BeyondTrust

Security In Context

Bringing you news and commentary on solutions and strategies for protecting your critical IT infrastructure.

Archive for July, 2011

Data Governance – Why and How?

In my first blog post I talked about proving and maintaining compliance for data governance rules defined for file system resources in the enterprise. This post will continue the discussion of data governance, reviewing some of the reasons organizations are implementing these policies and processes as well as the main challenges associated defining the rules…

Post by Morgan Holm July 30, 2011
Tags:
, , , , , , ,
BeyondTrust is the expert source of VMware Security LEARN MORE
villain trio

Intent Versus Actions And Least Privilege

Insider threats are a global phenomenon. Every company in every part of the world is subject to some level of insider threat. And guess what? Insider villains are just as unidentifiable in the UK as they are in the US. They appear just as innocuous in Poughkeepsie as they do in Perth.

Post by Peter McCalister July 29, 2011
game theory

Game Theory, Audit Logs And Corporate Governance

Game theory and audit logs are two topics you don’t frequently see linked. But some recent research from the Center for Digital Strategies at the Tuck School of Business at Dartmouth College linked the two topics and showed that technology can play a critical role in reinforcing the human elements of good security.

Post by Peter McCalister July 28, 2011
governance

If You Can’t Change It, You Can’t Govern It

Corporate governance ensures accountability across the extended enterprise. It facilitates staying competitive and satisfying ever-changing government regulations while providing mechanisms and controls to reduce the inefficiencies that arise when individuals misuse privileges granted to them.

Post by Peter McCalister July 27, 2011
Tucks

The Outside Insider Threat

Gone are the days when insider threats meant you either had a malicious employee or someone made a mistake; in today’s world the insider threat is far more complex, often starting from the outside and working its way in.

Post by Peter McCalister July 26, 2011
os lion

How To Truly Support Mac OS X Lion

Supporting Mac OS X 10.7 Lion means more than just checking a box on a list of supported platforms. It means that you’ve engineered your product to take full advantage of the features of Lion, and deliver a seamless end-to-end experience for users and administrators.

Post by Peter McCalister July 25, 2011
Carl-resized-600

Insider Hero Introduced: Compliance Carl

In order to put a face on the depth and breadth of potential insiders that can be found throughout your enterprise, I will introduce you to three insider villains and three insider heroes. Each villain will represent one of the key misuse of privileges and each hero will represent key values delivered by least privilege. This sixth and final introduction will be of the most unlikely hero.

Post by Peter McCalister July 22, 2011
sticky

Can You Put a Yellow Sticky on Your Cloud?

Brian Anderson and I have written several blog posts on user ID’s. Brian concluded that the average user seems to either have a relaxed sense of security, a love for Abbott and Costello-like humor, or are just lazy when it comes to identity-related security. Our new colleague Luke Dieker, who focuses on Identity Services, has blogged about the importance of yellow sticky notes to password management. He observes that it’s a challenge to change the habits of the many users who adorn their screens with Post-it notes listing various passwords, or for the more security conscious among them, sticking passwords under their keyboards.

Post by Peter McCalister July 21, 2011
irene2

Insider Villain Introduced: Identity Thief Irene

In order to put a face on the depth and breadth of potential insiders that can be found throughout your enterprise, I will introduce you to three insider villains and three insider heroes. Each villain will represent one of the key misuse of privileges and each hero will represent key values delivered by least privilege. This fifth introduction will be of the craftiest villain.

Post by Peter McCalister July 20, 2011
lock

Why Exploitability Matters

The most common vulnerability scoring system used by vendors and regulatory initiatives is CVSS (the Common Vulnerability Scoring System). It provides a vendor agnostic open scoring standard to model vulnerability severity and provide guidance on prioritization of remediation efforts. The basic metrics allows for rating a vulnerability based on the severity of its components like…

Post by Morey Haber July 19, 2011