Speaking of Security, the RSA Blog and Podcast

Follow-up on RSA Conference

blog@rsa.com (Sean Kline) — Tue, 13 May 2008 00:00:00 GMT

It was another great RSA Conference this year, with interesting workshops, great exhibitor activity, informative sessions and lots of time to network with customers, partners and fellow employees. My flight was cancelled on Sunday, so I missed the Concordia Workshop on Monday, but the Liberty Alliance Workshop was very interesting. Geisinger Health System had a very nice presentation on how they are using federation to provide improved information to health care providers to improve patient care, particularly in emergency room visits. RSA also made a number of exciting announcements...

Speaking of Security Podcast #104

blog@rsa.com (Podcast Producers) — Mon, 12 May 2008 00:00:00 GMT

Click to Listen/Download (10:14)

Paul Joyal interview's the President of Corporate Integrity, Michael Rasmussen, about "Developing a Sustainable and Cost Effective IT Compliance Program." For the companion white paper, click here. Other RSA resources on this approach can be found at www.rsa.com/compliance.

Speaking of Security Podcast #103

blog@rsa.com (Podcast Producers) — Mon, 05 May 2008 00:00:00 GMT

EMC PowerPath Encryption with RSA

Happy Cinco de Mayo and welcome to the latest Speaking of Security video podcast. Today Host Paul Joyal speaks with Colin Bailey of EMC and Katie Curtin-Mestre of RSA, The Security Division of EMC, about this new scalable solution that leverages RSA Key Manager for the Datacenter.

Is it safer to fly or drive? (and why you can't do one without the other)

blog@rsa.com (Kevin Bowers) — Thu, 01 May 2008 00:00:00 GMT

Kevin Bowers is a Research Scientist at RSA Laboratories. Here are his views on the controversy surrounding REAL ID. What do you think?

I'm getting married this summer and my family will be traveling to the wedding. In order to make the trip, my parents recently renewed their passports. Not because I'm getting married at an exotic destination, but because they live in Montana and have to fly to the wedding. Like several other states, Montana has refused to comply with the requirements of the REAL ID Act of 2005. The Department of Homeland Security (DHS) had threatened to prevent residents from those states from using their state-issued driver's licenses as identification at airport security, effective May 11th. As it happens, the DHS recently granted all states an extension to the May 11th deadline, allowing them additional time to become REAL ID compliant.

Speaking of Security Podcast #102

blog@rsa.com (Podcast Producers) — Mon, 28 Apr 2008 00:00:00 GMT

Click to listen or download (6:39)

Paul Joyal interview's RSA's Paul Davilman on What is Sarbanes-Oxley & How is it Applicable to IT Security? For additional information on SOX and IT Security, read more here.

U.S. Congress should pass cyber-crime legislation this year -- when will the House of Representatives finally act?

blog@rsa.com (Shannon Kellogg) — Wed, 23 Apr 2008 00:00:00 GMT

As I mentioned in a blog post in late October 2007, the IT industry and other stakeholders have been calling for the U.S. Congress to pass legislation that would help empower law enforcement to more effectively investigate and prosecute cyber criminals -- while updating penalties in U.S. criminal code so that the punishment fits the crime. It's stunning to me that the Congress has not yet sent legislation to the President for his signature to address this important issue...

Speaking of Security Podcast #101

blog@rsa.com (Podcast Producers) — Tue, 22 Apr 2008 00:00:00 GMT

Click here to download/listen (11:23).

In a recent RSA Web Seminar, Juniper Networks' Smitha Murthy and RSA's John Masotta discussed the benefits of an SSL VPN and how best to secure its access with strong authentication. Hear a snippet in this week's podcast or check out the entire replay of the event.

Older and wiser

blog@rsa.com (Uriel Maimon) — Mon, 21 Apr 2008 00:00:00 GMT

Today (the date I'm writing this entry) is my birthday. Birthdays are a time of quiet contemplation for me (and quiet desperation for my mother). As I think about the past year and the progress I've made (things are looking good for my long-term goal of spending my old age miserable and alone), I keep thinking of change and how people and things advance. The past year has shown much progress. Women have rejected me, technology products have been launched, iPhones were purchased and even the world of financial crime has not been silent. The Rock Phish group is a phishing gang believed to be based out of Russia -- and, by some accounts, is responsible for roughly 50% of phishing attacks by volume...

RSA Conference 2008 - A Week to Remember

blog@rsa.com (Shannon Kellogg) — Thu, 17 Apr 2008 00:00:00 GMT

I have been attending RSA Conferences since early this decade. The U.S. version of the Conference has been around since 1991 and it's grown from 50 attendees (all cryptologists) to around 17,000 participants annually from the private and public sectors including security professionals, business executives, lawyers, academics, privacy advocates, regulators, and journalists. For the first-time attendee it can be absolutely overwhelming because there are so many speakers, so many issues, so many events during the week, and if you go to the show floor, literally hundreds of organizations showing their wares.

Well, being a veteran RSA Conference attendee, I thought I was ready for another busy but ultimately manageable week despite the multiple commitments and responsibilities that I had to balance. Well, that theory was turned on its head, starting on Sunday...

Speaking of Security Podcast #100!

blog@rsa.com (Podcast Producers) — Wed, 16 Apr 2008 00:00:00 GMT

The Challenges of Identity Assurance with Marc Gaffan

In Speaking of Security's blockbuster 100th security podcast we talk to Marc Gaffan, Director Product Marketing, about Identity Assurance and its importance to enterprise-level security and compliance.

Your Suggestions to Transform Security from a Roadblock to a Catalyst for Business Innovation

blog@rsa.com (Blog Editor) — Wed, 09 Apr 2008 00:00:00 GMT

Yesterday at the RSA Conference Art Coviello addressed how security fears have stifled innovation at organizations large and small around the world. IDG Research reports that 80 percent of IT, security, and business executives surveyed admit that their organizations have shied away from business innovation opportunities because of information security concerns.

RSA is committed to countering this trend by starting an industry-wide conversation about smart ways to manage information risk. As we mentioned in yesterday's blog posting, we were able to pick the brains of 10 top security executives from global enterprises in a variety of industries and get THEIR suggestions. But we'd like to hear from you...

Secretary Michael Chertoff, Department of Homeland Security to Speak at RSA Conference Today

blog@rsa.com (Blog Editors) — Tue, 08 Apr 2008 08:00:00 GMT

His keynote will begin at 11:30 AM. Let us know if you're going to be there and leave us your impressions.

Art Coviello on "Thinking Security"

blog@rsa.com (Blog Editor) — Tue, 08 Apr 2008 00:00:00 GMT

This morning at Art Coviello, Executive Vice President, EMC Corporation and President, RSA, The Security Division of EMC, gave his yearly keynote at the RSA Conference in San Francisco. Art uses this venue each year to present a "state of the industry"--reviewing major security developments--and to share his ideas on where security is going in the coming year.

