Blog: RSA Fundamentals

Elevate your organization’s cybersecurity and GRC maturity with best practices from a global leader in both disciplines.

  • 10/5/2016 - Your Step-Up Authentication Compass... NIST & SMS - Finding North - Part 2 Authored by Greg Dicovitsky, Principal Solutions Architect, RSA In its recent solicitation for comment regarding its latest recommendation, the National Institute of Standards and Technology (NIST) has informed the public of its intent to eventually discontinue its recommending the use of Out-of-Band (OOB) Short Message Service (SMS) technologies to support the authentication of e-Commerce applications. [1]...
  • 8/15/2016 - Your Step-Up Authentication Compass... NIST & SMS - Finding North An estuary is the area where a river meets the sea (or ocean), where fresh water from the river meets salt water from the sea. The fresh draft of the NIST Digital Authentication Guidance (NIST SP800-63B) has been let loose into the salt waters of the public and certainly provoked some conversation of late around...
  • 10/7/2016 - Your SaaS Cloud Provider Does An Awful Job At Implementing SAML And That's Totally OK The SaaS provider you just selected claims SAML compatibility? That’s awesome for you! This will enable you and your users to use this new service in a much more secure and user-friendly way. Imagine the pain if there was one more user ID and password to manage. But you know what? “SAML compatible” means very little...
  • 5/9/2017 - Your Cell Phone has a dirty little secret it does not want to tell you If you are a fan of the CBS Show 60 Minutes  you may have seen a couple of well-done episodes around the espionage and intrigue of spies hacking cell phones. The problem is that these episodes don’t go far enough informing the average user as to the extent of the vulnerabilities. Inter-telco communications leverages a protocol...
  • 10/18/2016 - Why a Cyber Risk Assessment Is Essential for M&A Due Diligence According to J.P. Morgan, the global mergers and acquisitions (M&A) market amounted to $5 trillion in 2015 and continues to show strong levels of growth. When it comes to M&A, the due diligence process involves investigating the health of another business before engaging in any sort of transaction. This process will take many factors into account,...
  • 3/16/2016 - Why Marketing, HR and Finance Should Have a Bigger Say in Your IDaaS Strategy than You May Think My colleague Darren Platt recently weighed in on the undeniable upward trend of organizations moving toward Identity as a Service, or IDaaS. While only 15% of organizations report having a cloud-based pure play for their identity solutions, more than 55% are saying they have a mix of cloud and traditional. Cloud-hosted identity solutions appear to...
  • 1/27/2016 - Who to Trust? Effectively Assessing Third-Party and Vendor Risk assessing third party risk
  • 10/14/2016 - Where Is My Cybersecurity Rosetta Stone? This week’s theme for National Cyber Security Awareness Month is “Cyber from the Break Room to the Board Room.” Communication, like anything else worth getting better at, takes practice. Sometimes it takes planning to know what we want to say and how we want to say it. We also need to anticipate who our audience is...
  • 3/7/2018 - When Identity Governance Gets Tough, the Tough Get Help Identity governance can be hard. Recommended practices make it easier.
  • 4/20/2017 - What's Really at Risk With Reputation Risk When boards express anxiety about cybersecurity risk, one of the foremost fears they face is reputation risk. Why is that? Because cybersecurity failures do cause reputation damage, and reputation risk is scary. A security failure can immediately bring unwelcome headlines, hits to the share price and probing questions from business partners Security failures can also...
  • 10/29/2018 - What Skiing Taught Me About Managing Digital Risk: Be Prepared Successfully managing digital risk is all about being prepared.
  • 2/13/2017 - What Peanut Butter Cups Can Teach Us About Fraud Prevention Reese’s® Peanut Butter Cups are a “so-good-it-has-to-be-bad-for-you” treat adored by candy lovers everywhere. The combination of peanut butter and chocolate is such a classic it’s hard to remember there was a time no one thought about putting these two together. In fact, Reese’s built an entire advertising campaign around the odd couple concept. The original...
  • 1/24/2018 - Weaving Resiliency Into The Fabric Of Your Organization True business resiliency is built on four basic principles.
