All of these recommendations will require an enterprise to truly understand the nature of their BYOD estate. I fear a lot of organizations are under so much time pressure that BYOD has been implemented by stealth and not as part of the overall Security program. But the quicker you can gain control of the reigns puts you in a much stronger position to implement a comprehensive BYOD program.
I have worked on mobile security strategy for RSA for the last two years now, and during that tenure the market continues to evolve and move at a rapid pace, which no doubt is putting more stress and uncertainty into the minds of security professionals. But, just the other day I saw a graphic in Computerworld that really summed up the entire mobility movement. Take a look:
Sorry about that, I knew the title would pull you in…but what I have to say will, in the end, support the headline. The reason for the showmanship is that if the title had been “End User Training and Awareness is Important” or “Training End Users Will Help Your Bottom Line” you may not have [...]
The SOC analysts’ goal is to hunt for malware, rogue insiders, misplaced sensitive data, advanced attacks, and other threats on a huge enterprise network terrain and help to guide-in colleagues to execute the digital hunt. Successful SOC analysts do this by leveraging their experience and their understanding of sensitive corporate systems and data, and by constantly surveying their environment, looking at tracks (logs), keeping in contact with the global security community (via various feeds and Websites), and even using a form of video surveillance (full network packet capture) to see where the “animals” are lurking, in as close to real-time as possible.
In this modern world where information is one of the most, if not the most important assets an organization can have, CISOs are tasked with preventing attackers from coming into their networks and stealing sensitive data. In order to do that, they arm themselves with an assortment of security tools, products and services used to secure these networks, protect information and mitigate the various threats to it. However, while these solutions grow more sophisticated, so do the challenges of the modern world CISOs face.
Hospitality and transportation have amazing access to PII (Personally Identifiable Information) for wealthy individuals or at least people with sufficient savings to travel and also to lucrative, high-limit pockets of corporate cash. Given that most people who travel are by definition anomalous spenders (e.g. you spend $300 on a night in San Francisco and then $500 in Tokyo the next day), anomaly detection is typically not as effective as it could be and requires tuning and adjustment to a subset of the population rather than normalizing with the largely more sedentary population.
In this ZeusiLeaks file I’ll talk about how fraudsters tap the communications of a company’s executive board – the holy grail of inside info. Quick reminder: WikiLeaks, the largest leak of data the world has seen? Nonsense! Trojans like Zeus and SpyEye lurk on millions of personal, corporate and government PCs, stealing data 24 by [...]
RSA GUEST BLOG POST by RSA’s Ian Farquhar: Many years ago, I came across a comment in a support call log which concluded “Fault isolated in Layer 8.” I asked for clarification. “User error,” I was told smugly, by the call log’s author. I also remembered an old acronym from more than a decade before: PICNIC. “Problem In Chair, Not In Computer.”
Earlier this Fall, I was a panelist on a CFO Magazine webcast on “Data Security and Liability”. One of my colleagues on that panel, David Allred from Zurich Technology Insurance Services, remarked towards the end of the webcast that over the next 10 years, insurance policies against liabilities and losses resulting from a data breach will become as common as fire and other standard insurance offerings. That got me to thinking about the complementary and conflicting roles of insuring and ensuring against data breaches.
…corporate secrets comprise two-thirds of the value of a firms’ information portfolios. Despite increasing mandates, custodial data assets aren’t the most valuable in an enterprise. Proprietary knowledge or secrets are twice as valuable as custodial data, and its corporate secrets that help organizations generate revenue, increase profit and maintain a competitive edge. On the other hand custodial data is what is typically entrusted to an organization to protect and regulatory mandates apply to this type of data.