June 30th, 2009 | By Kristen Romonovich | No Comments »
The June 2009 Alert, Unified Compliance Framework, is now available: http://gocsi.com/membersonly/showArticle.jhtml?articleID=218102039&catID=14122. If you’re a CSI member, go read it! If you’re not, shoot an e-mail to me at kristen.romonovich@ubm.com or call 212-600-3026.
This issue of the Alert considers an area of considerable challenge to many security and compliance professionals—that of achieving, proving and maintaining compliance with many regulations at once. We discuss both how to leverage unified compliance projects and how to develop your own ...
Read more..
June 25th, 2009 | By Sara Peters | No Comments »
I just took a close look at the Article 29 Data Protection Working Party's
Read more..
June 23rd, 2009 | By Kristen Romonovich | 2 Comments »
CSI Members can view our Guides to Securing Social Networks for LinkedIn, Facebook and MySpace through the members-only CSI Security Resource Center. Please visit http://gocsi.com/membersonly/showArticle.jhtml?articleID=218100937&catID=14130 to read the guides, and feel free to pass them along to your end-users.
Not a member, but interested in receiving our guides and Alerts for security professionals? E-mail me at Kristen.Romonovich@ubm.com to become a member and receive instant access.
Read more..
May 20th, 2009 | By Sara Peters | 3 Comments »
Citizens of the Information Security Nation, to you I say Classify and inventory your data and assets!
Tedium? Odium? Delirium? Yes, probably all three. But worth the trouble.
Yesterday we wrapped up CSI SX, and learned about many far more exciting topics like the security challenges of Web 2.0, virtualization, cloud computing and more. Yet, at the root of nearly all the solutions to these thrilling challenges was the humble act of data classification and inventory--knowing what ...
Read more..
May 14th, 2009 | By Sara Peters | No Comments »
Dr. Peter Tippett, vice president of research and intelligence for Verizon Business Security Solutions, will discuss the results of the company’s “2009 Verizon Business Data Breach Investigations Report” (DBIR) at CSI SX: Security Exchange, taking place May 17-21 in Las Vegas.
I initially blogged here about the 2009 report on April 15--Verizon Data Breach Investigations Report Once Again Makes Us Question Everything.
Last year, CSI Director Robert Richardson did a two-part video interview with Peter Tippett ...
Read more..
May 12th, 2009 | By Sara Peters | No Comments »
Want a case study on the slings and arrows of outrageous SIEM implementation? Sure you do. (Really. You do. Trust me on this one.) Assaf Keren, information security manager at the Israeli e-government recently briefed me on the challenges and lessons he is learning whilst implementing a SIEM center in the Israeli e-government ISP Project (called “Tehila”)--a topic he first told us about during the SIEM Summit at the CSI Annual 2008 conference in November.
In ...
Read more..
April 23rd, 2009 | By Sara Peters | No Comments »
RSA: Yesterday, the recently formed Cloud Security Alliance presented a rundown of their plans and priorities. The Alliance released their first security guidance report yesterday. I haven't yet read the full 83-page report, but based on their presentation yesterday, the work is promising. They're asking all the right questions--and generally concluding that public clouds are not ready for personally identifiable information (PII) and other protected data. What remains to be seen is whether or not ...
Read more..
April 22nd, 2009 | By Sara Peters | No Comments »
RSA:This afternoon Melissa Hathaway gave a presentation that we expected to be about the 60-day cybersecurity review that she and her team handed over to the White House on Friday.
Since the Obama team hasn't completed their perusal of the document, the document has not yet been publicly released, and thus Hathaway wasn't allowed to tell us anything we didn't already know.
The presentation did, however, include a little "Mission Impossible" spoof video, and a reading of ...
Read more..
April 22nd, 2009 | By Sara Peters | 1 Comment »
RSA: Just had an interesting conversation with Patrick McGregor, CEO of BitArmor. I've not tested the product myself, but if it works how McGregor says it does, it should be a strong data protection tool that's invisible to end users, and even largely invisible to security managers. Plus it's platform- and device-independent.
The core of the product is the "smart tag," which is basically a bundle of policies. The product automatically recognizes certain forms of ...
Read more..
April 15th, 2009 | By Sara Peters | 2 Comments »
Today, Verizon Business released its 2009 Data Breach Investigation Report, and just like last year, Verizon's findings hint that most of us security people may not have our facts straight (nor, perhaps, our priorities) when it comes to data breaches.
Example: although many enterprise security teams feel that their greatest threats are privileged insiders, Verizon’s investigations found that 93 percent of the breached records were accessed by organized crime. Similarly, although many companies are worried ...
Read more..
The CSI View
Subscribe