RSA, The Security Division of EMC, is the premier provider of security, risk and compliance solutions, helping the world’s leading organizations succeed by solving their most complex and sensitive security challenges. Every year RSA host a conference for the security industry, presenting the latest research, findings, treats and challenges of the internet. Here’s a collection of this years headlines, as they were published during the conference in San Fransisco last week.
“Attackers are using malware samples that researchers have never seen before — and will never see again — to successfully steal data from unsuspecting organizations, governments and individuals.”
RSA, The Security Division of EMC
RSA fraud prevention solutions reduce the risk of fraud and identity theft by assuring user identities, monitoring for high-risk activities and mitigating the damage caused by external threats such as phishing, pharming, Trojans and other cyber threats. The key words of 2011 is “cloud computing;” “phishing,” “smart grids” and “espionage.”
The Top Story:
Cloud computing contracts: tread carefully
RSA panel offers advice on legal considerations for organizations entering cloud service provider contracts.
Collaboration crucial for fighting phishing techniques
Phishing’s not going away any time soon, but clear communication and cooperation between organizations sending emails to their customers and the web mail providers that filter those emails can help cut down on the number of phishing attempts that hit in boxes, said a panel at RSA Conference 2011.
McAfee-Wind River partnership to foster mobile, embedded system security
The deal will put McAfee’s ePolicy Orchestrator agent inside Wind River’s embedded operating systems, enabling enterprises to boost embedded system security to non-traditional endpoints.
RSA attendees skeptical about cloud service provider security
Attendees at the RSA Conference 2011 said cloud computing is good for certain business applications, but they’re leery of putting sensitive applications, such as those used in health care or education, in the cloud.
Smart grid security issues hinge on infosec, operator teamwork
Bridging the chasm between information security and utility infrastructure teams is the only way to solve smart grid security issues. Fortunately, NERC CIP compliance is forcing change.
Cloud computing compliance: Visibility key
Transparency is essential for security and compliance when working with cloud services providers, RSA panelists say.
APT detection, prevention are hard, but possible
A panel at RSA 2011 explains the organization and methodology behind targeted persistent attacks and what organizations can do to detect and respond to APT.
Unique attacks highlight Internet espionage trends
Attackers are using malware samples that researchers have never seen before — and will never see again — to successfully steal data from unsuspecting organizations, governments and individuals.
Survey reveals skills needed in IT security pros
A survey by certification firm (ISC)2 found a need for IT security professionals to improve application development processes and expertise to weigh cloud computing risks.
RSA panel debates cyberwar definition, realities
At RSA Conference 2011, a panel of experts, including Bruce Schneier and former DHS secretary Michael Chertoff, discussed cyberwar, espionage and how the ground rules for handling such conflicts will be decided.
Move to IPv6 could help spambots churn out more spam, malware says botnet expert
Antispam measures that rely on IP blacklisting could be less effective if Internet Service Providers take the wrong approach to IPv6, said prominent malware expert Joe Stewart.
RSA 2011: Schmidt-led Town Hall confronts public-private cooperation – again
At RSA Conference 2011, a Town Hall-style meeting of government cybersecurity officials, pressed for continued public-private sector cooperation.
Kaminsky, DNSSEC deployments experts say protocol will boost security
Network security expert Dan Kaminsky touts the security improvements DNSSEC provides, but admits that it will take time for businesses and consumers to reap the benefits.
Signature-based antivirus dying, but bigger problems loom
While security pros should be concerned with the decreasing efficacy of signature-based antivirus, employee threats should warrant increasing attention.
Cloud computing contracts: Tread carefully
RSA panel offers advice on legal considerations for organizations entering cloud service provider contracts.
Microsoft security chief stumps for Internet health check system
Microsoft Vice President of Trustworthy Computing Scott Charney at the RSA Conference 2011 discussed Collective Defense, Microsoft’s proposed Internet health check system for consumer computers, and how it should be implemented not by governments and ISPs, but by enterprises.
Focus on people, not technology, cryptographer says
A prominent encryption expert at the annual cryptographer’s panel at RSA Conference 2011 said poorly implemented encryption deployments are being stymied by employee errors.
Software fraud, phony electronic parts pose serious security risks, expert says
A supply chain management expert studying ways companies can crack down on cheaply made imitation parts and software is urging software makers and manufacturers of electronic devices to develop better technologies to weed out fraudulent items.
White House CIO talks up cloud computing strategy
White House chief information officer (CIO) Vivek Kundra on Monday outlined the U.S. government’s strategy for cloud computing, a shift he said is critical in order to cut costs and improve efficiency.
Better methods needed to discover network configuration flaws
Examining firewall logs is not enough and most common network penetration tests often miss network misconfiguration issues, leaving sensitive information vulnerable to outside attackers, said a prominent network security expert.
