BeyondTrust

Security in Context: The BeyondTrust Blog

Welcome to Security in Context

Bringing you news and commentary on solutions and strategies for protecting critical IT infrastructure in the context of your business.

Time Is Of The Essence When Implementing Security Best Practices

Posted October 18, 2011    Peter McCalister

Six years ago the U.S. Government Accountability Office (GAO) criticized the IRS for lax security practices. Now it would seem that six years is plenty of time to get the right security policies in place, but while the IRS is showing progress, it has yet to remediate 65 of the 88 previously reported weaknesses – and now the most recent GAO audit has turned up 37 new weaknesses to add to the list. This news affects every tax-paying citizen in the U.S., as all of our information is at risk, and it’s a good example of why every organization needs to be paying attention to their own security policies.

It was reported that many of these security deficiencies are related to access control, configuration management and segregation of duties. Every day that employee responsibilities are not clearly defined and the right least privilege policies are not in place, the IRS, is putting their sensitive information – OUR sensitive information – at risk. Security weaknesses in these critical areas increase the risk of insider threats, both accidental and intentional.

Six years is way too long to know there are gaping holes in your security without taking steps to fix the problems. There isn’t time to waste, as every day that goes by without a security breach is just dumb luck. Organizations, including the IRS, need to take action now to implement comprehensive security plans, starting by getting least privilege and segregation-of-duty policies in place right away.

Leave a Reply

Additional articles

flash-logo

Adobe Patches Zero-Day Flaw Being Exploited in the Wild

Posted January 22, 2015    BeyondTrust Research Team

Earlier this week, French malware researcher Kafeine reported on a new Adobe Flash zero-day vulnerability that was being exploited in the wild using the latest versions of the Angler Exploit Toolkit. “Any version of Internet Explorer or Firefox with any version of Windows will get owned if Flash up to 16.0.0.287 (included) is installed and enabled”…

Tags:
, , , , ,

Your Data Security Strategy Starts with Deploying a Least Privilege Model (part 2 of 2)

Posted January 22, 2015    Scott Lang

In last week’s blog, we talked about how controls and accountability must be put into place so that only the right folks can access data and the systems on which that data resides, and that employing a least privilege model helps to achieve that and more. We’re using conclusions and data from a recent report…

Tags:
, , , ,
Larry-Brock-CISO

Basic Blocking and Tackling for Defending Against Advanced Targeted Attacks

Posted January 22, 2015    Larry Brock

With football season at its pinnacle at both the college and professional levels, the best teams continually focus on the fundamentals that make them successful. In security, we need to do the same.  It is okay for us to have a few key plays, especially in certain industries where we have to focus on unique…

Tags:
, , , , ,