  • 7/19/2016 - Wearables leaking your passwords? We can solve that. Recently, I wrote about  a newly published white-paper showing the power of wearable devices to help determine if users are who they claim to be, on a continuous basis. The paper describes a method, which in part relies on correlating a user’s gestures and movement on 2 devices in proximity of each other: The user’s...
  • 7/10/2018 - Watch the (Privileged) Watcher Detect malicious insiders with UEBA
  • 1/31/2018 - Using Business Impact Analysis Results To Build Resiliency Learn where your priorities for business resiliency lie with a BIA.
  • 6/28/2018 - UEBA and Evolved SIEM – Foundations of the Intelligent SOC UEBA. SIEM. Find out what these technologies mean to your SOC.
  • 6/3/2016 - Two-Factor Authentication Is a Must for Mobile For the past few decades, two-factor authentication has been used by businesses to enforce entitlements to access sensitive corporate applications and data. It provides an extra layer of security beyond username-and-password authentication mechanisms, which are notoriously insecure and burdensome for users to remember. Now, as the use of mobile devices in the workplace increases, this...
  • 8/3/2017 - Turbocharge your Threat Detection and Response with Endpoint Data Much like the first internal combustion engine, SIEM needs a turbo boost.
  • 3/31/2016 - Transaction Signing, Meet Selfie Money-stealing Trojans be gone. When is the last time you logged into your online banking portal, made a payment transaction, and received a notification on your phone to validate the details of the transaction and tap approve? Better yet, when is the last time you had to use a physical hardware device to sign a...
  • 2/8/2016 - Time to track our issues again...feels like Groundhog Day In the 1993 movie, Groundhog Day, Phil (Bill Murray), an arrogant weatherman, is out to cover the annual emergence of the groundhog from its hole. He gets caught in a blizzard that he didn’t predict and finds himself trapped in a time warp. He is doomed to relive the same day over and over again until he...
  • 3/28/2016 - Threat Intelligence Sharing: Customized Solutions to Challenges Threat intelligence sharing is a hot and sometimes contentious topic. While its necessity and justifications are generally known, there are legitimate reasons why sharing information on a large scale has been met with resistance. The Argument for Sharing When sharing intelligence, it is important to establish from the outset that combining best practices for security...
  • 1/20/2016 - Threat Intelligence Cooperation: Creating Shared Value The Value of Sharing Threat Intelligence
  • 12/12/2016 - Threat Detection: What Goes Into a Successful Strategy? The cat’s officially out of the bag when it comes to threat detection: The majority of the industry simply isn’t satisfied with its current solutions. In fact, 76% of respondents in a recent RSA survey indicated that they were not confident in their ability to detect and investigate threats to their environment. Where did matters...
  • 2/11/2016 - Threat Detection Benchmark Part 1: Uncovering Threat Vectors When it comes to securing modern IT environments, your strategy hinges on your ability to detect threats. Unfortunately, organizations often rely on only a few sources of threat detection data to provide a foundation for their security strategy, which leads to inadequate visibility and, in turn, greater risk. In Part 1 of this threat detection...
  • 5/4/2016 - Third and Fourth Party Risk Management: Access-as-a-Risk By now, we all know that vendor engagement is key to business sustainability. Organizations cannot focus on their core business without outsourcing non-critical functions to third parties. From a 20,000 foot view, third party management becomes an operational activity governed through contracts, engagement analyses and effective risk management. Where organizations fall short is in implementing...
  • 2/12/2016 - The Wheel of Suffering: Don't Be a Jerk to Your Future Self Findings. Defects. Whatever you call them, your organization’s security posture is full of them. At RSA, we use the umbrella term “Issues Management”. So many organizations handle their vulnerabilities, misconfigurations, failed controls, and policy and process gaps the same way: the hard way. The hard way is the reactive way, the just-in-time way, and the...
  • 9/2/2016 - The Value of Transaction Risk Analysis for Consumer Authentication The recent consultation paper set forth by the European Banking Association (EBA) surrounding the call for comments on the regulatory technical requirements for strong customer authentication under PSD2 has created a buzz.  In particular, while the EBA recognizes the “merit” of transaction risk analysis, it has called into question the ability to allow it “as...
