The 2015 RSA Conference provides security professionals access to myriad keynotes, educational sessions and solutions for today’s cybersecurity risks. Whether you’re headed to San Francisco for the conference April 20-24 or you’re observing cybersecurity trends from your office, here is a sampling of some of the trends, products and services showcased at this year’s event.
Keep Up to Date with the Latest Cybersecurity Compliance Challenges
This online cybersecurity tool features information on cybersecurity-related mandates and regulatory risk, providing instant online access to critical information about cybersecurity laws, regulations and generally accepted standards in 23 key markets in the Americas, Asia-Pacific, Europe and the Middle East, as well as four sectors in the U.S.
The tool, CyberTrak from Blue Edge Lab and the Internet Security Alliance, provides brief summaries of requirements and assessments on enforcement risk and the degree of activity in the requirement. CyberTrak is designed to help General Counsels, CIOs, CISOs, security leaders, risk officers and legal, technology, IT and procurement departments of multinational enterprises make better risk management decisions and to reduce the expenses of keeping up with changing regulatory requirements. This enables security leaders stay informed about cybersecurity in a cost-effective way, leaving more resources for other aspects of a strong cybersecurity program.
The tool will be updated three times per year, with interim updates when major changes occur. CyberTrak offers guidance in key areas, including regional cybersecurity and data security requirements in major economies around the world, restrictions on monitoring and on deployment of security technology, and protocols for notifying regulators and individuals of a hacking incident of a loss of data.
Learn more about CyberTrak at www.BlueEdgeLab.com
Leverage Your IT Infrastructure to Support IP-Based Access Control
Does your current physical access control system leverage network hardware technology without utilizing your enterprise’s IT infrastructure? If so, it could be missing a chance to benefit from existing security services and cybersecurity protections. Viscount’s Freedom IP-based building security system enables security leaders to use the significant security and power of existing IT infrastructure to manage the data these networked systems are using to provide electronic access control.
Microcomputers, such as those in IP-based access control readers, are often left outside the protection of IT departments, which creates vulnerabilities for hackers to exploit. The Freedom system is a next-generation PACS (physical access control system) architecture, which is IT-centric for computing and networking functionality, as well as infrastructure management functionality and network/cybersecurity.
The Freedom architecture provides a path for IT and security professionals to connect and improve enterprise system security together. The IT team can better understand security technology and processes, helping with future adoptions and assisting CSOs to integrate current and new technologies with other business systems to create value.
Learn more about this system and PACS architecture at Viscount.com
Protects Sensitive Emailed Data Automatically
Mission-critical or sensitive information is the lifeblood of an enterprise, but keeping it protected in the electronic age is a challenge. TITUS’s Classification Suite 4 – to be released April 21 at RSA 2015 – identifies and protects an enterprise’s information assets using data classification and fine-grained policy control to help gain control over unstructured data.
This system promotes a culture of security, mitigates risk and enables secure collaboration by combining user engagement with guided and automated protection. Customizable alerts in this suite warn users of special information handling considerations or possible impending security violations based on the content of their emails or documents to be sent. The suite also offers a new flexible policy capability that can make complex decisions by comparing multiple factors in a message, including the author, the information, the recipients and more. So, for instance, if an HR employee is attempting to send potentially sensitive employee records to someone outside his or her department, it could raise an alert.
The new version also enables security leaders to set up policies to 1) classify email based on recipients; 2) protect email based on the content or classification of attachments; 3) classify and protect documents based on content, file name or location; and 4) prevent printing of sensitive documents to non-secure printers.
Find out more about this system at Titus.com
Focus on Highest Risk Vulnerabilities
The Frontline Vulnerability Manager from Digital Defense, Inc. provides advanced network endpoint correlations to offer accuracy from scan to scan in order to save organizations valuable time and resources by facilitating security professionals to identify and focus on critical vulnerabilities that pose the highest risk. The system is underpinned by a patented scanning technology that is context aware, which enables the identification of critical flaws that are not detected by other scanning engines.
Instead of delivering mountains of data on vulnerabilities, this system streamlines the project management of analysis and remediation. Digital Defense, Inc.’s Security GPA product allows users to quickly discern their security posture and evaluate historical data from scan to scan to see differences and develop metrics to show the C-Suite.
The new version is mobile-friendly, and can be accessed via browsers, tablets and mobile devices.
Learn more about this system at www.ddifrontline.com
Advance Your Cybersecurity Skills and Knowledge
More than 92 percent of organizations hiring cybersecurity professionals this year say it will be difficult to find skilled candidates, according to a new study by global IT association ISACA. In response to this shortage, ISACA is launching a new online course through its Cybersecurity Nexus called “Cybersecurity Fundamentals.”
The course will cover cybersecurity principles, information security within lifecycle management, risks and vulnerabilities, incident response and more.
The course is designed for individuals with zero to three years of cybersecurity experience, and it helps learners prepare for the ISACA Cybersecurity Fundamentals exam and to earn the Cybersecurity Fundamentals Certificate, which is a knowledge-based certificate aligned with NIST’s National Initiative for Cybersecurity Education (NICE).
According to Robert E. Stroud, CGEIT, CRISC, international president of ISACA and vice president of strategy and innovation at CA Technologies: “Course participants will gain key insights into cybersecurity and the integral role of cybersecurity professionals. The interactive, self-guided format provides a dynamic learning experience where users can explore foundational cybersecurity principles, security architecture, risk management, attacks, incidents, and emerging IT and IS technologies.”
Learn more about the course at www.isaca.com/cyber
SIDEBAR: The New Tough Tightrope – Mobility, Usability and Cost
By Anna Zetterholm, Marketing Manager for Keypasco
The Information Age has offered us a world of opportunities along its evolution, but as the accessibility of information has grown in high speed it has created a double-edged sword. With opportunities comes risk, and cybercrime continues to increase and drive the industry to constantly seek innovation to secure users. Further complicating this are the driving factors of the end users, which are more in line with usability without many thoughts about security.
This driver is the strongest force behind the move from traditional security-equipped desktop to the less secure mobile devices, and what the latest trends have shown is that mobility is here to stay.
According to Gartner the market trend of mobility is very strong, and by 2020 we will have 7.3 billion smartphones, tablets and laptops in the world and 26 billion connected items through the Internet of Things. This creates a security dilemma.
The combination of security limitations within mobility and the users wish for usability has pushed service providers to explore mobility options, such as eBanking, eCommerce, online gaming etc.
Mobility is a revolution in flexibility, and the only way to secure mobility is to sculpt security in the same mold! A user should be able to do what they want, no matter if that means checking a bank statement in the check-out line or send a private message to your friend, and the service provider should be able to keep the investment and on-going costs to a minimum while employing a solution that rapidly adjusts to new emerging threats. This is the only way for security to move as the market is.