Speaking of Security – The RSA Blog and Podcast

Security people are often viewed as gatherers. We gather security event data, collect logs for review, build documentation based on information about our environment, and group informational assets in like-valued groups to focus our defenses. I think we’ve got the gathering part down. It’s similar to our propensity to react. We may not be great at reacting (or more likely, we’re great at reacting at only a few things), but we get plenty of exposure to it.

Recently I was catching up on some RSS feeds1 and came across this interesting post from Trevor at ThreatSim entitled Fighting The Advanced Attacker: 9 Security Controls You Should Add To Your Network Right Now. After reading it, I had one of those “Ah-ha” moments where I looked at one of the recommendations and asked myself, “Why am I not doing that?”

It’s 2012 and the reality of 2011′s shifting security landscape should have set in by now. As much as many of you may want to go back to the days of worrying about Anti-Virus definition files, basic patching, and a single border firewall as the makeup of your entire security posture, its time to take a serious look at how you will plan your defenses for 2012.

This is part two in a conversation that I had with Ben Tomhave (@falconsview) last week over Twitter. What started out as a quick question about busting PCI myths turned into corporate responsibility. If you haven’t seen this article about a company who is facing massive penalties, give it a read. It will help set [...]

  Host Michelle Adams-Dixon talks with Liz Robinson, Senior Product Marketing Manager for RSA about tokenization – an up and coming alternative to more traditional means of data protection.

We’re well into the holiday season in the States, and that means that scammers are everywhere. With all of the holidays coming to a head this month, it’s Christmas for those scammers too. Here are several sites that can help you navigate scam from deal! As always, remember to be vigilant. Caveat emptor! If a [...]

The title for this post is only funny if you read it in the voice of Jules Winnfield asking Brett to describe what Marsellus Wallace looks like. If you can get in that mindset (I can’t link to it, you just have to get there on your own), then this will be more effective. Imagine [...]

If you have seen me speak over the last couple of months, there is a good chance you heard me talk about advanced threats, sometimes in the context of the RSA breach. Near the end of these talks I either flashed up a slide that had a checklist of things detailing changes we made, or [...]

And now, on to one of the biggest challenges we face while having information risk management discussions: What is the value of information? Information by itself doesn’t have tangible value. It’s value is subjective. Everyone has their own opinion, and many people manipulate the values to serve and twist their message. In fact, the only [...]

The uses and appearances of information technology has changed dramatically over the last ten years. And the ten years prior to that, and the ten prior to that. It’s amazing to think that the devices most of us carry around in our pockets are more powerful than some desktops twenty years ago, and more powerful [...]