  • 10/6/2016 - The Role of Money Mules in New Multi-Million Dollar Scams I have written previously about CEO fraud where employees receive an email which appears to come from a company executive directing them to erroneously wire money to an overseas bank account. Now, fraudsters are redirecting their efforts to a new internal target: accounts payable. According to IBAN, the scam works this way: The fraudsters intercept emails or compromise...
  • 4/12/2018 - The Role of Identity in GDPR Compliance How identity management can help protect access to personal data
  • 11/7/2017 - The Role of Choice in Consumer Authentication Consumer security is at the heart of every business’ digital strategy.
  • 9/20/2016 - The Realm of Threat Intelligence - The Logs are dead; long live the Logs! In the previous blog post we looked at Network Packets (PCAP’s) and how they can be utilized within a SOC environment. In this post we will build on this and take a look at Logs (which most of the security sales staff will now tell you that it is going to solve all your security...
  • 9/27/2016 - The Realm of Threat Intelligence - Journey from the past into an Advanced SOC Using Intelligence to gather information on your adversary is not a new concept, Military and Government Agencies have been involved gathering information to use against their opponents since the days of Sun-Tzu and Chanakya. Cyber Intelligence has also been the domain for Government agencies like the UK’s GCHQ and the US’s NSA for many years;...
  • 9/13/2016 - The Realm of Threat Intelligence - It's all about the Packets, or is it? Full Packet Capture (FPC), those three little words are enough to make most security analyst salivate at the prospect of finding and detecting attacks. Back in the days before anyone realized that you could build an Intrusion Prevention System to actually stop attacks, the Intrusion Detection System was king. If you were very lucky you...
  • 10/3/2016 - The Realm of Threat Intelligence - Attack Scenarios and Use Cases The three previous blogs in this series have covered Packet Analysis, Log Analysis and Threat Intelligence; this final article aims to bring all of this information into one cohesive solution for any SOC or Cyber Defence organisation. For further reading on this subject please see our presentation at last year’s RSA Conference in Abu Dhabi...
  • 1/30/2018 - The RSA Archer Business Risk Management Reference Architecture Business Risk Management requires an integrated, strategic approach
  • 8/29/2016 - The Perils of Consumer Single Sign-On From social media to gaming sites, every headline of a new breach makes me groan, “Time to change my password.”  It’s a begrudging task, but I still have not been pwned.  Aside from the risks associated with the common problem of password recycling among consumers, there are far too many online websites that enable consumers...
  • 4/3/2017 - The Latest From The RSA NOC At Black Hat Asia When sitting in the Network Operations Center (NOC) for one of the world’s largest hacker and security conferences, sometimes no news is good news. Here in the Black Hat Asia NOC, we anticipated and prepared for the region’s hackers to come and share a wireless network. Following initial set-up, during the training days, we observed...
  • 5/7/2018 - The Journey to an Intelligent SOC Find out how to build your roadmap for maximum impact.
  • 4/27/2016 - The Industrialization of Cybercrime: Driving Innovations in Security If you compare the world of cybercrime now to that of 10 years ago, there really is no comparison. Whether one measures its impact through estimated profits – which some estimate as now surpassing those of the profits for illegal drugs – or from the scale, scope, and sophistication of available “black hat” services and...
  • 3/17/2016 - The Importance of Context in an Incident Response Plan Effective incident response is essential to minimizing the impact of a security incident and allowing the organization to return to normal operations as soon as possible. To this end, an incident response plan will ensure actions can be taken in a coordinated, controlled manner. However, a one-size-fits-all incident response plan is unlikely to be effective....
  • 11/19/2018 - The Hacker Wish List What are hackers adding to their holiday wish list this year?
  • 2/15/2016 - The Financial Fraud Effect of Real-Time Payments Several weeks ago, I published an article which provided a summary of the Australian Payments Council’s Australian Payments Plan.  This plan is designed as a strategic roadmap for the future of Australian payments, specifically the initiative around the New Payments Platform, or NPP.  In short, the NPP is going to introduce the ability to send funds in real-time via online banking as a...
