-
I had the opportunity to make a quick, 3-day trip to the 2010 RSA Conference in San Francisco at the beginning of March. As predicted by several pundits, securing the cloud and virtualized infrastructures was a dominant theme at the show – from the keynotes to the Exhibit Hall. Everyone sees the...
Posted to
Security Webb
by
Renee Bradshaw
on
Mar 16, 2010
Filed under:
Filed under: Security, Virtualization, Cloud Computing, RSA Conference, RSA 2010, cloud security, Enrique Salem, Symantec, Art Coviello, EMC
-
I attended the 2010 RSA Conference in San Francisco last week. As expected, one of the major themes resonating throughout the conference keynotes, sessions, and exhibit hall was the opportunity we have as security professionals to help secure increasingly virtualized and cloud-based infrastructures....
Posted to
Security Webb
by
Renee Bradshaw
on
Mar 12, 2010
Filed under:
Filed under: Security, Data Breach, PCI DSS, PCI Standards Council, Compliance, RSA, PCI, RSA Conference, Verizon Breach Report, RSA 2010, PTS, PCI Standard, PA-DSS, Bob Russo
-
Looking back at RSA last week, I wonder if part of what drives the almost frenzied hype around cloud security is the pervasive and lurking fear in the mindset of all security professionals: I'm missing something really important, and it's going to come back and bite me. Part of the problem is...
-
I don't know what the next big security trend is going to be, but I can certainly tell you what a lot of vendors here at RSA are clearly hoping it will be: something with a cloud. There's clouds everywhere here at the show. It's like walking through some high-tech, noisy version of the afterlife...
-
In my last post I referenced my opinion that simply throwing money at problems isn't always the right approach. The subject came up again today in a discussion around how organizations approach risk management, and the way they look at outsourcing. The pressure to reduce costs, and the need to access...
-
Like most folks in the security industry, I'm hoping next week's RSA Conference will be interesting, enlightening, and generally worth the airfare over to sunny California. I read Jon Oltsik's post from Monday on his predictions for RSA, and found myself both agreeing and disagreeing in equal...
-
After my last post on human error, and how it contributes to significant data breaches, I haven’t been able to get the idea out of my head. It should come as no surprise that we have found that companies may have the best security tools and resources available, yet still experience large breaches...
Posted to
Security Webb
by
Renee Bradshaw
on
Feb 17, 2010
Filed under:
Filed under: Security, Data Breach, PCI DSS, Insider Attack, Ponemon Institute, PCI Standards Council, Compliance, Secure Configuration Manager, Malicious, PCI, computer crime, non-malicious insider, malicious insider
-
We’re a few weeks into 2010 and I am interested in knowing how many of us have stuck to our overly optimistic New Year’s Resolutions. Has the gym membership already lapsed? Are you getting to work on time and not blaming fire, flood, or the family dog for your tardiness? It is human nature...
Posted to
Security Webb
by
Renee Bradshaw
on
Feb 3, 2010
Filed under:
Filed under: Security, Heartland Breach, Heartland, CSI, Health Net, SQL Injection, 2010, InfoWorld, Malicious, Resolutions, Accidential
-
Next week I'll be speaking at the CSO Executive Seminar on Data Protection and Encryption in Washington, D.C. My presentation will focus on doing more with less in a time when security and compliance teams are stretched thin due to staff and budget cuts. I will touch on aligning security investments...
-
It’s that time of year; the auditors are out and organizations across the globe are assessing their security posture. To be compliant or not to be compliant… that is the question that auditors and security teams alike are out to answer. In the past, Active Directory has often been overlooked...
-
I thought this piece in BankInfoSecurity sums up nicely much of what I hear as being top of mind for security leaders these days. Specifically it's "how do I keep information secure?" and, equally importantly, "how do I support the business?" The second one often gets overlooked...
-
The latest CSI Computer Crime and Security Survey is available for download this month, and great reading it is. One of the more interesting trends is the prevalence of non-malicious insiders as a cause of losses: "Twenty-five percent of respondents felt that over 60 percent of their financial losses...
-
The re are a couple of laws making their way through the halls of power at the moment. Senator Leahy's " Personal Data Privacy and Security Act " and Senator Feinstein's "Data Breach Notification Act". SC Magazine also has a little more on these two . Both aim to shine a little...
-
Just read this from BankInfoSecurity , on the class action suit against Heartland with respect to the breach that occured last year. What I think is interesting is that the statement by Bob Carr regarding PCI compliance and security is now apparently being used as a proof-point that Heartland knew their...
-
We hear that phrase often when watching films or TV shows, and I'd be lying if I didn't want to say that myself at the office one day. Sadly though, I don't have a red phone on my desk with a direct line to the President. Instead, it's a digital phone. On my laptop, I can make calls using...