EMC's Interpretation - “At most companies today, security projects are being driven by compliance and audit, so what a surprise that they don’t have alignment with the business! Security practitioners are not working on business problems; they are working on regulatory issues.”Now I’m not going to suggest that all regulation is unjustified and that businesses can’t profit from the level playing field that regulation can create. While effective attacks against 1024-bit RSA keys appear unlikely to emerge in the near term, the community has for some years suggested the prudence of a movement away from 1024-bit key lengths by the end of 2010. The U.S. National Institute of Standards (NIST) recommends in its special publication 800-57, "Recommendation for Key Management--Part I: General http://csrc.nist.gov/publications/nistpubs/800-57/SP800-57-Part1.pdf " (p. 66), that 1024-bit RSA be used to confer data protection only through 2010. Similarly, in May 2003, RSA Labs publishe...

We strive to focus on architectures, methodologies, best practices and the latest technologies designed for proactive strategies that can be used for reducing the IT security risks and meeting the new security challenges. Well, I decided to write this blog inspired by Gartner's information security model. Infrastructure Protection The technology infrastructure is a fundamental to security and it must be fundamentally secure. Enterprises must prevent and limit damage to their business operations by deploying policies, processes, and technologies to detect and block attacks – both internal and external. We endeavour to minimize the vulnerabilities that enable attacks. The enterprise threat environment is changing rapidly, as are the approaches, applications, and technologies enterprises use to engage customers and partners. Therefore, the strategies must change with them. I believe the right approach is to focus on the processes, technologies, and services needed to protect data, app...