Speaking of Security – The RSA Blog and Podcast

Continuing on the theme from a previous blog, what if the use of state-of-the-art security technologies were believed to conflict with EU data privacy regulations? Are security professionals really to be put in the difficult position of not being able to use the most current security approaches to protect their organizations and users? Is there a way to both protect the organization and its users while respecting the rights of users to not be excessively and unreasonably monitored?

Over the weekend, three stories crossed my desk that got me thinking about the challenge that Art Coviello issued to the security industry in his RSA Conference 2012 keynote: to forge a  “collective resolve” to stand together against “a host of adversaries who threaten our very trust in the world’s digital economy”. The first of [...]

When the House Republican Cybersecurity Task Force released its recommendations last October, U.S. Representative Mac Thornberry (R-TX), the Chairman of the Task Force said that the time had come for the U.S. Congress to act on cyber security legislation. In a blog post on October 11th, 2011, he stated: “We simply cannot allow legislative gridlock to continue on this issue. And we cannot let the quest for the perfect cyber bill prevent a good one from passing.”

In February I talked about the key aspects of the proposed changes to the EU Data Protection Directive. Breach notification within 24 hours (where possible) is one of the proposals. So, how do you prepare to meet this aggressive timeframe and what security management tools and processes do you need to implement?

Geolocation has been talked about a lot in IT circles in recent years. It’s one of those terms that means different things to different people, so it could be storing data in a particular place or it could be tracking some data or tracking an identity (person or machine). Scott Charney, Corporate Vice President, Trustworthy Computing at Microsoft discussed the concept of geolocation in his keynote. He used an interesting example of using GPS and tracking an individual and the types of data that can be obtained by doing that.

Today’s security standards are based on historical, legacy information technologies and don’t necessarily address Cloud Computing environments in an effective manner. Attempts to update them are an improvement, but will be able to create a single or limited number of standards that will be viable across all borders and jurisdictions. So, it’s no surprise that the Cloud Security Alliance Summit at RSA Conference had a panel discussion on this topic. The panelists were Marc Crandall from Google, Baber Amin from CA, Christ Wysopal form Veracode and Ashvin Kamaraju from Vormetric.

“In silent bars, in silent rooms, in silent cars, you hide where you can. And me, I know just where you are, you see, I’m a bomber man”  -  From Bombers by Gary Numan This week President Obama released his plans for a “leaner” military.  There has been a lot of debate about whether or not this [...]

Recently we saw a major indictment of 111 individuals from an “identity theft operation” based in Queens, NY. I suppose we will learn more details as the prosecutors make their case, but from the original reads it looks more like a counterfeit credit card operation versus a full identity theft operation. One key difference between the two is someone using your identity to open new lines of credit as opposed to just capturing your card data and making a duplicate to go on a shopping spree.

Well, we are nearly half way through another National Cyber Security Awareness Month and there have been several important developments on cyber security policy issues emanating from our nation’s capital city.

“Some civil servants are just like my loved ones. They work so hard and they try to be strong”  – From Don’t Worry About The Government by The Talking Heads Have you ever had this experience?  You’ve gotten in a cab and try to tell the cab driver specific directions or routes you want to take [...]