  • 3/31/2016 - The Essential Role of Forensics in Computer Security Every organization, no matter its size or line of business, should assume it has either been or will be breached. When it comes to responding to an incident, organizations need to realize that time is of the essence. For this reason, forensics in computer security is a growing discipline. However, according to a survey by...
  • 9/26/2016 - The Era of Proportional Ransomware Has Arrived According to the FBI the incursion of ransomware has just gone from bad to worse. In a recent alert, the U.S. Federal Bureau of Investigation (FBI) warned that recent ransomware variants have targeted and compromised vulnerable business servers to identify and target hosts, thereby multiplying the number of potential infected servers and devices on a network. More...
  • 2/20/2018 - The Black Swan: Mitigating Cyber Attacks Within ICS Environments Learn how to mitigate cyber attacks in an ICS environment
  • 4/8/2016 - The Access Tug of War While contemplating the user access management struggle between easier access and more security my mind goes back to the Tastes Great / Less Filling Miller Lite commercials of my childhood. Miller Lite claimed to be the solution to both great tasting and less filling beer. In access management, users want easier to use applications with easier access....
  • 10/3/2017 - The 5 P’s for Incident Response What does Punching, Practicing and People have to do with Incident Response?
  • 1/17/2017 - The $5 Billion Fraud Problem When explaining my profession to people I meet, they often tell me about the time their card was “frauded.” I always enjoy this conversation, as it provides insight into the human victim element of a fraud event. The breadth of emotions typically ranges from, “How did this happen and how do we track down the...
  • 3/27/2017 - Testing a Threat Pattern: Quality is Never an Accident John Ruskin, one of the great visionaries of the 19th century, said “Quality is never an accident; it is always the result of intelligent effort”, in our continuing journey through the lifecycle of a threat pattern, we are now at the testing phase. After analyzing  requirements, asset and threats, designing a general and reusable model for the threat pattern and implementing the...
  • 4/18/2018 - Technology for GDPR Compliance: Turning Plans into Action Strategy and technology go hand in hand in the quest for GDPR compliance.
  • 1/18/2016 - Taxpayers Beware: Phishing and Other Scams Coming to an Inbox Near You The phone rang. My first mistake? Answering it. My second? Listening to the well-scripted gentlemen relay the following information: “Hello Ma’am” announced a voice with a distinct, almost halting South African accent, “I am calling from the IRS in Washington D.C. and you owe us money. If you do not send me a wire transfer...
  • 1/25/2018 - Tax Phishing Scams to Watch for in 2018 Don’t get hooked by the latest tax phishing scams.
  • 8/18/2016 - Tales from the BlackHat NOC: Learning from the right people The week I spent in the BlackHat NOC was great exposure to both new and evolving technology and new people. As a team member of the RSA team in the BlackHat NOC I tried to approach my time there by learning as much as I could about not only the data on the network, but how our products function...
  • 11/3/2016 - Tales from the BlackHat NOC: Fish and Chips Edition We’re in the first day of training at Black Hat Europe 2016, and once again – the RSA Black Hat NOC team is volunteering. This round, we’ll have more full packet capture, log analysis, session reconstruction, and analytics for both the wired and wireless networks provided by RSA NetWitness. Except this time, there is one difference (besides...
  • 8/17/2016 - Tales from the Black Hat NOC: The Stages of Security Adolescence (Part 2) In Part 1 of “Tales of the Black Hat NOC: The Stages of Security Adolescence,” I discussed the maturation process of the Black Hat NOC, and security strategies in general.  In the blog post below – you can see the adjustments we made and additional steps we took towards optimizing our NOC at Black Hat. ...
  • 8/10/2016 - Tales from the Black Hat NOC: The Stages of Security Adolescence (Part 1) RSA's Scott Carter asks: How do you secure a rapidly changing environment that you don't understand?
  • 7/31/2016 - Tales from the Black Hat NOC: I'll Show You Mine, We Can Already See Yours With the start of Black Hat 2016 merely a day away, white, black, and grey hats from around the world are whetting their appetites – eagerly waiting to show off and consume the fruit of an entire year’s research. Whether for education, research, bragging rights, or mal-intent, the Black Hat network will host anything from basic brute force attacks to...
