establish proper situational awareness.  Without situational awareness, a domino effect occurs with the response…

A Cheesy Note on a Successful Identity and Access Management Solution

I love pizza. And when I order a pizza, I pay careful attention to whether the three primary elements: crust, tomato and cheese – are high quality, fresh, and well-balanced. There are few things that make me happier than the perfect slice of pizza: the crust is thin and crispy, the sauce is a balance…

Intelligence-Driven IAM: The Perfect Recipe

Another day, another breach, right? It’s almost like we’ve started to become desensitized to them. But, as a security professional, I want to implore upon you the importance of every single breach – no matter how large or small. They all can cause negative consequences – on the corporation whose share price plummets, or on…

3D Secure – The Next Generation

3D Secure was developed by Visa, MasterCard and Europay to reduce fraudulent online transactions. The 3D Secure protocol was designed to bring together the three “domains” in an online card not present transaction – the cardholder, the merchant and the card issuer. The protocol requires cardholders to enroll their cards in the program and then…