Here is a transcript of the talk: http://www.rsa.com/innovation/docs/coviellokeynote2008.pdf

It's a good read, with a lot of interesting insights...

Speaking of Security Podcast #99

blog@rsa.com (Podcast Producers) — Mon, 31 Mar 2008 00:00:00 GMT

Click here to download/listen (11:15).

Part 2: Paul Joyal speaks with award-winning USA Today journalists, Byron Acohido and Jon Swartz. They are the co-authors of Zero Day Threat: The Shocking Truth of How Banks and Credit Bureaus Help Cyber Crooks Steal Your Money and Identity, which is scheduled for an April 2008 release. Byron and Jon talk about the inspiration for their book and more in part two of this two-part interview. See Byron, Jon and Paul next week at the RSA® Conference 2008, registrations are still being accepted!

The New Wave In Virtual Private Network Authentication

blog@rsa.com (Sean Kline) — Fri, 28 Mar 2008 00:00:00 GMT

While RSA, The Security Division of EMC has evolved into a broad organization focusing on Information-Centric Security through Information Risk Management, securing Virtual Private Networks (VPNs) is still a significant portion of our business. The main use case for RSA SecurID, in its various forms, continues to be supporting the needs of the mobile workforce. As organizations mature, they are now extending beyond the VPN power user to additional (and often very large) populations ...

Speaking of Security Podcast #98

blog@rsa.com (Podcast Producers) — Mon, 24 Mar 2008 00:00:00 GMT

Click here to download/listen (10:35).

Part 1: Paul Joyal speaks with award-winning USA Today journalists, Byron Acohido and Jon Swartz. They are the co-authors of Zero Day Threat: The Shocking Truth of How Banks and Credit Bureaus Help Cyber Crooks Steal Your Money and Identity, which is scheduled for an April 2008 release. Byron and Jon talk about the inspiration for their book, the state of cybercrime, and more in part one of this two-part interview. Tune in next week for part two!

Bush Administration to set up national cyber security center; taps Silicon Valley entrepreneur to lead the group

blog@rsa.com (Shannon Kellogg) — Thu, 20 Mar 2008 00:00:00 GMT

Another announcement related to the Bush Administration's Cyber Security Initiative is expected in the next day or so and it is likely that an entrepreneur from Silicon Valley will head a new interagency group that will coordinate cyber defenses across the federal government. As reported today by Brian Krebs of the Washington Post, "...Sources in the government contracting community said that the White House is expected to announce as early as today the selection of Rod A. Beckstrom as a top level adviser to be based in the Department of Homeland Security."

View Krebs' entire article.

The Bush Administration has been ratcheting up its focus on information security over the past year, but is starting to roll out its cyber security initiative...

Speaking of Security Podcast #97

blog@rsa.com (Podcast Producers) — Mon, 17 Mar 2008 00:00:00 GMT

Click here to download/listen (04:13).

Tim Mather, Chief Security Strategist for RSA Conferences, talks about the role of the Chief Security Officer and how that role might evolve in the years to come. RSA® Conference 2008 is where you can hear more from leading information security professionals at the world's largest industry conference and expo when it comes to San Francisco, CA, April 7-11. For a free RSA Conference 2008 Expo Pass, courtesy of RSA, The Security Division of EMC, email podcast@rsa.com with your request before April 4 and we'll send you a special registration code.

Speaking of Security Podcast #96

blog@rsa.com (Podcast Producers) — Mon, 10 Mar 2008 00:00:00 GMT

Click here to download/listen (06:01).

What's the Buzz? RSA® Conference 2008 is the world's largest information security industry conference and expo and it comes to San Francisco, CA, April 7-11. Paul Joyal talks to Sandra Toms LaPedis, Area Vice President and General Manager of RSA Conferences, about what makes this event so special and what's new for this year's attendees. AND for a free RSA Conference 2008 Expo Pass, courtesy of RSA, The Security Division of EMC, email podcast@rsa.com with your request before April 4 and we'll send you a special registration code.

Speaking of Security Podcast #95

blog@rsa.com (Podcast Producers) — Wed, 05 Mar 2008 00:00:00 GMT

New Developments in Online Fraud with Joram Borenstein

In Speaking of Security's newest video podcast we talk to Joram Borenstein, Senior Product Manager, about the latest strategies of online fraudsters.

Speaking of Security Podcast #94

blog@rsa.com (Podcast Producers) — Mon, 25 Feb 2008 00:00:00 GMT

Click here to download/listen (07:52).

RSA, The Security Division of EMC, RSA is pleased to invite you to our first global technical user conference hosted at EMC World 2008 in Las Vegas, May 19-22, 2008. RSA Xchange brings together a rich community of like-minded security professionals with an interest in learning from each other, partners and RSA product and engineering experts. Cathy Long joins Paul Joyal to talk about this new and unique opportunity.

Speaking of Security Podcast #93

blog@rsa.com (Podcast Producers) — Mon, 11 Feb 2008 00:00:00 GMT

Click here to download/listen (07:54).

UPEK® Inc., a leading brand of secure biometric fingerprint solutions, recently announced a joint technology solution combining the convenience and security of biometrics in millions of existing notebook computers with the market-leading strong authentication solution from RSA. Matt Buckley talks with Brian DeGonia from UPEK about this solution.

Please note, we'll be taking a short winter break next week in honor of President's Day - but watch for our next episode on February 25.

Speaking of Security Podcast #92

blog@rsa.com (Video Podcast Producers) — Tue, 05 Feb 2008 00:00:00 GMT

RSA Channel Strategy with Joe Gabriel

In Speaking of Security's second video podcast we talk to Joe Gabriel, Manager, Channel Marketing, about RSA's strategy for channel enablement.

Borderline Security

blog@rsa.com (Dr. Ari Juels) — Tue, 29 Jan 2008 00:00:00 GMT

The U.S. Passport card or PASS (People Access Security Service) card, a new travel document, is slated for issue by the federal government in the spring of this year. A poor cousin to the standard passport, it's more compact and less expensive, but valid only at land and sea points of border entry into the United States, not for air travel. The PASS card emerged as part of the Western Hemisphere Travel Initiative (WHTI), which phases out drivers' licenses as border-crossing documents for the U.S.

I've heard two starkly contrasting opinions on the security of the PASS card...

Speaking of Security Podcast #91

blog@rsa.com (Podcast Producers) — Mon, 28 Jan 2008 00:00:00 GMT

Click here to download/listen (07:55).

Speaking of Security Blogger Sean Kline talks with Paul Joyal about his top 5 intriguing ideas for authentication for 2008.

How to fraudulently elect a president

blog@rsa.com (Sean Kline) — Wed, 23 Jan 2008 00:00:00 GMT

As most know, the United States is in the midst of primary elections for presidential candidates. I live in New Hampshire, so woke at around 5:00am a couple of Tuesdays ago eager to participate in the democratic process (I went early because I had a flight the same day to Germany...more on that later). After getting to the front of the line, the pleasant elderly volunteer proceeded to authenticate me so that I could vote. The authentication method she used was name and address. She had a three ring binder with everyone's name printed in an easily readable large font size. The only problem was that she exposed the credential type, the name and the address for me to misuse as I pleased! Now I know that I am not the first to bring this up or write about it. Even so, it boggles my mind that after having to go to the Supreme Court the last time we went through this exercise to select our president, we would not take more care with the voting process...