  • 11/4/2016 - Tales from the Black Hat NOC: Finding Mr. Robot? The most significant part of Black Hat Europe 2016 finally started, and as expected – we are watching the arrival of smart security experts, who have come to the event to exchange information or show off their latest tools and products. While it’s hard to say what kind of skilled “hackers” we can expect during last...
  • 8/3/2016 - Tales from the Black Hat NOC: Attendee Attacks, Loud and Proud We are approaching the end of Black Hat‘s training days. It’s an interesting time when the expo floor still sits quiet, but the Black Hat network is as noisy as ever – as seen by the RSA volunteers working inside the Black Hat NOC. The majority of this noise is being generated by teachers and students, demonstrating...
  • 11/9/2016 - Tales from the Black Hat NOC: Are We Broken? Walking through the expo hall at Black Hat Europe was uplifting – if the vendor booths were to be believed, APT’s can be stopped in their tracks, Ransomware protection can be guaranteed, and phishing can become a term applied to lake activities again. All it requires is buying this tool! It made me wonder why people...
  • 8/4/2016 - Tales from the Black Hat NOC: What's In Your Classroom? Hanging in the NOC that last couple of days has confirmed one thing.  Creation of content to support an information security program is an ongoing process.  
  • 2/3/2017 - Super Bowl "Digital Deflategate" is Not Just Air When we think of large entertainment venues and events, it’s not just ticket fees and concessions anymore. Sporting is entertainment and this year’s Super Bowl LI (51) is one of the most complex, technologically orchestrated events in the world; ranging from tablet-based play books to RFID wearable sensors on players sending real time performance data...
  • 1/3/2017 - Slow Down! You're in a Public Environment These days, if you’re planning to spend time at an airport terminal or a coffee shop – it’s likely that you’ll look for a public Wi-Fi hotspot to connect to, and perhaps a charging station, to make sure you don’t run out of power. While our distraction level is  high when we’re out and about...
  • 10/11/2016 - Six Steps For Cybercrime Survival While recently cleaning my grandfather’s attic, I came across an old Federal Civil Defense Administration brochure titled “Six Steps to Survival – If an enemy attacked today would you know what to do?”  In our modern times, many of us are being attacked on a daily basis by cybercriminals. As such, do you know what...
  • 3/30/2017 - Six Keys to a Successful Identity Assurance Strategy: Business Context Traditional authentication solutions require a trade-off between security and usability, often deployed with a “one-size-fits-most” strategy. Today’s enterprise needs more to effectively protect critical applications when delivering access in a world without boundaries. By applying a risk-based approach to our authentication strategy with identity assurance, we can go beyond simple authentication approaches. We can deliver...
  • 4/10/2017 - Six Keys to Successful Identity Assurance Strategy: Anomaly Detection In granting access to users, understanding their behavior goes a long way towards providing frictionless security. As part of our blog series, Six Keys to a Successful Identity Assurance Strategy, we continue to explore going beyond simple two-factor (2FA) or multi-factor authentication (MFA) to create a successful identity assurance strategy for your organization. Previously, we...
  • 4/17/2017 - Six Keys to Successful Identity Assurance - Machine Learning In our last discussion on the six keys to an identity assurance strategy, we talked about anomaly detection. In that blog, we discussed recognizing normal and abnormal behavior. Recognizing this behavior, and adapting to changes in that behavior, is where the topic of this blog starts as our next key component of an identity assurance...
  • 5/15/2017 - Six Keys to Successful Identity Assurance - Flexible Authentication So far, we’ve discussed the first five keys to a successful identity assurance: business context, anomaly detection, machine learning, broader ecosystem, and consistent experience. Let’s close the series with an important topic for both end users and administrators: flexible authentication. Administration Flexibility When we think of providing flexibility for administrators, we focus on the authentication...
  • 5/3/2017 - Six Keys to Successful Identity Assurance - Consistent Experience In previous blog posts in this series, we talked about many ways to intelligently determine the right level of assurance for users gaining access to specific resources. While much of the goal is to minimize interruptions in the user experiences for authentication, there are many times when the user needs to interact in some way...
