Blog: RSA Point of View

Uniquely linking business context with security incidents to help organizations manage risk & protect what matters most.

  • 9/19/2017 - Top 5 Authentication Trends in 2017 The increased popularity of enterprise mobile applications only heightens the need for a consumer-simple experience—one that provides access control commensurate with the risk of a given transaction. MFA, SSO, authentication standards, biometrics and smartphones will each continue to play a role as the market moves toward risk-aware authentication.
  • 9/18/2017 - In the Wake of Recent Breach It’s Time to Revisit Your Fraud Strategy In light of the recent mega breach, where over 143 million U.S. citizens were impacted, it is critical for organizations to pause for a moment and reflect on critical steps they must immediately focus on to align information security and fraud strategies to mitigate risk.
  • 9/12/2017 - Yin and Yang: Two Views on IAM - Security vs. Convenience Debate: When looking at the identity risk vector and the constant attack level capabilities advancing every day, it may be time that we strike a balance more towards caution than convenience. Or do we find ways to balance security and convenience by leveraging risk and context to eliminate the friction that added security can create?
  • 9/12/2017 - 7 Steps to a GRC Risk Management Framework-7: Provide Visibility This last step in the process involves providing visibility into and reporting on risk. Remember, in creating the framework, you’re examining business processes and outcomes that can introduce risk to the organization. For business leaders to make informed decisions to manage that risk, they need easily visualized, timely information about it.
  • 9/5/2017 - 7 Steps to a GRC Risk Management Framework – 6: Enterprise Risks & Controls Enterprise-wide documentation is a vital step because if you want to exert control over activities that create risk—such as unauthorized persons accessing information categorized as important and at risk—you have to be able to identify those activities. And documenting information-related business processes is how you do that.
  • 8/31/2017 - TLS Security and Data Center Monitoring: Searching for a Path Forward Protocols are evolving to meet the demands of the future. We must continue to strengthen the security of these protocols to keep pace with the threat landscape. As such, Transport Layer Security (TLS) 1.3 has been designed to be more secure in order to prevent the interception of sessions over the Internet.
  • 8/29/2017 - 7 Steps to a GRC Risk Management Framework-5: Residual Risk Of the many challenges managing information risk, perhaps the greatest is knowing where to focus risk management resources. If you don’t have a clear understanding of the risk associated with the information in your organization, you may end up misdirecting scarce resources.
  • 8/15/2017 - 7 Steps to a GRC Risk Management Framework-3: Assess Risk We’ve talked in this space about the seven steps to building a risk management framework for information, starting with identifying information to protect and determining the characteristics of that information. In step three we assess the inherent risk associated with the information.
  • 8/14/2017 - Demystifying the Black Box of Machine Learning Nowadays, it is common to use machine learning to detect online fraud. In fact, machine learning is everywhere. Due to its independent nature and human-like intelligence qualities, machine learning does, at times, seem like an inexplicable “black box.” But truth be told, machine learning doesn’t have to be like that. Here is what you should know if you decide to give “computers the ability to learn without being explicitly programmed.”
  • 8/9/2017 - Skills Shortage: The Intelligent Application of Force Multipliers Many organizations struggle to staff and maintain security operation teams due to a serious shortage of skilled security analysts. The struggle isn’t just about filling open roles; it is equally hard to drive the needed productivity of the resources already in house to make sure the alert that matters doesn’t go unnoticed.