This week there was speculation in the press that the infamous Stuxnet worm is actually purpose-built malware designed to cripple a single targeted institution: Iran’s Bushehr Nuclear facility.
For the most part, PCI-DSS is a good idea that improved the overall security of credit card payment handlers. However, PCI security flaws exist.
A recent New York Times article, “A Strong Password Isn’t the Strongest Security,” offers a great assessment of the complacency of many IT security professionals. The assertion that password strength is not as important as protecting passwords against interception has some real validity. However, user logins are just one aspect…
Now that we’ve reached the last real month of summer the US vacation season will slowly wind down. However if the 2010 Global Security Report from Trustwave is any indication, the hospitality industry won’t feel relief from hackers anytime soon. According to the multi-industry report, hackers infiltrated hospitality services more…
Paul Roberts posted an interesting story on Threatpost about the limitations of conventional password security.
Not surprisingly, the research also identified the misuse of privileges as the top threat vector for the year. Even less of a surprise is the fact that database servers were the top target in terms of both the number of breaches (25%) and volume of records (92%).
IT staff at educational institutions are faced with high user turnover, the constant reconfiguration of machines, and clever students with the skills to gain unauthorized access to unsecured IT assets. At the same time, IT personnel must efficiently cope with all of these issues, under tight budgetary constraints, while complying with regulatory mandates like the Family Educational Rights and Privacy Act (FERPA).
After organizations suffer repeat IT security audit failures their management (primarily CSOs and CISOs) often ask us how to remediate the findings. The good news is that technology exists that can quickly bring real accountability to DBA accounts…
The truth is that privileged identity management (or privileged account password management) software is not a commodity and should not be purchased based on checkboxes and up-front fees alone.
Use of a password vault might keep the privileged identity problem out of sight from auditors, but it disguises the fact that the spreadsheets often contain never-changing passwords known to too many individuals inside and outside of IT.