Speaking of Security Podcast #90

blog@rsa.com (Podcast Producers) — Mon, 21 Jan 2008 00:00:00 GMT

Click here to download/listen (08:52).

Matt Buckley interviews Jon Oltsik, Senior Analyst, Enterprise Strategy Group, about his paper and thoughts on an information-centric security architecture.

Speaking of Security Podcast #89

blog@rsa.com (Podcast Producers) — Mon, 14 Jan 2008 00:00:00 GMT

Click here to listen/download (09:40).

Speaking of Security Blogger Shannon Kellogg talks with Matt Buckley about the state of information security from a Washington, D.C. point of view.

Speaking of Security Podcast #88

blog@rsa.com (Video Podcast Producers) — Mon, 07 Jan 2008 00:00:00 GMT

Welcome to a new year of RSA's Speaking of Security Podcast. Today we introduce our first Video Podcast!

This week RSA Compliance Specialist, Dave Howell, offers his view on the future of the Payment Card Industry Data Security Standard and the evolution of online fraud.

Speaking of Security Podcast #87

blog@rsa.com (Podcast Producers) — Wed, 19 Dec 2007 00:00:00 GMT

Click here to listen/download (11:15).

This is our final broadcast for 2007. This week's topic is Information Risk Management, an information-centric strategy that provides the most effective means of recognizing, assessing and mitigating the risk that information is exposed to throughout its lifecycle. Hear from a recent RSA Web Seminar conducted in collaboration with TowerGroup, on how financial institutions can leverage a sound IRM strategy. A companion white paper on the subject is also available.

Federal Information Security and Management Act -- Five Years On

blog@rsa.com (Shannon Kellogg) — Tue, 18 Dec 2007 02:00:00 GMT

An anniversary recently passed amid a heightened focus in Washington, D.C. on the status of federal information security: the Federal Information Security and Management Act (FISMA) just completed its fifth year on the books as a federal law.

As the follow up to the Government Information Security Act of 2000, FISMA established an updated legal framework for federal information security, including baseline security standards for federal agencies. I remember that the information security community was excited about FISMA and its promise.

So, what's the verdict five years later? In my opinion it's a mixed bag. On one hand, FISMA has arguably increased awareness of, and focus on, federal information security...

She could totally be mine...

blog@rsa.com (Uriel Maimon) — Tue, 18 Dec 2007 00:00:00 GMT

I was sitting with my friend R. in a bar. My friend was completely ignoring me (a rather stimulating treatise on how my failure with women is caused by millions of years of human evolution. I've entitled this thesis "Nature or nurture, culture or genes: Pick any one -- or all of the above"), and was focusing on a girl on the other side of the bar.

"She could be your daughter," I told R. He continued ignoring me, and said, "She could totally be mine..."

"Perhaps, but she won't," I said. "You're 38, you have a girlfriend and you were telling me the other day you were thinking of proposing to her."...

In response to "Soft tokens aren't tokens at all"

blog@rsa.com (Sean Kline) — Tue, 11 Dec 2007 00:00:00 GMT

This blog entry is in response to this post in the Securology blog.

You raise some interesting points on which I would like to comment. First, RSA believes that there are always tradeoffs between strength of security, cost and ease of use. The key (no pun intended) is matching the right means of authentication to the right level of risk. This is why we have such a broad range of authentication types and form factors.

To some of your specific points, RSA SecurID hardware and software authenticators are both forms of multi-factor authentication. In the case of hardware authenticators, they are based on something you have (the physical authenticator) and something you know (your password or Personal Identification Number). Software authenticators work the same way depending on the form factor and can include other factors....

Speaking of Security Podcast #86

blog@rsa.com (Podcast Producers) — Mon, 10 Dec 2007 17:00:00 GMT

Click here to listen/download (08:39).

This week Paul Joyal speaks with Tom Corn, Vice President of Data Security Products for RSA, about Data Loss/Leakage Prevention (DLP) and RSA's approach to the issue along with how it differs from other players.

Top Five Intriguing Ideas for Authentication in 2008

blog@rsa.com (Sean Kline) — Mon, 10 Dec 2007 00:00:00 GMT

Controls as part of a broader strategy
Organizations still make decisions on how to authenticate requests (often users) based on individual applications, infrastructure deployments or regulatory requirements. This is one of the contributors to a "quilt of security doilies", to paraphrase the CTO of a top bank who I met recently. Point security solutions have proliferated throughout organizations making it very difficult and costly to manage. In 2008, organizations will increasingly adopt frameworks like Information Risk Management to assess which threats to mitigate, inventory the types of controls (including authentication) that they need and take a more holistic approach to implementing their strategy...

Speaking of Security Podcast #85

blog@rsa.com (Podcast Producers) — Mon, 03 Dec 2007 00:00:00 GMT

Click here to listen/download (07:15).

This week, hear from Ari Juels, Speaking of Security blogger and Chief Scientist for RSA Laboratories. Ari tells us about some projects that his team is working on including "Proofs of Retrievability" and the WARP token for wireless authentication.

Massive data loss by key U.K. government agency could affect millions of British citizens

blog@rsa.com (Shannon Kellogg) — Mon, 26 Nov 2007 00:00:00 GMT

Not since the infamous U.S. Veterans Administration breach, when a laptop containing information on 26.5 million veterans was stolen in 2006, have we seen a breach of sensitive data like the one that occurred in the United Kingdom last week. According to news reports, two disks containing the records of 7.25 million families and around 25 million people were lost by Her Majesty's Revenue and Customs agency as they were being transferred to the UK's National Audit Office.

Is the Bush Administration Getting Serious About Information Security?

blog@rsa.com (Shannon Kellogg) — Fri, 16 Nov 2007 00:00:00 GMT

Earlier this month, President Bush requested $154 million in FY2008 funding for expanding cyber security initiatives at the Department of Homeland Security (DHS) and other federal agencies. The majority of the initial budget request (which would shift current government fiscal year money from other projects) will reportedly be focused on expanding DHS's "Einstein" program, which is run by the U.S. Computer Emergency Readiness Team. See this Federal Computer Week story by Jason Miller titled White House officials ask for $154 million in new cybersecurity spending for more background.

Focus on software assurance increases in U.S., U.K. and other markets

blog@rsa.com (Shannon Kellogg) — Thu, 15 Nov 2007 00:00:00 GMT

I traveled quite a bit during the month of October - which was National Cyber Security Awareness month here in the U.S. - and there was one issue that came up frequently during my various business trips to locations around the U.S. and one to London: software assurance. It's really a continuation of a theme that I have come across during the course of the last couple of years: as breaches of information security have become more and more frequent - whether perpetrated by cyber-criminals looking to make a fast buck; or by nefarious actors breaking into systems to commit espionage; or in the case of entire countries (e.g. Estonia) that have seen their critical infrastructure attacked via cyberspace - governments have become increasingly focused on product security. The issue of security within products that are integral parts of systems or networks is clearly gaining the attention of government decision makers around the world...

