The State of Security

25 Infosec Gurus Admit to their Mistakes…and What They Learned from Them

David Spark — Wed, 22 Feb 2012 16:34:30 +0000

We spoke with some of the best and brightest in security about some of the dumbest things they've ever done in security.

Risky Business at the RSA Conference

Cindy Valladares — Tue, 21 Feb 2012 16:25:42 +0000

Next week we’ll start our live coverage from the largest security conference in North America, the RSA Conference in San Francisco. Dwayne Melancon, CTO of Tripwire, will be giving a presentation titled “Risky Business”. In his presentation he’ll be talking about why it is important to connect the actions of information security groups to business [...]

Explaining Information Security, Risk and Compliance to Your Mom

Cindy Valladares — Fri, 17 Feb 2012 16:39:57 +0000

I’m sure you’ve been at a social party enjoying a good conversation when someone asks you: “So what do you do?”. It’s frustrating sometimes to explain in layman terms what we do as information security professionals. On top of that, it seems like everyone in the industry has his or her own way of defining [...]

Whether you’re going to RSA and B-Sides SF or not, we’ve got your back.

Maya Kamoshita — Thu, 16 Feb 2012 20:36:20 +0000

Top 5 things to do if you are in the ‘Yeah, I’ll be there’ boat: 1. Follow the Tripwire’s Blog Team Twitter list: RSA/BSides SF 2012. They will be live-tweeting from #RSAC and #BSidesSF sessions and parties! 2. Follow the Twitter list ‘Top 25 in Security’- full of Infosec luminaries – To see who’s on [...]

Considering PII as “Potential” Information on unique Identity

Shawna Turner-Rice — Mon, 13 Feb 2012 16:51:24 +0000

With all the conversations about Google and their privacy policy changes, as well as the ongoing conversation about how much risk the Zappos breach really offers; the concept of PII seems like a topical item for this blog post. I like to proceed like the King tells the White Rabbit: “”Begin at the beginning,” the [...]

It’s Good to be No. 2!

Kate Carson — Fri, 10 Feb 2012 19:19:55 +0000

Last Friday night, I realized a lifelong dream (no, I didn’t meet David Letterman, while I was appearing as a cast member on Saturday Night Live*)…I got to be a MASCOT! Years of stuffing myself into cardboard boxes, Halloweens spent bearing 20 lb. pumpkins atop my head, and weeks of constructing and wearing over-sized paper [...]

Online Attribution With On Demand Anonymity

Adam Montville — Thu, 09 Feb 2012 17:00:52 +0000

I have a lot of online accounts. I have two Twitter accounts (one for myself, which I use professionally – @adammontville – and one for my non-employer online presence- @stoicsecurity). I’m on LinkedIn and I have a Facebook page, which I admitedly don’t use very much any more. I have a Google+ account. I use [...]

What is the risk? (aka “Don’t overcomplicate risk modeling”)

Dwayne Melancon — Wed, 08 Feb 2012 17:26:10 +0000

I’ve been talking with a lot of companies lately about risk. Many of them want to formalize their approach to classifying systems, data, business processes, people, etc. using a more formal risk program, such as FAIR, OCTAVE, and the like. These models often seem fairly complex, and the net effect I’m seeing is that lots [...]

Why Roman Emperors are security relevant (CAESERS FE and InfoSec)

Shawna Turner-Rice — Mon, 06 Feb 2012 17:00:42 +0000

Caesar Augustus was the Roman Emperor whose legacy is what most people remember when they think of a Caesar. In particular, because as children, most of us learned that he ushered in the Pax Romana and expanded the Roman Empire a lot while creating a bunch of standards that improved the quality of life for [...]

Happy New Year! Data Breach Roundup – January 2012

Maya Kamoshita — Wed, 01 Feb 2012 18:46:46 +0000

It’s time for the January 2012 edition of the Data Breach Roundup! I’m trying out a cool new curation tool called Storify. Please let me know what you think of this format. Thanks! [View the story "Happy New Year! Data Breach Roundup - January 2012" on Storify]

Infosec and too much to do

Dwayne Melancon — Tue, 31 Jan 2012 17:59:07 +0000

One of the most common concerns I hear about from the enterprises I speak with all the time is that of having too much to do. There’s never enough [time, money, people] to go around. So, what are they doing that’s working? Today, I’ll share one method that seems to be adding value for some [...]

Safe, Dead or Lucky? (Knowing Good From Bad)

Michael Thelander — Mon, 30 Jan 2012 17:00:07 +0000

There’s a saying among North American wildlife enthusiasts that goes something like, “Red touches yellow kills a fellow. Red touches black, friend of Jack.” It’s a pleasantly singsongy warning about the similarity between King snakes and Coral snakes: Both can live in the same general area, but while one is harmless (the King snake on [...]

Experiment: Knowledge Fuels Ideas, Experience Guides

Adam Montville — Thu, 26 Jan 2012 16:26:52 +0000

When I was but a wee lad, I was given chemistry sets, electrical sets (low voltage, I promise), erector sets, and piles of books about the world and its inhabitants. Knowledge fueled ideas and experience was my guide. While I’m quite certain I didn’t have the scientific method mastered at the age of eight, I [...]

How do you eat an elephant?

Shawna Turner-Rice — Wed, 25 Jan 2012 16:15:26 +0000

If we were hoping for news related to breaches to slow down now that we were out of 2012, it looks like we’re already out of luck, even though we aren’t out of January. Seeing Symantec and Zappos in the news already this year can make those responsible for protecting their organizations feel like there’s [...]

Security-to-Business: Some translation required

Dwayne Melancon — Tue, 24 Jan 2012 16:00:50 +0000

I’ve had a lot of interest around my recent posts on how to communicate the value of information security to the business. With that in mind, I wanted to share a method used by one of the enterprises I’ve been working with. Security & the Business: The “Mars and Venus” problem In this enterprise’s past, [...]

Predictability and Visibility: The Cure for Sleepless Nights

Cindy Valladares — Mon, 23 Jan 2012 16:26:37 +0000

What makes security, risk and compliance officers sleep at night? Key factors include: visibility, predictability, optimization & business alignment.