Symantec turns to reputation security to bolster malware signatures
Symantec Corp. is adding new reputation scoring technology to its enterprise endpoint protection suite in a move security experts and analysts say will force its competitors to react by bolstering similar technologies.
Emerging theme at RSA Conference 2011 may be ‘mostly cloudy’
For the last several years, security experts and vendors at the RSA Conference have explained the risks associated with the use of cloud-based services. Far fewer have identified specific ways to protect data in the cloud. That may change at RSA Conference 2011..
Cloud computing security summit draws growing crowd
Cloud Security Alliance event expands to accommodate growing interest.
IT security career experts to dish out practical advice at RSA Conference 2011
Information security growth is fueling fierce competition among job applicants, according to Lee Kushner and Mike Murray, IT security career experts who follow the industry closely. Both career experts will be participating in an information security career development session at the RSA Conference 2011.
Security B-Sides brings its buzz back to San Francisco and RSA Conference
Security B-Sides isn’t just for big conference rejects any more. This little-conference-that-could has grown up and become a force on the information security speaking scene. Its latest incarnation springs up Monday, a day ahead of the official start of RSA Conference 2011, around the corner from the giant Moscone Center, home to the security industry’s biggest annual event.
Source: SearchSecurity.com
- Hackers Release Cloned Stuxnet Worm Online
- Egyptian Government Has Internet Kill Switch
- NASDAQ Comments On Hackers, Lack of Information
- And Here We Go: Nasdaq Stock Exchange Hacked!
- Internet Nuke Bomb Ready To Blow
- Cyber Criminals Attack Critical Water, Oil and Gas Systems
- The REAL Weapon of Mass Destruction
Related Articles:
- Cloud Computing Is Just Outsourcing, Says Forum (pcworld.com)
- Top CISO’s need to reinvent themselves to face new world challenges (luciusonsecurity.blogspot.com)
- RSA: Defining Cyberwar And Rallying Defenders (informationweek.com)
- Expert panel: As cyber security risks grow, architected protection and best practices must keep pace (zdnet.com)
Cyber Security Is Waste of Money, OECD Advisers Says
Under the pseudonym “Hugo Cornwall”,Peter Sommer published the infamous “Hacker’s Handbook” in 1985. Since then he has become a noted security researcher and expert witness. Now he has co-authored a report for the Organisation for Economic Co-operation and Development (OECD) which warns governments against swallowing wholesale stories about “cyber-war” and “cyber-weapons”.
“Governments should take a calm, disciplined approach and evaluate the risks of each type of attack very carefully rather than be swayed by scare stories.”
Peter Sommer
According to the report “Reducing Systemic Cybersecurity Risk,” published today, a true cyber-war would have the same destructive effects as a conventional war, only that it will be fought exclusively in cyberspace. However, such a war is “highly unlikely” to occur, the OECD report says.
“Governments should take a calm, disciplined approach and evaluate the risks of each type of attack very carefully rather than be swayed by scare stories,” says Peter Sommer of the London
Peter Sommer
School of Economics, one of the two authors of the just released report on cyber security.
Co-authored with computer scientist Ian Brown of the Oxford Internet Institute, UK, the report says online attacks are unlikely ever to have global significance on the scale of, say, a disease pandemic or a run on the banks.
But they say “localized misery and loss” could be caused by a successful attack on the Internets routing structure, which governments must ensure are defended with investment in cyber-security training.
Jay Abbott, security manager at the consultancy PricewaterhouseCoopers, agrees that the routing structure is indeed vulnerable, new scientist.com writes.
“Short of physically cutting the wires, it’s the best way to take down a country from the internet,” he says.
Analysis of cyber-security issues has been weakened by the lack of agreement on terminology and the use of exaggerated language, the report points out.
“Cyber-espionage is not a few keystrokes away from cyber-war, it is a method of spying,” the authors write.
Controversially, the OECD advises nations against adopting the Pentagon’s idea of setting up a military division – as it has under the auspices of the US air force‘s Space Command – to fight cyber-security threats.
“While vested interests may want to see taxpayers’ money spent on such ventures,” says Sommer, “the military can only defend its own networks, not the private-sector critical networks we all depend on for gas, water, electricity and banking.”
Here’s a copy of the report: “Reducing Systemic Cyber Security Risk”
.
.
I just have one question: Who will decide which hardware, computers and software that is “systemically important,” or not?

Related by The Swapper:
.
Related Articles:
2 Comments
Filed under International Econnomic Politics, National Economic Politics, Technology
Tagged as Computer security, Cyberwarfare, Financial Markets, Health and Environment, High Frequency Trading, Ian Brown, International Econnomic Politics, London School of Economics, Organisation for Economic Co-operation and Development, Oxford Internet Institute, PricewaterhouseCoopers, Technology, United States Air Force, Views, commentaries and opinions