BeyondTrust

Security in Context: The BeyondTrust Blog

Welcome to Security in Context

Bringing you news and commentary on solutions and strategies for protecting critical IT infrastructure in the context of your business.

Filter:

July, 2011

Data Governance – Why and How?

Posted July 30, 2011    Morgan Holm

In my first blog post I talked about proving and maintaining compliance for data governance rules defined for file system resources in the enterprise. This post will continue the discussion of data governance, reviewing some of the reasons organizations are implementing these policies and processes as well as the main challenges associated defining the rules…

Tags:
, , , , , , ,
villain trio

Intent Versus Actions And Least Privilege

Posted July 29, 2011    Peter McCalister

Insider threats are a global phenomenon. Every company in every part of the world is subject to some level of insider threat. And guess what? Insider villains are just as unidentifiable in the UK as they are in the US. They appear just as innocuous in Poughkeepsie as they do in Perth.

game theory

Game Theory, Audit Logs And Corporate Governance

Posted July 28, 2011    Peter McCalister

Game theory and audit logs are two topics you don’t frequently see linked. But some recent research from the Center for Digital Strategies at the Tuck School of Business at Dartmouth College linked the two topics and showed that technology can play a critical role in reinforcing the human elements of good security.

governance

If You Can’t Change It, You Can’t Govern It

Posted July 27, 2011    Peter McCalister

Corporate governance ensures accountability across the extended enterprise. It facilitates staying competitive and satisfying ever-changing government regulations while providing mechanisms and controls to reduce the inefficiencies that arise when individuals misuse privileges granted to them.

Tucks

The Outside Insider Threat

Posted July 26, 2011    Peter McCalister

Gone are the days when insider threats meant you either had a malicious employee or someone made a mistake; in today’s world the insider threat is far more complex, often starting from the outside and working its way in.

os lion

How To Truly Support Mac OS X Lion

Posted July 25, 2011    Peter McCalister

Supporting Mac OS X 10.7 Lion means more than just checking a box on a list of supported platforms. It means that you’ve engineered your product to take full advantage of the features of Lion, and deliver a seamless end-to-end experience for users and administrators.

apple

Mac OS X Lion OpenLDAP Security Bypass

Disclosed July 25, 2011    Fully Patched
Vendors: Apple
Vulnerability Severity: High
Exploit Impact:
Exploit Availability:
Carl-resized-600

Insider Hero Introduced: Compliance Carl

Posted July 22, 2011    Peter McCalister

In order to put a face on the depth and breadth of potential insiders that can be found throughout your enterprise, I will introduce you to three insider villains and three insider heroes. Each villain will represent one of the key misuse of privileges and each hero will represent key values delivered by least privilege. This sixth and final introduction will be of the most unlikely hero.

sticky

Can You Put a Yellow Sticky on Your Cloud?

Posted July 21, 2011    Peter McCalister

Brian Anderson and I have written several blog posts on user ID’s. Brian concluded that the average user seems to either have a relaxed sense of security, a love for Abbott and Costello-like humor, or are just lazy when it comes to identity-related security. Our new colleague Luke Dieker, who focuses on Identity Services, has blogged about the importance of yellow sticky notes to password management. He observes that it’s a challenge to change the habits of the many users who adorn their screens with Post-it notes listing various passwords, or for the more security conscious among them, sticking passwords under their keyboards.

irene2

Insider Villain Introduced: Identity Thief Irene

Posted July 20, 2011    Peter McCalister

In order to put a face on the depth and breadth of potential insiders that can be found throughout your enterprise, I will introduce you to three insider villains and three insider heroes. Each villain will represent one of the key misuse of privileges and each hero will represent key values delivered by least privilege. This fifth introduction will be of the craftiest villain.