Speaking of Security Podcast #84

blog@rsa.com (Podcast Producers) — Mon, 12 Nov 2007 00:00:00 GMT

Click here to listen/download (07:27).

Paul Joyal speaks with Dan Wilson, Vice President and Co-Founder of Accuvant, one of RSA's key channel partners about their business, their information-centric strategy for security, and a recent award that they received. Please note that we will be taking a short break for the U.S. Thanksgiving holiday, but will be back with another podcast for the week of December 3, 2007.

Speaking of Security Podcast #83

blog@rsa.com (Podcast Producers) — Mon, 05 Nov 2007 00:00:00 GMT

Click here to listen/download (09:56).

Matt Buckley speaks with EMC Vice President of Technology Alliances, Chuck Hollis, about Security and Virtualization. Read more from Chuck at chucksblog.emc.com.

Fish, Subprime Mortgages, and Data Storage

blog@rsa.com (Ari Juels) — Fri, 02 Nov 2007 00:00:00 GMT

In his Histories, Herodotus tells the story of Polykrates, overlord of the island of Samos. The king of Egypt counseled Polykrates to throw away some possession of great value, lest a surplus of good fortune bring him tragedy. Heeding this advice, Polykrates pitched his most prized possession, an emerald ring, into the sea. Several days later, a fisherman brought Polykrates a fish as tribute. When the fish was cut open, it was discovered to contain the fatal ring. (Polykrates was, of course, brutally murdered soon afterward.) Herodotus's story (and book) was crafted as a parable about hubris. It is also a good parable about banking--and more generally about risk...

Smart Cards and Risk

blog@rsa.com (Sean Kline) — Mon, 29 Oct 2007 00:00:00 GMT

One of the concepts that RSA and EMC are starting to focus on more is risk. For some, risk has a negative connotation, such as the chance of suffering some type of loss or damage. From a finance perspective, risk is perhaps a more neutral term in that with increased risks (there is a relationship to volatility), one expects a greater return. This has relevance in information-centric security as well...

Speaking of Security Podcast #82

blog@rsa.com (Podcast Producers) — Mon, 29 Oct 2007 00:00:00 GMT

Click here to listen/download (08:07).

Last week's RSA Conference Europe is over but you can hear from some of last week's expert speakers, like Marika Konings, Director of European Affairs for the Cyber Security Industry Alliance, in the Conference Podcasts section of www.rsaconference.com/2007/europe. Paul gets an event recap from the Conference Manager, Linda Lynch, and we share part of an interview with Marika from the show floor in this week's podcast.

Speaking of Security Podcast #81

blog@rsa.com (Podcast Producers) — Mon, 22 Oct 2007 00:00:00 GMT

Click here to listen/download (07:07).

This week we revisit a recent RSA web seminar held in late September. Nick Selby, Security Research Director from the analyst firm, The 451 Group, shares some key tips for securing web portals, by providing the right protection and level of access to information for trusted identities. To review the entire 9/25 webcast replay, visit www.rsa.com/webseminars.

Hey, do I know you?

blog@rsa.com (Uriel Maimon) — Mon, 22 Oct 2007 00:00:00 GMT

My friends have gotten tired of hearing me talk about how dreadful it is to be single. One of my friends S. (who has four children and a mortgage) suggested that I take over looking after his kids while *he* wakes up with a hangover next to a half-empty bottle of Jack Daniels and photos of a wild party and the younger sister of one of my work colleagues (Hi M!). Another friend, R, asked me why I don't frequent the singles bar scene. I replied that I'm looking for a sun-drenched wind-swept Ingrid Bergman kiss, a heart touching romance and a soul companion -- not some sordid meaningless fling. He sagely nodded his head and voiced his hopes that I enjoy the rest of my long life looking forward to dying alone...

U.S. House Passes Resolution on Cyber Security

blog@rsa.com (Shannon Kellogg) — Fri, 19 Oct 2007 00:00:00 GMT

As issues around cyber security continue to heat up in the wake of several high profile data security breaches in the public sector -- and with increasing concern about cyber vulnerabilities in our nation's critical infrastructures, the U.S. House of Representatives passed a resolution this week recognizing the importance of the issue. The resolution, H. RES. 716, was introduced by Congressman Jim Langevin (D-RI) with strong bi-partisan support. The purpose of the Resolution was for: "Expressing the sense of Congress with respect to raising awareness and enhancing the state of computer security in the United States, and supporting the goals and ideals of National Cyber Security Month."...

IT Industry to Congress: Help Needed to Fight Cyber-crime

blog@rsa.com (Shannon Kellogg) — Tue, 16 Oct 2007 00:00:00 GMT

On October 16th, in the bowels of the U.S. Capitol Building, the Business Software Alliance organized a briefing on cyber-crime issues that was attended by congressional staff members, industry experts and media representatives. Art Coviello, President of RSA, The Security Division of EMC, delivered the industry keynote; U.S. Representative Steve Chabot (R-OH) provided remarks from a congressional perspective. Congressman Chabot is a co-sponsor of H.R. 2290, the Cyber Security and Enhancement Act of 2007, along with U.S. Representative Adam Schiff (D-CA). H.R. 2290, if passed, would include changes to law that would: criminalize malicious botnet attacks...

Speaking of Security Podcast #80

blog@rsa.com (Podcast Producers) — Fri, 12 Oct 2007 00:00:00 GMT

Click here to listen/download (08:07).

October is National Cyber Security Awareness Month. We celebrate by speaking with James A. Lewis, Director and Senior Fellow, Technology and Public Policy Program at the Center for Strategic and International Studies in Washington, D.C., about cyber security in the federal government and around the world.

Speaking of Security Podcast #79

blog@rsa.com (Podcast Producers) — Mon, 08 Oct 2007 00:00:00 GMT

Click here to listen/download (10:39).

Martin McKeay, among others, have recently blogged about the value of the CISSP (Certified Information Systems Security Professional) certification. Paul Joyal speaks with leading IT author, Shon Harris, about the CISSP and other certifications that IT Security Professionals seek to add to their credential lists and knowledge-bases.

National Cyber Security Month Kicks Off at the National Press Club

blog@rsa.com (Shannon Kellogg) — Wed, 03 Oct 2007 00:00:00 GMT

This month, I'll be posting blogs several times a week given that this is National Cyber Security Awareness Month. To kick off this year's campaign, the 2007 National Cyber Security Awareness Summit was held at the National Press Club in Washington, D.C. on October 1st.
Below, you will find a post from the Summit:

I was encouraged by the strong turnout at the inaugural National Cyber Security Awareness Summit, the 4th time that October has been recognized officially as National Cyber Security Awareness Month. You know that you are going to have good event when the room is half full 30 minutes before start time.