  • 4/26/2017 - Six Keys to Successful Identity Assurance - Broader Ecosystem Earlier in this blog series, we discussed anomaly detection and machine learning focusing primarily on examples that included information you could expect to be available from the system that provides your identity assurance. It’s likely, however, that there is much more data that can be leveraged for making system access decisions in your current IT...
  • 5/27/2016 - Security at Scale: Making Security Analytics Work for the Internet of Things This year more than 10 billion devices will connect to networks around the world. And in the next few years, that number will increase by over an order of magnitude. With the veritable explosion of smart devices, many of which connect not just to the network, but to each other, significant security concerns arise. Despite...
  • 5/5/2017 - Risk Is a Reality, Make Sure Rewards are Too Return on investment. Total cost of ownership. Productivity gains. Payback period? What am I – a financial wizard or a risk professional? If you are in the risk management profession today, you have to be both. Being a top notch security guru that can navigate SQL injection code or rattle off the NIST 800-53 control...
  • 4/21/2016 - Risk Intelligence Reveals Opportunity for Competitive Advantage Risk intelligence measures an organization’s understanding and implementation of risk management strategies, which are essential to gaining a competitive advantage in any industry. However, after indexing nearly 400 organizations, RSA concluded that less than 10 percent of companies have a risk management strategy that is mature enough to be considered “advantaged.” This signifies that 90...
  • 4/26/2016 - Risk Appetite Limbo The Financial Stability Board (FSB), an international body that monitors and makes recommendations about the global financial system, published “Principles for An Effective Risk Appetite Framework” in November 2013.  Regulations were finalized around these principles by some regulators including the Comptroller of the Currency in 2014.  Although the genesis is FI-related, there are a lot...
  • 11/28/2018 - Rise of the Machines: A New World of Identity Governance Identity governance helps manage the risk robots and IoT devices present.
  • 11/2/2016 - Revisiting the SOC Structure Building and maintaining skill sets and expertise in a SOC is a difficult task – and many security leaders face this challenge. They are not able to retain best of the talent for long term. There are too many tools for them to invest in,,, too many alerts that pop up when the tools are...
  • 4/6/2017 - Resiliency and Risk Management I’m glad the world didn’t end during DRJ Spring World 2017 conference as more than 1,000 of the world’s business continuity and disaster recovery specialists were there! It was a great conference and I had the pleasure of presenting on building resiliency across the organization’s value chain, and the key relationship between business resiliency and...
  • 3/10/2016 - Reducing The Noise Today, enterprise infrastructures are borderless and are generating more data than ever. Coupled with the fact that more and more breaches are happening every year, it’s not a matter of “if we get breached”, it’s “when we get breached.” Organizations not only require a team of skilled security professionals, but also advanced security controls to detect and respond...
  • 4/25/2016 - Reduce Fraud and Abandonment with a Risk-Based Approach to Online Sales Sooner or later every business with an online presence is plagued by shopping cart abandonment. Sometimes a consumer changes their mind, factors in the cost of shipping and decides it’s not worth it, or is simply distracted long enough so the transaction is never completed. Getting a consumer to follow through is not as easy,...
  • 10/20/2016 - Recognizing and Combating Cybercrime: A Virtual Chat The goal of cybercrime doesn’t change, but the tactics do.  This week’s theme for National Cyber Security Awareness Month is Recognizing and Combating Cybercrime.  One of the questions to be addressed is: What are cybercriminals looking to gain from attacks? With the impact of cybercrime costing the global economy about $445 billion in 2016, which is more than the market...
  • 7/17/2018 - Realize the Significant Business Value of Identity Governance Have you delivered £7 Million in cost reduction to your business recently?
  • 6/28/2017 - Ready, Set, Authenticate: Why You Need RSA SecurID Access to Win the Race There are times when trying to put together an effective authentication strategy feels like competing in track-and-field events. Business and IT are supposed to be on the same team, but far too often seem to be racing toward completely different goals. Sure, it’s important to get to the finish line fast, but not at the...
