security

Delivering Convenient and Secure Access to the Modern Workforce

In the relatively quick journey from don’t-even-think-about-bringing-your-own-device to please-absolutely-bring-your-own-device, identity management has experienced some dramatic transformations. And it’s still evolving now, as security policy continues to move away from limiting user options and toward expanding them. Organizations haven’t taken long to come around to thinking that giving users more ways to access the resources they…

Metrics (Not Just Fun Facts!) Are key to driving a Business-Driven Security™ Strategy

Dave Gray & Azeem Aleem “What’s Measured Improves” Peter Drucker It’s mid-2017 and we have already witnessed the conundrum across organizations as the pressure of building a more efficient business creates loopholes for cyber criminals to gain an advantage. In a previous blog we talked about the traditional perimeter melting away and how the “not…

Defining Business-Driven Security™ for the Modern Enterprise

As I travel around the world and meet with CISOs and security teams, I continue to be amazed at the organizational disconnects around managing cyber risk. Security Operations and Identity & Access Management teams operate their own business processes with very few connection points. Security and Risk & Compliance teams have different world views of…

Disruptive Innovation

Innovation is a continual process, building upon the past to improve the future.  Often this means small, incremental steps that chip away at a larger problem.  Sometimes, by accident or design, those changes aren’t so small.  These massive changes are a disruptive innovation that can redefine what is possible. It used to be that the winner…

How Security Poor Are We?

We at RSA recently released the results of our NIST CSF inspired Cybersecurity Poverty Index. In some ways the results weren’t surprising and in other ways they were. What wasn’t surprising, although certainly depressing, was the overall result that nearly 75% of survey respondents reported that their organizations lacked the level of maturity (using the…

Teaching Analysts to Fish; How to Become Better at Detection and Response – RSAC 2015

Daily the media replays stories of yet another company that is the victim of an intrusion or breach. With all this attention, and sometimes hyperbole, are we as practitioners improving at detecting malicious activity inside our networks? Regardless of the size of your company and its vertical or horizontal markets, your network may become the…

How do you define Security?

When I chose information security as my profession, it was a conscious decision.  I felt compelled towards the technology and the fascinating challenge of securing a shifting, metamorphic ecosystem.  When we think of the term “security,” in our technology context today, immediately we conjure up images of putting up walls, defenses and traps to keep…