I thought that Assistant Secretary Greg Garcia captured the heightened interest in the topic...

Speaking of Security Podcast #78

blog@rsa.com (Podcast Producers) — Mon, 01 Oct 2007 00:00:00 GMT

Click here to listen/download (06:12).

RSA announces its solution for Information Risk Management for financial services organizations worldwide this week at SIBOS in Boston. Listen to Ann King, Senior Manger for Solutions Marketing, talk about this approach to following information within a financial institution throughout its lifecyle -- revealing where the risks lie to present a holistic view of risk related to information across the enterprise.

Another 'shoe' drops -- DHS cyber security breach top of news this week

blog@rsa.com (Shannon Kellogg) — Tue, 25 Sep 2007 00:00:00 GMT

On the cyber security front, the nation's capital is abuzz this week about breaches of information systems at the U.S. Department of Homeland Security (DHS). In a Washington Post article on Monday, September 24, writers Ellen Nakashima and Brian Krebs reported that the "...FBI is investigating a major information technology firm with a $1.7 billion Department of Homeland Security contract after it allegedly failed to detect cyber break-ins traced to a Chinese-language Web site and then tried to cover up its deficiencies, according to congressional investigators."

Speaking of Security Podcast #77

blog@rsa.com (Podcast Producers) — Mon, 24 Sep 2007 00:00:00 GMT

Click here to listen/download (10:27).

This week we welcome back two previous guests, Dave Howell and Peter Beardmore. First, we share information about the PCI DSS (Payment Card Industry Data Security Standard) from a recently commissioned survey by Forrester. And we also talk about unified credential management in the enterprise.

U.S. Ratcheting up Cyber Defenses in Wake of High Profile Cyber Attacks in 2007?

blog@rsa.com (Shannon Kellogg) — Fri, 21 Sep 2007 00:00:00 GMT

Finally, the cyber security issue may just be getting the attention that it deserves at the national leadership level in the United States. In an RSA Speaking of Security blog post in early July, I asked the question: Will the recent cyber attacks on Estonia be a wake up call for European and U.S. leaders? I noted in that post that the answer in Europe was apparently yes and referenced quotes in a June 30th Reuters story from European Information Society Commissioner Vivian Reding: "Estonia was a wake up call...If people do not understand the urgency now, they never will."...

Security is Everybody's Job

blog@rsa.com (Jamie Barnett) — Tue, 18 Sep 2007 00:00:00 GMT

It was blasphemy at the time. At the 2007 RSA Conference in San Francisco, our President, Art Coviello, made the claim that the standalone security market was not long for this world. Some in the audience must have thought he was Looney Tunes, making a claim like that at a longtime venue dedicated to all things security. In my role driving integrated solutions of RSA technology and EMC products, I speak with security, IT, and storage professionals regularly to understand their requirements and preferences for integrating security into information infrastructure products. The single biggest common thread between them is this: security seems to be everybody's job these days. These things tie: security-baked-in and security-as-everybody's-job...

Speaking of Security Podcast #76

blog@rsa.com (Podcast Producers) — Mon, 17 Sep 2007 00:00:00 GMT

Click here to listen/download (07:41).

Online fraud is becoming more like a traditional industry. Researchers at the RSA Anti-Fraud Command Center are hard at work as they learn more and more about how the underground world of online fraud works and how security professionals can get one step ahead. This week, Jens Hinrichsen, Senior Product Marketing Manager in RSA's Identity and Access Assurance Group, takes us deeper into this world. Learn even more on the 9/18 Web Seminar: A VIEW OF THE GROWING CRIMEWARE THREAT IN ACTION.

Increased Interest in Device-Specific Strong Authentication

blog@rsa.com (Sean Kline) — Fri, 14 Sep 2007 00:00:00 GMT

Customers are expressing an increased interest in having strong authentication mechanisms on a variety of client devices. Service providers, also, are interested in ensuring that end users are able to employ their mobile phones for two-factor authentication. Such organizations may also play the role of outsourcer and are concerned with the provisioning of credentials and new support models. Some of the drivers for this are longstanding, such as increased proliferation of mobile devices to remote employees, partners and consumers.

Ericsson¹ predicts that global mobile subscriptions will reach 5.5 billion by 2012. Since people are used to carrying phones, these mobile devices become very convenient containers for strong authentication credentials needed for secure remote access. Others drivers are more visionary...

Speaking of Security Podcast #75

blog@rsa.com (Podcast Producers) — Mon, 10 Sep 2007 00:00:00 GMT

Click here to listen/download (09:58).

Paul Joyal talks with Bret Hartman, RSA's CTO, about the Common Security Platform, the process that integrates EMC and RSA technologies. And Matt Buckley introduces our newest Speaking of Security blogger, Manju Mude, Senior Compliance Analyst at RSA.

Speaking of Security Podcast #74

blog@rsa.com (Podcast Producers) — Mon, 27 Aug 2007 00:00:00 GMT

Click here to listen/download (10:38).

As a follow-up to the Aug. 13 podcast, we present an excerpt from the Aug. 15 RSA web seminar: "Combining Network Access Control (NAC) with Strong Authentication." Denzil Wessels, technical marketing manager, Juniper Networks, takes us through what a NAC solution provides to an IT infrastructure. Click here for the entire replay of the webcast and/or download the accompanying slide deck. The Podcast Team will take Sept. 3 off for the U.S. Labor Day holiday but will return on Sept. 10 with a new edition.

A Data Security Philosophy, According to Sisyphus

blog@rsa.com (Chris Parkerson) — Wed, 22 Aug 2007 00:00:00 GMT

In Greek mythology, Sisyphus was a king who was extremely crafty and dishonest, and the punishment brought down upon him from the gods was to roll a very large boulder up a hill. each time Sisyphus attempted to do this, the boulder would escape him before he was able to reach the top, and so he had to begin the task all over again... This continued throughout eternity. This analogy has been applied to many problems over the course of history, including within the world of IT - where no matter how many resources are employed to solve a particular problem, it can be quite typical for the issue at hand to remain either largely or completely unsolved, and just as daunting as it had been before. While I don't think we have quite reached a "Sisyphean state" in data security, an RSA survey conducted by Forrester Consulting...

Speaking of Security Podcast #73

blog@rsa.com (Podcast Producers) — Mon, 20 Aug 2007 00:00:00 GMT

Click here to listen/download (08:06).

Matt Buckley discusses the state of data security with Paul Stamp, Principal Analyst, Forrester Research. Paul is a leading expert on enterprise security technology, focusing on security architecture, and data security technologies, such as enterprise encryption.

