business driven security

Breach Response: Mitigating an Outbreak

By Azeem Aleem, Gareth Pritchard and David Gray, RSA Advanced Cyber Defense It’s mid-2017 and the news is alight with yet another alarming cybersecurity attack. A new strain of a malware variant, which on first analysis looks very similar to a previously reported malware strain called “Petya” (ransomware armed with the EternalBlue exploit amongst other…

What Really Led to WannaCry?

Much of the focus on WannaCry has been on how it works and what organizations need to do in the near term to recover. It’s important, however, to take a step back and ask ourselves why WannaCry became such a tour-de-force in the first place. After all, the security community has been talking about concepts…

What Your Business Can Learn from WannaCry

The biggest cyber attack began last week, spreading to more than 150 countries and infecting 200,000 machines. The outbreak is a ransomware threat, WanaCrypt0r 2.0 also known as WannaCry, with worm-like capabilities leveraging an exploit against vulnerable Microsoft Windows® operating systems. Ransomware mimics the age-old crime of kidnapping: someone takes something you value, and in…

YIN AND YANG: TWO VIEWS ON IAM – NATURE OR NURTURE

By Steve Mowll and Chris Williams Question: When it comes to the complexities of identity management, is what we try to do in identity management the problem or is it just inherently hard? Point: We might be making it harder than it needs to be. Setting complex requirements may affect long-term suitability and success. Chris…

Chasing the Rabbit: Cybersecurity Through the Camera Lens

Azeem Aleem and Dave Gray Nothing will work if you are not serious about it – Sam Abell This blog is intended to take a different perspective (pun intended) of how we view our security platforms and how to go about rationalizing our Business-Driven Security™ decisions about cyber threats and mitigation strategies. It all comes…

Is the cyberworld doomed to be unsafe forever?

Before seeking an answer, let’s question the question. I recently returned to the cybersecurity industry and (re)joined the good fight to secure the cyberworld. As the digital era unfolds, it feels good to be part of this mission-driven industry to help create a safe digital future. While a lot has changed, and there have been great…

Fraud Management Metrics that Drive Investment

If your role is responsible for a budget, your work ultimately revolves around one word: metrics.  It is a word we often dread, because we can never seem to get it right.  I live and breathe metrics in marketing, and if you are the gal or guy responsible for the fraud management or cyber security…

What do RSA Conference 2017 and my DVR have in common?

Another year, another RSA Conference. At this point, I have lost count of my appearances at this annual gathering of all things security – I believe it was number 15 or 16 for me. I say “appearances” because the days blur into such a steady stream of meetings, discussions and general sensory overload that at…

Business-Driven Security™ to Lead through Chaos

My last post discussed the changing nature of security. The impact of today’s cyberattacks aren’t limited to stealing financial information or personal data. Instead, these attacks seed chaos. With this reality at hand, the need for business-driven security is even more pronounced. Security professionals must draw connections between the technical details of a security incident…

Leading in an Era of Chaos

Consider… American Authorities are confident that the Russian Government was behind the cyberattack on the Democratic National Committee. Did that attack change the course of the U.S. presidential election? We’ll never know. But it definitely changed the discourse that followed. The idea of a foreign power mounting a cyberattack to undermine a U.S. election went…