Access governance: Identity management gets down to business; NetIQ integrates former Novell IDM tools

Posted on May 18, 2012 by Neil Roiter

From the nuts and bolts IT perspective, identity management has been heavily focused on getting the job of assigning privileges, authentication and access controls efficiently, and simplifying user access across multiple and disparate systems and applications. In large organizations, managing provisioning and de-provisioning, single sign-on, etc. easier, cheaper and, as a side benefit, more secure, as enterprises try to eliminate “ghost” accounts of terminated employees and reduce the security risks and support headaches of multiple passwords. Access governance, on the other hand, approaches identity management from a business perspective. That’s where products such as NetIQ’s Access Governance Solution (AGS) and others come in. Read more

Posted in Security Management | Tagged , , , | Leave a comment

Remember Anonymous’ call to speak with our feet
against CISPA? How’s that working out for ya?

Posted on May 16, 2012 by Neil Roiter

I haven’t really had a chance to check in on Anonymous’ planned physical protests against the Cyber Intelligence Sharing and Protection Act (CISPA) announced in a five-minute plus video (but feeling as interminable M. Night Shyamalan film) shortly after the U.S. House of Representatives passed it late last month. The cyber crusaders called, in succession in early May, for organized physical protests at your nearest AT &T (which the digitized voice pronounced “At and Tee”), IBM and Intel headquarters. I hadn’t seen anything on the news, but assume that CNN, Fox and Al Jazeera had suppressed the news of the mass demonstrations. Read more

Posted in Security Threats | Tagged , , , , | Leave a comment

Energy sector threats keep us up at night;
McAfee/Intel unveils multilayer protection plan

Posted on May 15, 2012 by Neil Roiter

Potential threats to the nation’s energy supply, generation and distribution systems attract intense scrutiny not so much because of what has happened but because of what we believe could happen. The specter of an attack that could severely impair, for example, the distribution of electricity in much the same way Stuxnet damaged the Iranian uranium enrichment program, raises alarms that no number of credit card or personally identifiable information (PII) breaches can. McAfee/Intel’s new vision for security in the energy sector is a tiered deployment of its wide range of existing tools to monitor and enforce critical infrastructure protection policies and procedures. Read more

Posted in Security Management, Security Threats | Tagged , , , , | Leave a comment

Most states aren’t well prepared for cyber attacks:
Don’t be surprised, don’t be alarmed, but be concerned

Posted on May 11, 2012 by Neil Roiter

Cyber security is not a top priority for state governments, and they are not well prepared to deal with cyber threats. In fact, cyber security ranks at the bottom of 31 critical areas in terms of readiness, according to a report issued by the Federal Emergency Management Agency (FEMA). Though we tend (I tend) to see the world in terms of information security, because it’s what we do, the findings are not a cause for alarm. Not yet. Read more

Posted in Security Management | Tagged , , | Leave a comment

You want some good numbers? Check out the InformationWeek security survey

Posted on May 10, 2012 by Neil Roiter

I’ve grown to anticipate the annual InformationWeek Strategic Security Survey with some enthusiasm. It’s one of the better conceived surveys around, covers a wide range of sectors and organization sizes, and is sufficiently large sample (946 IT and security professionals) to be statistically significant. and it’s chock full of interesting information about what troubles enterprises and what they are and are not doing about it. Read more

Posted in Security Management, Uncategorized | Tagged , | Leave a comment

BeyondTrust expands security coverage with eEye Digital acquisition

Posted on May 10, 2012 by Neil Roiter

BeyondTrust continues to expand its security portfolio, announcing acquisition of risk management vendor eEye Digital Security, whose menu of enterprise and cloud products have been built out starting with its venerable Retina network vulnerability scanning tool. Read more

Posted in Security Management | Tagged , , , , , , , , , | Leave a comment

Skillz are more important than your degree in security

Posted on May 8, 2012 by Richard Stiennon

Two words: “Learn tools.”

It’s graduation season and time to address careers in IT security. I can’t help thinking back to May 1982, the month 30 years ago when I graduated from the University of Michigan as an aerospace engineer. I had done the rounds of campus interviews but was not excited about going to work for aerospace giants, none of whom were working on rockets. The Space Shuttle program was already completed, with no new rockets in the works anywhere. I had made a grave error when I transferred to Michigan’s aerospace program from Wisconsin halfway through college. My 3.8 GPA was wiped out because grades did not transfer and many credits did not. All those easy-to-ace classes in calculus, physics and chemistry were behind me. Advanced classes in flight dynamics, control systems, thermodynamics and fluids were ahead of me. Read more

Posted in Security Management | Tagged , , | Leave a comment

Old remedies don’t work on new threats;
SANS panel will discuss alternative medicine

Posted on May 4, 2012 by Linda Musthaler

Organizations spend lots of money on a variety of security products but they are frustrated because they are still getting compromised. Why? The threats organizations face have changed in the past year or two, but the way we approach security hasn’t.

“When you’re dealing with the common cold, you wait for the first symptom to appear,” says Cole, who will lead a panel discussion on emerging security threats and trends at the upcoming  SANS Security West conference (May 10-18, 2012). Read more

Posted in Security Management | Tagged , , , , | Leave a comment

Panel: Survey suggests healthcare may be talking the talk,
but breaches show it isn’t walking the walk

Posted on May 3, 2012 by Neil Roiter

Healthcare is data security’s poor relation. Despite some evidence of positive effort,data breaches are on the rise, and most healthcare organizations just don’t quite get the importance of security, focusing too much on the form of regulatory compliance and too little on substance, according to a panel discussing the recently released 2012 HIMSS Analytics Report: Security of Patient Data. Read more

Posted in Data Protection | Tagged , , , | 1 Comment

Fido exposed through identity verification:
“Please provide name, DOB birth and species”

Posted on May 2, 2012 by Linda Musthaler

There’s a classic cartoon depicting a dog using a computer, with a caption that says, “On the Internet, no one knows you’re a dog.” It’s funny, but true. When you have any sort of web-based business, you really don’t know who is on the other end of the transaction. Read more

Posted in Data Protection | Tagged , , , , | Leave a comment