Speaking of Security – The RSA Blog and Podcast

Whether its data that’s governed by regulations or vital to a company’s competitive advantage, every organization has information they’d like to protect from outsiders. One logical place to start when looking to protect this information is with a Data Loss Prevention (DLP) tool. But, what many companies struggle with is how to figure out what information is sensitive for different groups and how it should be handled. Everyone knows that there is highly sensitive data across the organization that needs to be protected, but how do business managers let the IT security team know what specific data needs to be protected?

Welcome to one of Speaking of Security’s newest blogs completely focused on security management, something we’re calling Security Management Insights or SMInsights for short. I am honored to author the initial post in which should be a highly active and thought provoking forum for dialogue related to the challenges facing today’s information security professionals. This is a team blog so you will benefit from hearing from a multitude of product managers from the products and solutions which comprise RSA’s emerging Security Management Suite. We continuously receive the opportunity to interact with customers and analysts and will use this blog to share insights about organizations’ security challenges and strategies.

The first principle I think is important to convey is that complexity and scale are inherent in many of the systems we build, and they carry with them risk that grows with size, complexity and scope. In fact, many systems grow to such an extent that they rapidly outstrip the initial design considerations, as is evidenced by obvious examples like Y2K and the need for IPv6.

Some good folks and I wrote a security brief detailing strategies for effectively evolving security operations in the face of escalating APTs. Rather than just put it out there, I thought it would be worth diving into why SOCS need to be more intelligent!

There has been a great deal of talk about making business processes more transparent. While I think gaining visibility across complex business operations or complicated IT infrastructures is a very important concept, I think there is another concept that is just as important yet is sometimes overlooked. When it comes to truly seeing something for what it is, the dimensions of an object allow us to more clearly define it.