Government and businesses – and individuals – often have competing priorities when it comes to information security and privacy, and those competing priorities are reflected in the multitude of ever-expanding compliance regulations in the U.S. IT pros are struggling to maintain compliance in light of these competing priorities and, from my vantage point sitting in on GRC sessions at RSA Conference 2012 this week, they are pretty stressed out.
Unfortunately, panelists speaking about hot topics in law and compliance at RSA Conference 2012 appeared to have little hope for a resolution to the tension anytime soon.
Panelist Benjamin T. Wilson, general counsel and senior vice president of industry relations for SSL certificate authority DigiCert Inc., called the tension between government and individuals/businesses a “megatrend” that’s overriding the compliance regulations being written or modified in 2012. Regulators are torn between individuals and businesses: each want access to all kinds of information, but also want all their own information kept private.
Add in the many and varied regulations of other countries, who are themselves attempting to regulate how data is stored or transmitted, and the job of compliance manager becomes that much more difficult.
Today’s compliance and risk managers are riding the uncomfortable megatrend of tension between access to data and protection of data. Is it a thankless job?
by Lee J
The wait is over, Paragon releases Hard Disk Manager 12
These include US Navy, British HMG Infosec, Gutmann's and Shneier's. Paragon Hard Disk Manager 12 Suite and Paragon Hard Disk Manager 12 Pro are both available as function-limited 30-day trials for PCs running Windows XP or later.
New Paragon Hard Disk Manager 12
NEW PARAGON HARD DISK MANAGER 12 – THE MOST ESSENTIAL TOOL FOR PC USERS WHO ...
ISWec 2012 At PWTC On March 21-22
... Mansor is scheduled to open the two-day event which will be organised by JFPS Group, a leading business performance enhancement company with affiliated partners worldwide. ISWec 2012 will be held simultaneously with the InfoSec Asia 2012 Conference.
RSA 2012: Stress and burnout in infosec careers
But finding support and information on dealing with info sec career burnout is difficult because resources and knowledge are scant. "If you do a Google search for info sec burnout, you'll find nothing," said KC Yerrid, an information security and ...
by Marcia Savage
Microsoft’s Azure cloud service suffered a worldwide outage that started Tuesday and was apparently triggered by a timing miscalculation for the leap year. The company was continuing to work on Wednesday to resolve the Azure outage, which continued to affect some customers.
Microsoft said it became aware of an issue impacting the service management component of Azure at 5:45 p.m. Pacific Time on Tuesday.
“The issue was quickly triaged and it was determined to be caused by a software bug. While final root cause analysis is in progress, this issue appears to be due to a time calculation that was incorrect for the leap year,” Bill Laing, leader of the Azure engineering team, wrote in a blog post.
Microsoft created a fix and deployed it to most of the Windows Azure sub-regions, which restored the Azure service to most customers by 2:57 a.m. PST on Wednesday, he said.
“However, some sub-regions and customers are still experiencing issues, and as a result of these issues they may be experiencing a loss of application functionality. We are actively working to address these remaining issues,” he said.
In an email statement, a Microsoft spokesperson said some customers in three sub-regions – north central U.S., south central U.S. and North Europe – remained affected late Wednesday afternoon. Customers might have issues with Access Control 2.0, Marketplace, Service Bus and the Access Control & Caching Portal, which could result in loss of application functionality, the spokesperson said.
Windows Azure Storage was not impacted, according to Microsoft.
by Michael S. Mimoso
RSA Conference 2012 feels like a big ol’ group therapy session. Small circles of friends, larger circles of industry peers, huddled masses freeing themselves of a collective weight on their shoulders. No longer do they have to lie to themselves, their colleagues or bosses. “Hi, I’m Joe Security and I’m pwned!” They’ve come to grips with the fact that it’s OK to say security technologies suck, networks are compromised and attackers are winning.
OK, that last part has always been part of the dialogue. But the other two have only been whispered in the past. Now it’s being shouted at networking events and even from the big keynote pulpit here in San Francisco. Legacy investments in signature-based antivirus, intrusion detection and other detection technologies don’t serve the industry as well as they used to. Signature updates can’t keep up with the evolution of malware. And most attacks are too targeted or too stealthy, or both, to warrant signatures for the masses. It doesn’t work anymore and everyone’s free to say it without repercussion.
Granted, Art Coviello, RSA Security’s chief executive, has a vested interest in shouting it the loudest, but he made a good, encapsulating point during his keynote yesterday: “We have to stop being linear thinkers, blindly adding new controls on top of failed models. We need to recognize, once and for all, that perimeter-based defenses and signature-based technologies are past their freshness dates, and acknowledge that our networks will be penetrated. We should no longer be surprised by this.”
There’s a lot of whispering now about bringing big data concepts to security. Your resume had better soon include some business analytics experience if you wanna be tomorrow’s CISO. You’d also better figure out how to harness all that data your security gear spits out and learn how to baseline “normal” network behavior and address anomalies. And oh yeah, you better know how to talk to your executives about security.
Selling them your initiatives based on fear is so five years ago. You better learn your business, how it makes money, and how to deliver metrics that address not only bottom-line impact, but how the customer experience is affected, how internal processes need to reflect security and how you’re articulating security to the company to turn everyone into an advocate for you.
Journalists and analysts like tipping points and landmarks because it makes it easier for us to articulate our stories to readers. Most of the time those tipping points and landmarks are made up; not this time though. There’s a definite change in the air and some tangible direction for the industry. Let’s see how we did about this time next year.
Posted by InfoSec News on Mar 01http://www.informationweek.com/news/security/attacks/232601726
Posted by InfoSec News on Mar 01http://www.networkworld.com/news/2012/022812-mantech-hbgary-256748.html
Posted by InfoSec News on Mar 01Forwarded from: DeepSec Conference <deepsec (at) deepsec.net>
Posted by InfoSec News on Mar 01http://news.cnet.com/8301-1009_3-57388136-83/space-station-control-codes-on-stolen-nasa-laptop/
Posted by InfoSec News on Mar 01http://www.bankinfosecurity.com/articles.php?art_id=4541