Dennis Fisher talks with Mike Mimoso, editor of Information Security magazine, about the story lines we’re likely to see at the RSA Conference, including virtualization and cloud security, as well as the effect of the economy on security budgets.
Browsing Category: Compliance
From CNet (Jon Oltsik)
It’s nearly time for that annual spring ritual: the RSA Conference at the Moscone Center in San Francisco. ESG data tells me that, despite the recession, global organizations continue to spend on security products. So I expect another good show, though I do anticipate that the $500 kegs of Heineken at vendor booths will be omitted or replaced with Bud Light.
With the show less than a week away, here is the buzz I am anticipating. For this year, I’m including my hyperbole-to-reality ratio in my assessment. Read the full story [cnet.com]
The Internet as we know it today was designed to be a place where people could go about their business, whatever it happened to be, anonymously and without interference from other users. This model worked reasonably well for a long time, but it’s become painfully clear in recent months that some fundamental changes are needed in the way people use the network and, more importantly, how their PCs are allowed to behave.
Nearly a decade ago Bruce Schneier wrote “Security is a process, not a product.” His statement helped us advance as a profession, but with the benefit of hindsight, we can see he’s only half right. Security isn’t about technology.
Many SMB IT administrators face a serious challenge when it comes to delivering serious security to their users. They may not have the budget or expertise they need and outsourcing can be expensive and troublesome if it’s not approached in the right way. As Mike Chapple writes on SearchMidmarketSecurity.com, asking a few key questions up front can be the difference between success and failure.
Software security expert Neil Daswani of Google discusses the key things that every Web developer, and developers in general, should know about security, including how SQL injection attacks work.
From DarkReading (Tim Wilson)
Despite recent headlines and instances of insider attacks, many companies still are not acting to protect themselves [darkreading.com] from insider threats, according to two new analyst reports.
Although 88 percent of the respondents to a Forrester Research study said they consider data security a “challenging issue,” some 40 percent of respondents said they had no interest in, no plans for, or no knowledge of emerging tools for information leak protection. Read the full story [darkreading.com] See related story from Matt Hines [eweek.com]
Dennis Fisher t[img_assist|nid=2479|title=|desc=|link=none|align=right|width=100|height=100]alks to Adam Shostack of Microsoft, about the evolution of thinking around “The New School of Information Security,” his new group blog and what surprised him most when he went to work at Microsoft.
Dino Dai Zovi has gained a reputation as one of the top Apple security researchers in the industry and is the author of a new book on Apple security, “The Mac Hacker’s Handbook.” In this interview, he talks about the state of Apple security, why the company hasn’t implemented better memory protections and his ‘no more free bugs’ meme.
Dennis Fisher talks with Ori Eisen, founder of 41st Parameter, about the roots of online fraud, how the credit card companies and banks could have done better and whether we need to start from scratch with a new Internet.