<![CDATA[Speaking of Security, the RSA Blog and Podcast]]>

<![CDATA[Speaking of Security, the RSA Blog and Podcast]]> http://securityratty.com/feed/73a24756d7d098fdcb3f142f0c1f240f Tue, 12 Aug 2008 20:00:00 +0000 iRatty Engine http://blogs.law.harvard.edu/tech/rss <![CDATA[What's Going on Between Asprox and Rock Phish? ]]> http://securityratty.com/article/fc95ce7833adc3cdfb7b5c321e80348a http://securityratty.com/article/fc95ce7833adc3cdfb7b5c321e80348a Fast-Flux botnet. We also believe that this new infrastructure belongs to none other than the infamous Asprox Botnet, which has recently been spreading itself using surges of SQL injection attacks... ]]> Wed, 03 Sep 2008 20:00:00 +0000 rock phish gang gang decides rock phish gang infrastructure botnet infrastructure infrastructure belongs infamous asprox botnet decides What's Going on Between Asprox and Rock Phish? <![CDATA[Southeast Asia: Perspectives on Compliance]]> http://securityratty.com/article/1d2c3bbf31f4585ba5c55859718231a5 http://securityratty.com/article/1d2c3bbf31f4585ba5c55859718231a5 I found the degree to which customers in the region were concerned about compliance to be a bit of a surprise. I say 'surprise' because I often hear that compliance isn't as much of an issue outside of the U.S. From what we're seeing, though, the regulatory environment in non-U.S. geos, including Southeast Asia, is becoming more complicated...]]> Tue, 02 Sep 2008 20:00:00 +0000 compliance southeast asia local sales teams week-long trip week past weekend surprise back-to-back meetings region Southeast Asia: Perspectives on Compliance <![CDATA[Planning for a new year]]> http://securityratty.com/article/53eb51a004ab3e2477c2c3559dd8fb20 http://securityratty.com/article/53eb51a004ab3e2477c2c3559dd8fb20 Organizations are realizing that they need to discover, manage and control their information assets in order to protect them...]]> Tue, 02 Sep 2008 20:00:00 +0000 compliance program based compliance team industry segment compliance programs information assets core pillars security perfect opportunity october Planning for a new year <![CDATA[ISO 27001 Adoption Poll Results are In]]> http://securityratty.com/article/fc09764886f19fc2d529d52d8b214dbe http://securityratty.com/article/fc09764886f19fc2d529d52d8b214dbe a piece discussing the "long road to ISO 27001" adoption. A question posed to readers at the end of the piece: "How far off are we from the point at which ISO 27001 certifications in the U.S. are standard operating procedure for businesses -- the exception, rather than the rule?"

Well, the results are in! Our servers nearly crashed thanks to the influx of responses, but, fortunately, that wasn't the case. Here are the results...]]> Thu, 28 Aug 2008 05:00:00 +0000 iso results piece question posed adoption weeks ago standard rule influx ISO 27001 Adoption Poll Results are In <![CDATA[If there were gold medals for Data Leakage...]]> http://securityratty.com/article/9ec180dabd953b9e40bf780ac4cd7485 http://securityratty.com/article/9ec180dabd953b9e40bf780ac4cd7485 aqualung by now! If it were an Olympic sport, Britain would have beaten China for pole position in the medals table!

It all started with the loss of a memory stick by a UK Government contractor which contained somewhere around 120,000 records, including the details of 10,000 of our nation's most serious criminals. We then heard about a compromise at global hotel chain Best Western...]]> Wed, 27 Aug 2008 20:00:00 +0000 global hotel chain olympic sport summer vacation pole position data government contractor medals table memory stick nation If there were gold medals for Data Leakage... <![CDATA[Speaking of Security Podcast #119]]> http://securityratty.com/article/9889880c87bd6f2858883a0c1c40e50b http://securityratty.com/article/9889880c87bd6f2858883a0c1c40e50b Click to Download/Listen (06:46)

Paul Davilman from RSA’s Compliance and Solutions team sits down with Amanda Van Veen to talk about the North American Electric Reliability Corporation (NERC) Cyber Security Standards and how these standards will impact IT security in the utility industries. Please note that due to the U.S. Labor Day holiday, we'll be back in two weeks (on September 8) with a new show.

]]> Sun, 24 Aug 2008 20:00:00 +0000 security cyber security standards standards labor day holiday solutions team sits utility industries amanda van rsas compliance paul davilman Speaking of Security Podcast #119 <![CDATA[PCI Compliance: Reaction to the Summary of Changes]]> http://securityratty.com/article/ddeefb896f6d234b28dddac20a55a9c5 http://securityratty.com/article/ddeefb896f6d234b28dddac20a55a9c5 http://www.pcisecuritystandards.org/pdfs/08-18-08_2.pdf) forthcoming changes to the Payment Card Industry's Data Security Standard (PCI DSS) as it moves from version 1.1 to version 1.2 in October 2008. The release represents the first major update since September 2006.

What's my take on the summary of changes? Most merchants will be pleased to see that these are relatively minor changes...]]> Mon, 18 Aug 2008 20:00:00 +0000 payment card industry data security standard release represents version pci dss summary october pdf minor PCI Compliance: Reaction to the Summary of Changes <![CDATA[Information risk management, and lessons-learned in the financial industry]]> http://securityratty.com/article/b9c42d81e576cf16cdd8e7f1696edbc9 http://securityratty.com/article/b9c42d81e576cf16cdd8e7f1696edbc9 Economist had a good article entitled "Confessions of a Risk Manager", in which a risk manager from a global bank uses 20-20 hindsight to look at "what went wrong" in the lead-up to the credit crunch and the ensuing fallout. I won't pretend to understand all the ins and outs of financial derivatives, but there were some points raised that anyone in the IT security space can identify with...]]> Mon, 18 Aug 2008 20:00:00 +0000 information risk management financial industry risk manager financial derivatives credit crunch security space global bank pretend lead-up Information risk management, and lessons-learned in the financial industry <![CDATA[Speaking of Security Podcast #118]]> http://securityratty.com/article/fb67ff3ce1f2b335b3f648a50bd31bd9 http://securityratty.com/article/fb67ff3ce1f2b335b3f648a50bd31bd9 Click to Download/Listen (11:27)

This week, Amanda Van Veen speaks with analyst Rod Nelsestuen from the TowerGroup. Rod covers key issues affecting several financial industry segments including emerging markets and trend, security, and risk management matters and in this segment, talks with Amanda about the evolution of business continuity planning and security’s increasing role.

]]> Sun, 17 Aug 2008 20:00:00 +0000 risk management matters financial industry segments amanda van amanda analyst rod business continuity security markets talks Speaking of Security Podcast #118 <![CDATA[Addressing NERC Cyber Security Standards Using a Frameworks-Based Approach]]> http://securityratty.com/article/adf577a5e402094355f94e59576db638 http://securityratty.com/article/adf577a5e402094355f94e59576db638 http://www.nerc.com/files/CIP-002-1.pdf) are applicable only in the US, I think there's no doubt that cyber security is fast becoming a major concern of electric utility companies worldwide. In addition, other US critical infrastructure industry segments, such as water and chemical companies are also coming under increasing federal pressure to improve their own cyber-security efforts. Still, the NERC Cyber-Security standards have been criticized for being too ambiguous, providing little in the way of guidance, as well as for leaving loopholes for utility companies to beat the rules... ]]> Tue, 12 Aug 2008 20:00:00 +0000 nerc nerc cyber-security standards cyber security utility companies federal pressure chemical companies major concern cyber-security efforts guidance Addressing NERC Cyber Security Standards Using a Frameworks-Based Approach