Speaking of Security – The RSA Blog and Podcast

When the House Republican Cybersecurity Task Force released its recommendations last October, U.S. Representative Mac Thornberry (R-TX), the Chairman of the Task Force said that the time had come for the U.S. Congress to act on cyber security legislation. In a blog post on October 11th, 2011, he stated: “We simply cannot allow legislative gridlock to continue on this issue. And we cannot let the quest for the perfect cyber bill prevent a good one from passing.”

Most of my friends and colleagues know that I like to cook so I will be doing a series of “recipes” in the next few weeks to address some of the key challenges based on conversations I am having with major organizations. So, to get started, here is part 1 on Creating a Trusted Cloud.

At EMC we want to empower you to grow your GRC program according to your organization’s unique governance, risk and compliance processes—and of course, help you get the best out of the RSA Archer Suite. So we’ve injected fresh energy into our online forums, the RSA Archer Community and Exchange, and moved them onto a [...]

We are a funny lot in Europe, guarding our privacy and more importantly the privacy of our data is of paramount importance.   The protection and privacy of personal data is a fundamental right within the EU. According to the Digital Agenda for Europe, concerns about privacy are among the most frequent reasons for people not [...]

In February I talked about the key aspects of the proposed changes to the EU Data Protection Directive. Breach notification within 24 hours (where possible) is one of the proposals. So, how do you prepare to meet this aggressive timeframe and what security management tools and processes do you need to implement?

Today’s security standards are based on historical, legacy information technologies and don’t necessarily address Cloud Computing environments in an effective manner. Attempts to update them are an improvement, but will be able to create a single or limited number of standards that will be viable across all borders and jurisdictions. So, it’s no surprise that the Cloud Security Alliance Summit at RSA Conference had a panel discussion on this topic. The panelists were Marc Crandall from Google, Baber Amin from CA, Christ Wysopal form Veracode and Ashvin Kamaraju from Vormetric.

Under the leadership of CyLab Adjunct Distinguished Fellow, Jody Westby, the CyLab team gathered information from CEOs, CFOs, CROs and board members of the Forbes Global 2000 regarding security governance practices in their companies. The results showed significant gaps in security governance in more than half the respondents. Even for someone like me who tends to see the glass as half-full, this is a major concern in a world of increasing threats to information security.

RSA recently published the SBIC report entitled ‘Getting Ahead of Advanced Threats’ a copy of which can be found here; Security for Business Innovation Council report. It introduces the concept of Intelligence Driven Security as ‘Developing real-time knowledge on threats and the organizations posture against those threats in order to prevent, detect, and/or predict attacks, make risk decisions, optimize defensive strategies and enable actions’.

Perhaps no product is more associated with an organization’s Security Operations Center (SOC) than its SIEM. Given that a SOC, as its name implies, is operationally responsible for the enterprise’s security, it is not surprising that it depends heavily on a tool which collects, analyzes, and reports in near real-time on security related activity from around the enterprise. As the SOC goes so too goes its SIEM. Or at least it must for the SIEM/SOC relationship to remain a healthy one.

Last august, I wrote about needing a different answer to the traditional security problem because the changing landscape over time was making conventional protocols, applications and skill obsolete. I wrote there about time and intelligence: these are the essential assets in any security autonomic system. Why? To really boil it down to its basics, it’s a race. In a race, you care about being first, not second. Intel helps you run the race better and time is the only currency that matter. It’s a race to the data, and you want to win. So it’s all about time and intelligence.