  • 3/4/2016 - Ransomware Rules for Payment: Do Extortionists Have the Advantage? When an entire health system fell prey to cybercriminals and medical records were locked up by a ransomware attack in early February, there seemed no choice but to pay the sum demanded in order to avoid the impact on patient care: $17,000 in 40 Bitcoin.   And in that single moment, one hospital became the obligatory...
  • 2/4/2016 - Ramping Up Security Monitoring of Public Clouds It is no secret that organizations are increasingly placing their security sensitive applications and data into the hands of public cloud service providers, whether via SaaS, PaaS, or IaaS-based cloud infrastructures. But what does this mean for an organization’s security monitoring program, namely their security focused detection, investigation, & response capabilities?  How can an organization’s...
  • 3/29/2017 - RSA NOC at Black Hat Asia
  • 1/19/2017 - R-Evolution: The Evolution of Risk Ten years ago, when a user needed to access a corporate application, his or her usage was on a company-owned device and typically confined to company-owned networks. These applications were nicely tucked behind corporate firewalls, and managed by dedicated IT organizations. To identify themselves, users would often enter complex, lengthy passwords when accessing such resources,...
  • 3/26/2018 - Quantifying Financial Risk Exposure to Cyber Attacks Cyber Risk Quantification is the new responsibility for CISOs.
  • 2/21/2018 - Providing the Visibility Business Resiliency Teams Rely On See your way clear to business resiliency with real-time visibility.
  • 11/30/2017 - Protecting privileged user credentials with integrated MFA Put MFA where you need it most—at the point of privileged access.
  • 10/10/2018 - Protect Your Network Detect advanced attacks with network detection and response.
  • 2/7/2018 - Process Improvement Models and Business Resiliency Resiliency rests on three little words: business process improvement.
  • 10/17/2017 - Privacy, Resiliency, Flexibility – Where are they on your Risk Radar? Why should these be blinking bright red on your risk radar?
  • 10/3/2018 - Prepare for PSD2: Understanding the Opportunities and Digital Risks Understand the PSD2 technical requirements and how to prepare to address them.
  • 8/19/2016 - Playing Pokemon Go? Read this. Hands up those who would leave their front door unlocked and all their personal information like passports, identity cards, bank details, their children’s details and even passwords left out for cybercriminals to exploit? Not many of you? Well, you will be surprised because that’s exactly what Pokemon Go players are doing.  If you sign up...
  • 7/15/2016 - Play Pokemon Go? Know the Risks and How to Mitigate Them Unless your home has been inside of a cave for the past week, you’ve certainly heard of Pokemon Go. Scratch that. Even if you have been living inside of a cave, chances are that someone inadvertently entered in hopes of locating Pikachu. While the game has become seemingly ubiquitous, you should be cognizant of some...
  • 9/22/2016 - Planning for a Breach Crisis If your company doesn’t have a crisis communication function and doesn’t have a breach readiness plan, in the event of a public security incident it’s highly likely the marketing department will be the one everyone looks at when the CEO says ‘now what do we do?’ How do we manage the media? What do we tell customers,...
  • 7/7/2016 - Part 4: Fundamentals of the Game - There is no intelligence without data After having identified the set of fundamental skills needed to set up a successful SOC, highlighted the importance of the alignment between SOC and business goals, and  understood how people, processes, and technology must work together for a SOC to be successful, we now investigate the next SOC fundamental skill: focus on data through visibility...
  • 1/21/2016 - Part 3: Fundamentals of the Game - People, Process and Technology Alignment The first post in the Fundamentals of the Game series listed a set of skills that characterize successful SOCs, just like the excellence in offensive and defensive fundamental skills characterizes the greatest players in basketball or any other sport. The second article provided details on one of these fundamental skills (established alignment between SOC and business...
  • 11/21/2016 - PSD2 and the E-Commerce Ecosystem Authored by Ian Newns The European Banking Authority recently drafted the latest Directive on Payment Services II (PSD2), which serves as the legal foundation for a cross-EU payments market.  In 2016, European e-commerce sales are expected to increase 17% to €183 billion and the use of payment service providers (PSPs) is increasing significantly. Couple this with...