Welcome to Collaborative Strategy Guild Where insights are transformed into actions at the intersection of collaboration, information management, security, and business strategy.
|
It is no surprise that EMC has acquired Netwitness. Looks like they are serious about this security stuff 
Here is a list of EMC / RSA acquisitions through the years, for your historical enjoyment:
- July, 2001 RSA Security acquires Securant
- March, 2006 EMC acquires Authentica
- April, 2006 RSA Security acquires PassMark
- June, 2006 EMC acquires RSA Security
- September, 2006 EMC acquires Network Intelligence
- February, 2007 EMC acquires Valyd
- June, 2007 EMC acquires Verid
- August, 2007 RSA Security acquires Tablus
- May, 2009 EMC acquires ConfigureSoft
- January, 2010 EMC acquires Archer Technologies
- April, 2011 EMC acquires Netwitness
Continue reading: EMC (RSA) Acquires Netwitness
Mike Rothman of Securosis stirs things up a bit with his “Risk Metrics are Crap” post. This type of exercise forces participants to make public commitments. In itself, this is not a huge deal since many positions of those in our space are relatively well documented already, however, anyone familiar with Cialdini knows that commitment serves to reinforce positions and not promote compromise or learning. Not surprisingly, nobody changed sides. In fact, nobody moved an inch (or maybe that’s a “teeny-tiny bit” for those quant-averse participants).
More importantly, nobody is budging because there is nothing new here. Mike simply took semi-random potshots at risk quantification, used a lot of potty language and then sat back. Perhaps the most… Continue reading: Attention InfoSec Pros: measuring risk is in your future
(is that title the proper English spelling of two kids disagreeing? who knows…)
Andrew Gelman’s enlightening blog points to a great example how scientific research helps us get smarter. He excerpts:
Three articles published [by Brett Pelham et al.] have shown that a disproportionate share of people choose spouses, places to live, and occupations with names similar to their own. These findings, interpreted as evidence of implicit egotism, are included in most modern social psychology textbooks and many university courses. The current article successfully replicates the original findings but shows that they are most likely caused by a combination of cohort, geographic, and ethnic confounds as well as reverse causality.
[Unfortunately, the entire original appears to be behind a paywall.]
The studies… Continue reading: Nuh, uh; Yuh, huh
At what point did you begin to recognize that the world is much more complex than you think and that humans are even more complex than that? Eric Butler shows a kind of youthful ignorance that would be admirable if it weren’t destructive. To say, “I reject the notion that something like Firesheep turns otherwise innocent people evil” is such an oversimplification it doesn’t leave much to argue with. I mean people are either innocent or evil. That’s simple. Of course, since nobody is innocent, that makes us all… well, you get the picture.
What that statement really is, is a copout. As if he believes the 500+ thousand people downloading Firesheep are all innocent. It is recognition of the power… Continue reading: Firesheep makes us all evil
Michael Janke at Last In, First Out is rightly concerned about the respective run rates of the vulnerability creation process and our ability to fix them individually. He asks the question “Are we creating new vulnerabilities faster than we are fixing old ones?” after providing a list of publicly disclosed vulnerabilities from various time periods.
I am not clear whether this list of disclosed vulnerabilities is intended to represent vulnerabilities created or fixed (it is neither), but it certainly does its job in highlighting the problem. It is worth first understanding that vulnerabilities can exist in various states after creation – undiscovered/discovered; undisclosed/disclosed (publicly); and unfixed/fixed, giving us 8 different possible state combinations (though 2 are… Continue reading: Vulnerability Creation vs. Discovery vs. Fix
|
|