Should Employees Carry So Much of the Heavy Burden of Security?

blog@rsa.com (Chris Parkerson) — Wed, 15 Aug 2007 00:00:00 GMT

Over the past year we have witnessed a significant increase in the number of data breach incidents due to mistakes by internal employees at many respected companies. These incidents run the gamut from missing or stolen laptops, vanishing BlackBerry's and disappearing USB drives. The typical response from companies that have suffered these sorts of breaches is: "Our policy prohibits employees from putting unencrypted sensitive company information on laptops, PDAs, and other devices." While you will get no argument from me that this is a good policy, how much of the responsibility for ensuring this policy is followed as intended should really fall on the employee's shoulders? Is it really possible to expect employees to be educated enough about such policies to always do the right thing?...

Speaking of Security Podcast #72

blog@rsa.com (Podcast Producers) — Mon, 13 Aug 2007 17:00:00 GMT

Click here to listen/download (09:24).

Last week RSA, The Security Division of EMC, announced its intent to acquire Tablus Inc., a leading provider of data loss prevention solutions based in San Mateo, California. This acquisition should significantly expand RSA's Data Security Strategy, adding key technologies to help discover, classify and protect sensitive information. Tom Corn, Vice President of Products for RSA's Data Security Group tell us more. And the RSA Web Seminar Series presents "Combining Network Access Control (NAC) and Strong Authentication" on with technology partner, Juniper Networks. Listen to a preview of what you could learn during this event on August 15 or on the replay.

The Return on Investment for Securing Information

blog@rsa.com (Sean Kline) — Mon, 13 Aug 2007 00:00:00 GMT

There have been quite a few blogs written about the Return on Investment (ROI) of security. Amrit Williams has several links in his recent discussion of the topic. This reminds me of some work that I did with BearingPoint on the ROI of a Services-Oriented Architecture (SOA), a similarly challenging area in which to quantify value. The framework we used for justification involved underlying business initiatives, traditional ROI metrics and overall strategic drivers. The difficulty in quantifying a business initiative, like extending services through new distribution channels via federation, may be relatively low. Quantifying traditional ROI metrics, on the other hand, may range in difficulty. The value of risk reduction may be more amorphous...

Summer School on Trusted Infrastructure

blog@rsa.com (Burt Kaliski) — Tue, 07 Aug 2007 00:00:00 GMT

One of many examples of the broader research opportunity RSA now has as part of EMC (as I described in my podcast on my new role) is this month's 1st Asia-Pacific Summer School on Trusted Infrastructure Technologies, which will be held in Guangdong, China. Dr. Wenbo Mao, who recently joined EMC to lead our new research center in Beijing, and his team have put together an excellent international program. Just as significant is the emphasis they've placed on providing sponsorships so that top students can attend...

Speaking of Security Podcast #71

blog@rsa.com (Podcast Producers) — Mon, 06 Aug 2007 00:00:00 GMT

Click here to listen/download (06:06).

Listen to how Bank of the West, the second largest bank based in California, has met the FFIEC guidance for providing multi-factor authentication to help further protect bank customers, their funds and personal information when banking online. The combination of deploying behind-the-scenes protection as well as visible site-to-user authentication is designed to provide strong security that involves bank customers in a user-friendly way, reassures them and boosts their confidence online, while not hindering their banking experience. Paul Joyal talks to CIO Donald Duggan about this initiative.

Speaking of Security Podcast #70

blog@rsa.com (Podcast Producers) — Mon, 30 Jul 2007 00:00:00 GMT

Click here to listen/download (10:15).

October's RSA Conference Europe promises to be bigger and better than ever! In this podcast we talk with two of the conference's movers and shakers from RSA's U.K. headquarters. And we also welcome our newest Speaking of Security Blogger, Sean Kline, and learn some of his thoughts for the RSA blog and what security topics he plans to tackle.

New Blogs on RSA Conference site

blog@rsa.com (Blog Editor) — Fri, 27 Jul 2007 00:00:00 GMT

Take a moment to review the new blog available over at RSA Conference. Recently hired Tim M. Mather, Chief Security Strategist, RSA Conference, offers his insights into the business of security--including mergers and acquisitions.

TechDirt, a well respected technology blog, is posing an interesting question: "Will Security Software Mergers and Acquisition Continue?" To me, the simple answer is 'yes'.

Speaking of Security Podcast #69

blog@rsa.com (Podcast Producers) — Tue, 24 Jul 2007 00:00:00 GMT

Click here to listen/download (10:55).

Speaking of Security Blogger, Shannon Kellogg, interviews Hord Tipton, former CIO of the U.S. Department of Interior. Hord shares a bit about how he led the reorganization and development the Department's IT infrastructure across eight major bureaus and how his focus moved more and more toward information security initiatives.

Phish and Foul

blog@rsa.com (Ari Juels) — Fri, 20 Jul 2007 00:00:00 GMT

"Phishing," as you probably know, is a form of online con game. Users are lured by e-mail messages to legitimate-seeming but criminal sites--typically falsified versions of their real banking sites--and encouraged to enter password information. Having harvested this information, the operators of the criminal sites use it to break into victims' accounts. (As the term suggests, most "phishing" e-mail goes wide of the mark, arriving as spam unconnected with the recipient's bank. A phishing expedition, though, can be profitable with only a few successes.) The remedies offered by the security community are numerous. Most prevalent are various types of red flags...

Out of the Box

blog@rsa.com (Uriel Maimon) — Thu, 19 Jul 2007 00:00:00 GMT

I went on a date the other night. She was a "set-up" from a new acquaintance at the office who did not know me well enough not to set me up on dates. So here I am sitting across from this blonde beauty, in a tapas bar, and she is gorgeous: her soft golden tresses frame a pale heart-shaped face and her curves are paralleled only by the desperately bored look in her glazed ice-blue eyes, through her drooping eye-lids. Now I'm as socially astute as anyone who has ever written network device drivers...

Speaking of Security Podcast #68

blog@rsa.com (Podcast Producers) — Mon, 16 Jul 2007 09:00:00 GMT

Click here to listen/download (11:01).

The Speaking of Security Podcast is back and offers an in-depth interview with Senior Product Marketing Manager, Jens Hinrichsen, regarding the evolution of phishing attacks. Big upticks of spear phishing and "man-in-the-middle" attacks. Also discusses the difference between Phishing and Crimeware/Malware. For more, check out the monthly RSA Online Fraud Intelligence Report.

Managing Security Event Information

blog@rsa.com (Blog Editors) — Mon, 16 Jul 2007 06:21:00 GMT

Recently EMCer Chuck Hollis addressed the challenges of managing and mining event data from network devices.

"A while ago, I opined that IMSPs (information management service providers) might be hampered by corporate information security mandates. At the time, I had started to meet customers who wouldn't consider using a service provider for backup, archiving, etc. simply because they (or their security officer) couldn't get over the idea of sending their important information to a third party for safekeeping. Since then, the tide seems to have turned. I see more and more customers who are actively pursuing strategies to move more and more of the information management burden to specialized service providers. I guess they're getting more comfortable with the security provisions of these offerings..."

