A recent research paper that raised questions about the efficacy of RSA public-private key cryptography shouldn't alarm IT security practitioners, says Eugene Spafford of Purdue University. Here's why.
IT security practitioners who employ the RSA public-private key cryptography needn't lose sleep about its efficacy, despite new research that raises questions on how it creates large prime numbers to generate secret keys, IT security authority Gene Spafford says.
RSA Chief Technologist Sam Curry defends the company's approach to public-key cryptography after researchers suggest a flaw in its encryption algorithm, contending the problem exists elsewhere in the security chain.
Smart phones, laptops, tablet PCs, optical discs and USB devices. There are many new mobile devices and emerging technologies to help today's professionals do their jobs in any location - and increasingly private business is being conducted on personal digital and storage devices. Yet, these technologies create new...
"It should provide fuel for anyone calling for data breach legislation to include criminal sanctions ...," says Neal O'Farrell of the Identity Theft Council. "This was nothing short of a clumsy cover-up."
"With a company-issued device, you can issue a policy that says users have no rights of privacy over information on the device," says Javelin's Tom Wills. But with employee-owned devices? A whole new set of issues.
In order to comply with regulatory obligations all financial organizations should encrypt sensitive and confidential data anywhere it might be found or sent. But the ROI is not just compliance. Encryption can not only provide a solid defense against data breaches, but it can generate a positive return and create new...
Though IT business application functions and security-focused practices are expected to be integrated as a single process, secure configuration is the management and control of configurations for information systems to enable security and facilitate the management of information security risk.