Archive for July, 2011
In my first blog post I talked about proving and maintaining compliance for data governance rules defined for file system resources in the enterprise. This post will continue the discussion of data governance, reviewing some of the reasons organizations are implementing these policies and processes as well as the main challenges associated defining the rules…
Insider threats are a global phenomenon. Every company in every part of the world is subject to some level of insider threat. And guess what? Insider villains are just as unidentifiable in the UK as they are in the US. They appear just as innocuous in Poughkeepsie as they do in Perth.
Game theory and audit logs are two topics you don’t frequently see linked. But some recent research from the Center for Digital Strategies at the Tuck School of Business at Dartmouth College linked the two topics and showed that technology can play a critical role in reinforcing the human elements of good security.
Corporate governance ensures accountability across the extended enterprise. It facilitates staying competitive and satisfying ever-changing government regulations while providing mechanisms and controls to reduce the inefficiencies that arise when individuals misuse privileges granted to them.
Gone are the days when insider threats meant you either had a malicious employee or someone made a mistake; in today’s world the insider threat is far more complex, often starting from the outside and working its way in.
Supporting Mac OS X 10.7 Lion means more than just checking a box on a list of supported platforms. It means that you’ve engineered your product to take full advantage of the features of Lion, and deliver a seamless end-to-end experience for users and administrators.
In order to put a face on the depth and breadth of potential insiders that can be found throughout your enterprise, I will introduce you to three insider villains and three insider heroes. Each villain will represent one of the key misuse of privileges and each hero will represent key values delivered by least privilege. This sixth and final introduction will be of the most unlikely hero.
Brian Anderson and I have written several blog posts on user ID’s. Brian concluded that the average user seems to either have a relaxed sense of security, a love for Abbott and Costello-like humor, or are just lazy when it comes to identity-related security. Our new colleague Luke Dieker, who focuses on Identity Services, has blogged about the importance of yellow sticky notes to password management. He observes that it’s a challenge to change the habits of the many users who adorn their screens with Post-it notes listing various passwords, or for the more security conscious among them, sticking passwords under their keyboards.
In order to put a face on the depth and breadth of potential insiders that can be found throughout your enterprise, I will introduce you to three insider villains and three insider heroes. Each villain will represent one of the key misuse of privileges and each hero will represent key values delivered by least privilege. This fifth introduction will be of the craftiest villain.
The most common vulnerability scoring system used by vendors and regulatory initiatives is CVSS (the Common Vulnerability Scoring System). It provides a vendor agnostic open scoring standard to model vulnerability severity and provide guidance on prioritization of remediation efforts. The basic metrics allows for rating a vulnerability based on the severity of its components like…