Convergence of Access and Information Policies

blog@rsa.com (Sean Kline) — Tue, 10 Jul 2007 00:00:00 GMT

It has been a year since EMC announced its acquisition of RSA and it is very interesting to observe how our worldview has evolved. While we were not the first to report the deterioration of perimeters as a means to protect information, the industry still appears to operate in a very segmented fashion. I spoke at the Network Applications Consortium Spring Conference and there was great industry participation and discussion around Enterprise Authorization Management. The model that most people described at the conference still segments authentication from authorization and does not tend to talk about policy on the information itself...

Will the recent cyber attacks on Estonia be a wake up call for European and U.S. leaders?

blog@rsa.com (Shannon Kellogg) — Mon, 02 Jul 2007 00:00:00 GMT

Will the recent cyber attacks on Estonia be a wake up call for European and U.S. leaders? According to a Reuters story on Friday, June 30th, the answer is apparently yes – at least on the other side of the Atlantic Ocean. What about the U.S.?

Speaking of Security Podcast #67

blog@rsa.com (Podcast Producers) — Mon, 25 Jun 2007 00:00:00 GMT

Click here to listen/download (08:35).

We end our listener appreciation month with a discussion with Michael Farnum, a Security Engineer with Accuvant and prolific security blogger: An Information Security Place and for Computerworld. He talks about how performing a security assessment is like a trip to the dentist, about how educational organizations deal with security, and what he thinks are the hot issues in security for the second half of 2007. Please note that your Speaking of Security podcast team will be on hiatus for the next two weeks. Tune in on July 16 for our next edition. In the meantime, tell us what you think by taking our short survey.

Speaking of Security Podcast #66

blog@rsa.com (Podcast Producers) — Mon, 18 Jun 2007 00:00:00 GMT

Click here to listen/download (12:19).

RSA's annual Wireless Survey Results are in: "Wireless security highest in London; but one-fifth of business networks remain unsecured in all surveyed cities". Learn more from RSA Product Marketing Manager, John Masotta. And we share an excerpt from one of our popular past podcasts: an interview with "The Security Career Guy," Mike Murray.We also invite listeners to complete a short survey as part of Speaking of Security Podcast Listener Appreciation Month for a chance to win a $100 American Express Gift Card (Official Contest Rules).

REAL ID continues to have 'real' challenges

blog@rsa.com (Shannon Kellogg) — Mon, 18 Jun 2007 00:00:00 GMT

I have been meaning to write something about "REAL ID" for a while now, so will attempt to provide an update on what's happening with this initiative and some additional food for thought. What is REAL ID you say? Well, for those of you who haven't managed to hear about this identity card mandate, it started with the 9/11 Commission's recommendations (Recommendation #14 in fact) and became a matter of law in 2005 as the "REAL ID Act." The authors of the 9/11 recommendation and the subsequent legislation all were ostensibly aiming for the same thing: preventing the use of a fraudulent driver's license by terrorists through the development of safeguards that would help prevent tampering and use of such a document for false identification -- and that would also enable more effective and trustworthy authentication of individuals for purposes such as boarding a plane...

Anti-Phishing Education

blog@rsa.com (Burt Kaliski) — Tue, 12 Jun 2007 00:00:00 GMT

Markus Jakobsson -- a former RSA Labs scientist now leading a research program at Indiana University -- has pointed me to some great new cartoons developed together with Sukamol Srikwan that educate users on how to avoid phishing attacks. See www.SecurityCartoon.com.

Speaking of Security Podcast #65

blog@rsa.com (Podcast Producers) — Mon, 11 Jun 2007 00:00:00 GMT

Click here to listen/download (11:59).

On today's program, we hear from RSA's Chief Technical Officer in an interview recorded on-site at the recent EMC World event in Orlando, Florida. We also get a review of last week's Gartner IT Security Summit held in Washington, DC. And we continue through June with Speaking of Security Podcast Listener Appreciation Month, so listen in for a chance to win special prizes as offered in this week's podcast (Official Contest Rules).

Speaking of Security Podcast #64

blog@rsa.com (Podcast Producers) — Mon, 04 Jun 2007 17:00:00 GMT

Click here to listen/download (10:25).

June is Speaking of Security Podcast Listener Appreciation Month! What does this mean? Listen all month long for the chance to win special prizes and participate in unique listener opportunities. Also this week, Matt Buckley speaks with Marc Gaffan, RSA's Director of Product Marketing, about EMC's acquisition of Verid, Inc. and how Verid's knowledge-based authentication (KBA) solutions will enhance and extend RSA's current suite of consumer authentication solutions.

Factoring News

blog@rsa.com (Burt Kaliski) — Mon, 04 Jun 2007 13:00:00 GMT

The Numbers Guy has provided a clear and informative explanation of the recent factorization of the 1039th Mersenne number. I've add just a few comments on his recent blog entry, which I've said is otherwise "faultless" (continuing an earthquake metaphor introduced at the conclusion of his post):

Mersenne numbers, because of their special form, are especially shaky. They fall much more quickly to factoring methods than the "tested and approved" counterparts of the same length used in cryptography - which is the reason that Mersenne numbers are often targeted in factoring research.

...

White House issues updated guidance to federal agencies for safeguarding sensitive information

blog@rsa.com (Shannon Kellogg) — Wed, 30 May 2007 00:00:00 GMT

On May 22, 2007, the U.S. Office of Management and Budget (OMB) issued new guidance to federal agencies for both safeguarding sensitive data and responding to a data breach if one occurs. The memo, entitled Safeguarding Against and Responding to the Breach of Personally Identifiable Information" was sent by Clay Johnson, Deputy Director of Management at OMB, to the heads of executive departments and federal agencies. The May 2007 guidance follows the release of the President's Identity Theft Task Force Strategic Plan in late April 2007 and several high profile data breaches at federal agencies this year. How will federal agencies respond to the updated guidance? Time will tell...

The Cipher on the Wall

blog@rsa.com (Ari Juels) — Thu, 24 May 2007 00:00:00 GMT

"The writing is on the wall for 1024-bit RSA," one trade publication has declared in response to the recent announcement of the successful factoring of a 307-digit (1017-bit) number. As 1024 bits is the length of many RSA keys used in practice today, a short journalistic leap of fancy raises the specter of imperiled retail transactions on the Web. If there is writing on the wall for 1024-bit RSA, though, what's written is in cipher--and it's wholly unclear how long the cryptanalysis will take.

Speaking of Security Podcast #63

blog@rsa.com (Podcast Producers) — Tue, 22 May 2007 00:00:00 GMT

Click here to listen/download (07:30).

Our feature interview is with Speaking of Security Blogger, Burt Kaliski, now director of the EMC Innovation Network. Burt talks about the creation of the Network and about his transition from Director and Chief Scientist of RSA Laboratories. We also announce that June is Speaking of Security podcast listener appreciation month. Be sure to listen to the podcast during June for opportunities to win special prizes. Next week, we'll take a break for the U.S. Memorial Day holiday, and will return with a new edition on June 4.

