Speaking of Security – The RSA Blog and Podcast

Did I just use a tactic to get you to click on this? Maybe. It sure is a punchy headline. I bet it stirs up some emotion on both sides of the transaction: cloud providers that are tired of working with auditors and security professionals that are tired of explaining to business analysts why regulated data can’t live inside a public cloud.

OK folks, here’s an opportunity for you all! In advance of the third edition of our book slated for a July release, PCI Compliance, I wanted to offer up a free service to those of you dealing with PCI DSS on a daily basis. I’m going to do a detailed analysis of ten requirements for you! Here’s the best part…You get to pick the ten I analyze!

I actually started following my own advice a couple of years ago and started creating random passwords for each site that I use that requires a login. Yep, no more “Password123!” for me, it’s all random. But that poses another problem. How do I store these things in a way that is secure and readily available since I don’t have an eidedic memory?

Mystery shopper scams are nothing new, but I now have the experience of being personally targeted by one. From my research, most of these scams are carried out in a “pull method,” whereby ads are placed in classified sections asking for applicants for a part time job. I was targeted by someone using the “push method,” whereby a live (fraudulent) check was mailed to me in a haphazardly stuffed envelope with an official looking letter and survey form.

Some of the discussions we are having over here are brain-wrinklers! I was speaking with some colleagues yesterday about the security implications of big data. Typically I would group them into two separate ares: 1) Using big data as an enabler for predictive security analytics (i.e., deriving security information powered by analytics across big data) 2) Securing the output of big data analytics on the business side (and possibly in infosec too).

Sensitive information is sometimes like a loaded weapon someone might randomly stumble upon in a park. For those that have some kind of training with weapons, you can probably think of a dozen things you would and wouldn’t do if you were in this situation. But what if you had never seen this kind of weapon before? Would it become a paperweight on your desk? Maybe a doorstop? Or in an extreme case, earrings? Maybe you see peers treating these weapons the same way and all the sudden it becomes acceptable. Until one goes off.

If you’ve heard me speak about information security maturity lately, you may have heard me compare our industry and function to Maslow’s Heirarchy of Needs. For those of you that may need a refresher, here are the basics (minus a few to stop some search engine hits). In order for a human to realize his full potential, he must have specific needs met.

Have you checked out ISSA Connect yet? The next issue is up there with my column, A Curmudgeon’s Party Line. This month’s topic is quite timely as there have been several new attacks published related to SCADA and industrial systems. This article explores some of the reasons why we might see the marriage of IP-based systems with industrial systems causing issues today and in the future.

Check out this post by VPN Haus that tackles the cost savings aspect of BYOD. They argue that BYOD can be expensive and isn’t always a cost savings initiative. There are a few issues with this article that I’d like to address, starting with the cost issue.

I was checking into the happenings on Facebook last night and had a very strange request come up. Someone that I know and respect sent me a request through a product called BranchOut. While their about page does more to confuse than to clarify, what I understand it to be is a way to create a professional network of contacts with Facebook—or in easier terms, think about LinkedIn-type functionality sitting on top of your Facebook network of contacts. Frankly, this is a terrible idea.