Monthly ArchivesFebruary 2012

New Security Services from EMC Consulting Enable Trusted IT standard

Trust is a big deal at EMC, and EMC Consulting announced five new services today to enable customers to build new levels of trust and control for next-gen IT infrastructures. I spent some time working with this group over the last couple of years and am quite excited with these new services. They are: Trusted Cloud Advisory Services build trust in an organization’s next-generation IT architecture. Information Governance Advisory Services enable the development of a cohesive approach to information governance.  This is critical for an information-centric approach to information security. Governance, Risk, and Compliance Advisory Services identify, analyze, manage, and mitigate risks. Fraud and Identity Management Advisory Services help organizations cope with a complex, evolving threat landscape. Mobile Device Security ...

Continue Reading

GRC in the NextGen Data Center standard

The new data center is service oriented and less focused on the physical assets when compared to virtualized and utility computing that may or may not be on-premises. This makes GRC a bit more challenging as the governance piece slips out of the direct control of the IT organization and compliance requirements increase in numbers and the sheer amount of stuff required to demonstrate your compliance. In order to have a healthy GRC function in your IT environment, you must have an IT GRC platform that: Define IT policies and controls based on external and internal requirements Manage policy content Map policies to technical and process controls Evaluate IT risk Automate the auditing and regulatory reporting Keeping in mind that ...

Continue Reading

Trusting Identities in the Cloud standard

While next-gen IT and cloud infrastructure continues to grow in relevance and adoption, there are still some serious issues that have yet to be universally solved. One of those issues is the assertion of continuous trust in identities as they move around the cloud. RSA and Zscaler announced today a collaboration to deliver trusted access for cloud computing by jointly developing a cloud-based solution to provide that identity assertion. It will integrate risk-based authentication and identity federation from RSA’s Cloud Trust Authority and RSA’s Adaptive Authentication along with the inline web security capabilities of Zscaler’s Cloud Security service. Want more information? Stop by the RSA booth in the Expo hall!

Continue Reading

Discover Your Security Persona at RSA Conference! standard

What an afternoon! We’ve learned about ninjas, trolls, unicorns, squirrels, and rockstars. One of these personas might just fit your perfectly! If you want to have a super-official assessment of your persona, come to the RSA Booth in the Expo hall and take our short quiz. Once complete, we’ve got a ton of goodies for you including a nice wallpaper for your phone and a T-Shirt! What is your security professional persona? Watch #AlterEgoRSA on Twitter or RSASecurity on Facebook to see lots of fun content, find out what persona best describes someone you may know, and keep reading to see them all!

Continue Reading

Security Personae, the Ninja standard

After adding unicorns to our list of personae that includes trolls, rockstars, and squirrels, it’s time to discuss one final personae—the Ninja. While the unicorn has a solid foothold in infosec lore, the Ninja is the warrior that relies on his stealth, agility, and speed to neutralize his targets. Ninjas train relentlessly to make their skills reflexive and rely on diversionary tactics and misdirection to perform their tasks right under our noses. Ninjas exist on both sides of the equation in a yin/yang fashion, but rarely do they stay relentlessly true to their colors. Good ninjas might slip into restricted areas for learning purposes, and bad ninjas may occasionally help out an innocent. Regardless of their philosophy, they remain the ...

Continue Reading

Security Personae, the Unicorn standard

So far, you have learned about trolls, rockstars, and squirrels. But what about the biblical version of the grasshopper? The Unicorns didn’t miss the Ark because they were playing, they were busy hunting unseen and unknown threats in the system. In fact, the stories of missing the Ark furthered their cause by allowing them to “erase” themselves from known existence. This might be their greatest asset as not only are they rare, but for the most part, the people don’t think they exist at all. A unicorn’s skills and legends are infosec folklore. Many imitate, but few embody the true spirit of the unicorn. What is your security professional persona? Watch #AlterEgoRSA on Twitter or RSASecurity on Facebook to see ...

Continue Reading

Security Personae, the Squirrel standard

We’ve read about rockstars and trolls, but what about the folks that live in the nuts and bolts of information security? It’s the Chris Hoff’s of the world, the Squirrel. Squirrels are curious and mischievous at times just like their real-life animal manifestations. They like to understand how things work and are of the few that can completely disassemble and reassemble something and have it work as expected—possibly while adding a few modifications to make it better (or worse). Squirrels are just as likely to analyze something for vulnerabilities as they are to exploit one. Chris Palmer of IBM even postulates that “a well-placed squirrel can wreak almost as much havoc as a cyber attack on a power grid.” Squirrels ...

Continue Reading

Security Personae, the Troll standard

Man, there sure are some rockstars in our industry, aren’t there? But what about the near opposite? The troll! Trolls tend to get a bad rap. We think of the little short guy guarding passage to a bridge or the Internet commenter relying on anonymity to protect his vicious stream of vitriol from causing him physical harm. Trolls sometimes might be considered gadflies, but there are two sides to that coin. On the positive side, trolls can adapt to situations under stress and tend to be well connected into many influential communities. They’re not stupid—they tend to be intelligent and use their skills to get people to think about tough issues by presenting a different perspective. Their effectiveness depends on ...

Continue Reading

Intelligence-driven Security Get’s a Boost standard

Part of the challenge in building a functional intelligence-led security program is getting good intelligence that is relevant to your company. If you have not gotten your house in order, it’s challenging to even consider moving from a compliance-led program to an intelligence-led program simply because everything you have is tuned for an auditor, not for a security professional. Once your house IS in order, however, you stand to gain tremendously from a focus on intelligence-led security. RSA announced today a new version of NetWitness Live that can assist companies in their quest to identify and validate attacks by using various intelligence sources. We’re even now showing off a cloud-based proof-of-concept at the RSA booth during the show this week. ...

Continue Reading

Security Personae, the Rockstar standard

Information security is full of personality. The people that make it up group themselves into a few personae. Let’s start with the front men in information security? Chances are, you probably have a few folks that you idolize or look up to in the industry. Rockstars took risks back in the day to get their ideas published, and their perseverance has paid off in the form of stardom. Information security sometimes felt like the geekier offshoot of IT (if that’s even possible), and the luminaries weren’t always revered. Today, rockstars are the voice of the information security world and find numerous ways to engage their fans. Rockstars embrace social media to connect with their fans in ways that average Hollywood ...

Continue Reading

This is a unique website which will require a more modern browser to work!

Please upgrade today!