The article includes details of how Commerzbank – Germany’s second largest banking institution – safeguards its infrastructure from insider threats using a combination of Enterprise Random Password Manager from Lieberman Software and ArcSight Enterprise Security Manager.
The important thing to know is that Identity and Access Management (IAM) systems generally don’t provide either PIM or PUM capabilities since privileged identities are associated with hardware and software assets, and not with the individual user identities controlled by IAM.
This week there was speculation in the press that the infamous Stuxnet worm is actually purpose-built malware designed to cripple a single targeted institution: Iran’s Bushehr Nuclear facility.
For the most part, PCI-DSS is a good idea that improved the overall security of credit card payment handlers. However, PCI security flaws exist.
A recent New York Times article, “A Strong Password Isn’t the Strongest Security,” offers a great assessment of the complacency of many IT security professionals. The assertion that password strength is not as important as protecting passwords against interception has some real validity. However, user logins are just one aspect…
Now that we’ve reached the last real month of summer the US vacation season will slowly wind down. However if the 2010 Global Security Report from Trustwave is any indication, the hospitality industry won’t feel relief from hackers anytime soon. According to the multi-industry report, hackers infiltrated hospitality services more…
Paul Roberts posted an interesting story on Threatpost about the limitations of conventional password security.
Not surprisingly, the research also identified the misuse of privileges as the top threat vector for the year. Even less of a surprise is the fact that database servers were the top target in terms of both the number of breaches (25%) and volume of records (92%).
IT staff at educational institutions are faced with high user turnover, the constant reconfiguration of machines, and clever students with the skills to gain unauthorized access to unsecured IT assets. At the same time, IT personnel must efficiently cope with all of these issues, under tight budgetary constraints, while complying with regulatory mandates like the Family Educational Rights and Privacy Act (FERPA).
After organizations suffer repeat IT security audit failures their management (primarily CSOs and CISOs) often ask us how to remediate the findings. The good news is that technology exists that can quickly bring real accountability to DBA accounts…