Uncategorized

From Network World (Kristy Westphal)

Data leakage has become a hot topic in information security. But what if you can’t afford the tools that are specifically designed to keep employees from intentionally or mistakenly leaking private or valuable corporate data to the outside? It turns out there are some creative ways to use what you have (or can easily get) to tackle the problem.  Read the full story [cio.com]

From IDG News Service (Jeremy Kirk)
A Dutch university has landed a European Research Council grant to continue work on a Unix-type operating system that aims to be more reliable and secure than Linux or Microsoft Windows. The €2.5 million (US$3.3 million) grant will fund three researchers and two programmers, said Andrew S. Tanenbaum, a computer science professor at Vrije Universiteit in the Netherlands.
Tanenbaum developed Minix [minix3.org], an operating system based somewhat on Unix that has a small code base and implements strong security controls. Read the full story [itworld.com]

From PC Advisor (Carrie-Ann Skinner)
More than one third of employees would steal sensitive company information if they thought they could earn a decent price from the theft, says Infosecurity Europe.
Research by the security event organiser revealed that of those willing to steal sensitive data, 63 percent would expect at least £1m for their troubles, while 10 percent want enough to pay off their mortgage. Worryingly, 2 percent admitted all they’d want in return for data theft was a slap up meal. Read the full story [pcworld.com]

From SearchSecurity.com (Robert Westervelt)

The debate around cloud security is quickly beginning to mirror the one that has followed virtualization security for the last few years. What begins as a philosophical discussion usually devolves into arguments about technology or vendor roles. In a panel at the RSA Conference, several experts waded back into the virtualzation security waters, with the expected fireworks.

By Rajesh Rajamani, Solidcore Systems
The Payment Card Industry Data Security Standard (PCI DSS) is fast becoming the de facto standard for securing critical infrastructure across many industries. This is because a large number of businesses (much larger than originally envisioned) process credit cards and are, therefore, required to be PCI compliant. The PCI DSS, unlike other regulatory regimens, codifies best practices through precise and specific requirements for implementation and compliance audits. The recent spate of data leaks and security breaches have also sparked a sense of urgency amongst businesses to become PCI compliant in the hope that the implementation will improve their security as well.

By David Mortman
I always find RSA interesting because in addition to the official theme of the conference (what was this year’s anyways?) there is the unofficial theme, that usually comes from either the show floor (Everyone remember how every year from 1999 through 2003 was “The Year of the PKI”?) or from the talks themselves. 

By David Mortman
I spent some time earlier this week at mini-metricon, a workshop that was inspired by the success of Andrew Jaquith’s security metrics mailing list and the larger Metricon which is held each year in conjunction with the USENIX Security Conference. In essence members of the mailing list gather each year on the Monday before RSA and share what they are doing with regards to security merics within their organizations.