Stop climbing through the haystack to find the needle: Use a magnet

As security professionals we are constantly thinking about finding the needle (security incident) in the data haystack. But what if just used a really powerful magnet? Potential threats are more targeted, stealthy and dynamic than they ever have been. Which means you won’t find the needle if you aren’t collecting the hay in which the needle may be hiding. So, it’s more than just collecting a lot of data, it’s about collecting the right data.

This Just Makes Me MAD!

By Chester Liu – Product Marketing Manager for the RSA Security Management Suite Have you ever been to a presentation or speech, and the speaker is just so ignorant about the very topic that he’s speaking on that you just want to shout out and correct him, but there are a hundred other people in…

J. Lo and the Advanced Persistent Threat

So Ok, you think you know security. Riddle me this one… What does Jennifer Lopez and computer hackers who’ve attacked America’s defense establishment have in common? If you answered both are featured in this September’s issue of Vanity Fair magazine, you’d be right, and a true member of the all knowing security club.

It’s Time to Grow Up

For a CIO, CISO, or anyone else who oversees IT security, it’s critical to have a maturity model in hand. You will never reach your desired end-state by simply buying the right product or building the right org structure. You have to get there in stages, perhaps starting by implementing a rigorous risk assessment process, then building a world-class security operations center.

The Marriage of Legal and IT

In Dr. Larry Ponemon’s recent eGRC and Data Privacy study, the Ponemon Institute, LLC independently surveyed 190 Archer eGRC Community members to examine the challenges they face in meeting eGRC and data protection objectives. One of the challenges that Dr. Ponemon notes is the need for collaboration between the Legal and IT teams to handle incidents as well as validate compliance to ever-changing regulations.

Incident Management Brings It All Together

Incident Management is a broadly used term but in our world of network security, it is inherently defined as the process an organization uses to identify, investigate and remediate a potential or real threat to their network resources and users.

Thoughts from the Gartner Security & Risk Management Summit

On the flight home from this year’s Gartner Security & Risk Management Summit, I reflected on some of the highlights of the trip. I look forward to this show every year due to the high level of customer engagement and great conversations. In looking for overall themes from the event I noticed, not surprisingly, a lot of emphasis around advanced persistent threats.

The Kitchen Sink of Security Management

On a recent visit to a number of companies with an increasing focus on IT security, a sense of common frustration was beginning to develop. The levels and number of security issues were a concern, and keeping ahead of the security risks has lots of CSO’s scrambling to show they are on top of these high visibility issues.