Putting all one's eggs in a single basket

blog@rsa.com (Uriel Maimon) — Mon, 21 May 2007 00:00:00 GMT

I was crawling my way through the series of tubes that is the internet, when I ran into this news article. It seems a certain large financial institution's consumers were hit by a banking Trojan. This financial institution had deployed tokens to all its online banking customers, but the Trojan managed to bypass this protection by combining two fraud techniques: Pharming and man-in-the-middle (MITM).

Author Correction

blog@rsa.com (Blog Editors) — Mon, 21 May 2007 00:00:00 GMT

The blog entry from Monday, May 21 by Uriel Maimon was originally published as the work of another RSA blogger. Our apologies for the mistake.

Speaking of Security Podcast #62

blog@rsa.com (Podcast Producers) — Mon, 14 May 2007 00:00:00 GMT

Click here to listen/download (10:21).

Paul Joyal checks in with our man in Washington, blogger Shannon Kellogg, about the doings on the hill as well. EMC encourages all amateur movie-makers to enter You-Tube-like shorts for Inforati Video Awards (IVA) contest. The best entries in three categories will earn prizes (not to mention fame and bragging rights) for their creators, with the winners announced at EMC World in Orlando May 21-24.

Speaking of Security Podcast #61

blog@rsa.com (Podcast Producers) — Mon, 07 May 2007 00:00:00 GMT

Click here to listen/download (07:24).

Security Information and Event Management (SIEM) is an increasingly hot topic across the Enterprise and is something RSA considers as one of the core foundations for its information-centric approach to security. Matt Buckley speaks with Nick Selby, Senior Analyst and Director of the Enterprise Security Practice for The 451 Group about SIEM in this week's podcast. (Neither Nick Selby nor The 451 Group has been directly compensated for Mr. Selby's participation in this recording.)

President's ID Theft Task Force issues strategic plan -- does it go far enough?

blog@rsa.com (Shannon Kellogg) — Wed, 02 May 2007 00:00:00 GMT

The President's Identity Theft Task Force released Combating Identity Theft: A Strategic Plan on April 23rd in Washington, D.C. The Task Force, which is co-chaired by U.S. Attorney General Alberto Gonzales and Federal Trade Commission (FTC) Chairman Deborah Majoras, was established by an executive order from President Bush in May 2006. Attorney General Gonzales and Chairman Majoras released the plan in coordination with a national FTC forum on identity protection and authentication issues: Proof Positive -- New Directions for ID Authentication.

Speaking of Security Podcast #60

blog@rsa.com (Podcast Producers) — Mon, 30 Apr 2007 00:00:00 GMT

Click here to listen/download 11:13).

Jonathan Young, EarthLink's VP of Security Software, Subscription and Services, talks about expanding anti-phishing protection services for its customers. We also hear from Diana Kelley, VP and Service Director, Burton Group, about the PCI Data Security Standard and how businesses are responding to this "cookbook" of guidance. She also takes part in RSA's 5-part PCI Perspectives 2007 Web Seminar Series this week.

Speaking of Security Podcast #59

blog@rsa.com (Podcast Producers) — Mon, 23 Apr 2007 00:00:00 GMT

Click here to listen/download (10:00).

Last week's U.S. Federal Income Tax Returns were due and with that deadline we've seen an increase in phishing attacks by fraudsters on unsuspecting filers. Paul Joyal speaks with Jens Hinrichsen, Product Marketing Manager, RSA, The Security Division of EMC, about this and other prevalent crimeware threats that are proliferating our inboxes, web browsers, and telephones.

Speaking of Security Podcast #58

blog@rsa.com (Podcast Producers) — Mon, 16 Apr 2007 00:00:00 GMT

Click here to listen/download (06:44).

Created by the major payment card brands, the Payment Card Industry Data Security Standard (PCI DSS) is global in scope, and designed to ensure the security of consumer credit card data throughout the information lifecycle. Recently, an RSA survey asked businesses for opinions on issues related to PCI DSS including rates of compliance, perceptions of the standard, and motivations and challenges in meeting the PCI DSS requirements and we discuss the findings with RSA’s Dave Howell, PCI Solutions Marketing Manager, in this week’s podcast.

Speaking of Security Podcast #57

blog@rsa.com (Podcast Producers) — Mon, 09 Apr 2007 00:00:00 GMT

Click here to listen/download (09:18).

The 6th Annual Smart Cards in Government Conference takes place this week in Washington, D.C. We speak with Cathy Medich from the sponsoring organization, Smart Card Alliance, about how FIPS 201 PIV (Personal Identity Verification) Cards are being used for both physical and logical access. Peter Beardmore of RSA also shares some information about how different agencies' HSPD-12 deployments are being handled.

Speaking of Security Podcast #56

blog@rsa.com (Podcast Producers) — Mon, 02 Apr 2007 00:00:00 GMT

Click here to listen/download (09:57). Information security is an ever-changing and evolving industry and those of us who work in it sometimes have trouble feeling "secure" in our career choice. This week, Mike Murray www.episteme.ca, a security blogger, podcaster, and writer www.forgettheparachute.com, speaks with Paul Joyal about this--and other security-related topics.

Can Congress Help Stop Identity Theft?

blog@rsa.com (Shannon Kellogg) — Wed, 28 Mar 2007 00:00:00 GMT

If you read Ira Winkler's March 26, 2007 op-ed at Computerworld.com the resounding answer appears to be a 'yes'. Winkler seems to say that all Congress has to do is pass legislation that includes very specific requirements aimed at current threats in cyberspace (primarily Botnets); that Congress should make ISPs "knock bot PCs off their networks"; and that others should take certain steps. He also argues that Congress should "...Make end users liable if losses are incurred as a result of outdated security software."

Speaking of Security Podcast #55

blog@rsa.com (Podcast Producers) — Mon, 26 Mar 2007 00:00:00 GMT

Click here to listen/download (06:04).

Steve Dolnack is a Security Practice Manager for MTM Technologies, a leading provider of innovative IT solutions and services based in Stamford, CT. Steve speaks with Paul Joyal about using SIEM (Security Information Event Managerment) to aggregate massive amounts of network and security data while improving visibility into networks for compliance reporting, security forensics, and more.

Building the Security "In" is the Way to Go

blog@rsa.com (Chris Parkerson) — Sun, 25 Mar 2007 00:00:00 GMT

Last week, Seagate Technology announced that it had begun shipping disk drives with built-in encryption technology for data stored on its disks. Such an implementation ends up transparent to the end user because it takes advantage of advances in encryption hardware to encrypt and decrypt information "on-the-fly" - which means that it is done while written and read from the disk...

Speaking of Security Podcast #54

blog@rsa.com (Podcast Producers) — Mon, 19 Mar 2007 00:00:00 GMT

Click here to listen/download (08:53).

What are some of the key strategies and solutions available that address corporate concerns and enable organizations to protect confidential data from unintended exposure? Paul Joyal interviews Security Analyst Jon Oltsik of Enterprise Strategy Group to get some answers. You may also catch Jon on an RSA Web Seminar: Real-World Strategies for Protecting Your Data for more helpful information.