Archive for February, 2011
Gimme Shelter … From Governance, Risk & Compliance Issues
In the on-going debate of best rock band ever between the Beatles and the Rolling Stones, I have, and will ever, fall into the Stones camp. With that said, this is a least privilege forum so I need to endeavor to stick to the subject at hand as Keith’s guitar wails in the background and Mick’s vocal starts “Oh, a storm is threatening.”
Use Me (Or My Password)
Wednesday’s car ride prompts a Classic Rock play list on the iPod and what do you know… Bill Wither’s “Use Me” spawns yet another blog courtesy of the line “Cause I sure am using you to do the things you do.” Without privilege identity management, your users will be used to do the things you don’t want them (or anyone) to do.
Top VM Reports for Healthcare
Every few weeks, I find myself on the road visiting clients, working at tradeshows, and reviewing the latest solutions in security. eEye’s solutions touch almost every vertical market and some of them recognize the need for better vulnerability assessment solutions and reporting over others. When I visit clients in the Healthcare industry, I find a level…
The Difference with Insiders
The online security hacking group Anonymous has been making a lot of headlines recently. They committed denial of service attacks on companies like Mastercard, VISA and Paypal – companies who cut off Wikileaks from their services.
I Am the Ostrich, Goo Goo G’joob
The top is down on my convertible and I hear “I am he as you are he as we are all together. See how they run…” blasting on the radio and what do I think of? Yep, privilege identity management.
Prioritizing Vulnerability Assessment and Remediation Steps: A New Users Guide to Getting Started – Part 2
The odd part about writing weekly blogs is the amount of discussions that start internally, with clients directly, and sometimes through straight blog comments. After writing “A New Users Guide to Getting Started” article, my team indicated several really good ideas for a Part II follow-up blog. Simply, just getting started with vulnerability management is not enough….
RSA Survey: No Trust for Cloud Vendors, Wikileaks
At this year’s RSA we had a swat team passing out surveys – over 111 responses – to find out if people trust their cloud vendors with their data.
Thoughts From Another Successful RSA
17,000 security professionals descended on Moscone Center in San Francisco this week for the annual RSA pilgrimage of education, communication and motivation. Now that the event is over and everyone is heading back to their respective everyday roles, I thought I pass along a few observations to commemorate what was easily one of the better shows in the last couple of years for the security industry.
Cloud Computing Security in Public Clouds
We’ve said before that corporations need to take ownership and responsibility for overseeing and requiring compliance and security policies of their cloud vendors. Well, now it’s official, the industry agrees with us.
5 Things to Tell the CEO about Admin Privileges
Every organization has their own quirks. Sometimes leadership isn’t involved enough for certain projects to be successful. Other times they’re too involved. And sometimes it feels like everything is just too much of a mess. This is especially true when it comes to IT security and compliance across physical, virtual and cloud environments.
