Without any privileged password management controls, most long-term enterprise employees collect credentials like a janitor collects keys.
Key regulatory standards – including PCI-DSS, HIPAA, Sarbanes-Oxley and others – share common requirements when it comes to securing privileged identities
It’s great that organizations are thinking about compliance. However, we need more emphasis on security. A security product will fail if it’s not implemented and maintained correctly. So every penny and minute that goes into choosing and maintaining the right product is worth it.
Too often, data breaches exploit shared privileged account passwords used for administrative logins, privileged service accounts, and application-to-application communications. The requirements of mandates such as PCI DSS, HIPAA, Sarbanes-Oxley and others require that these powerful passwords be audited and updated regularly to prevent abuse
Your organization may already have a security training and awareness (STA) program, or (this is less likely nowadays) you may have to build one from scratch. This is a checklist of the policies that should underpin a successful STA program.
Organizations are giving more priority to development of information security (InfoSec) policies, as protecting their assets is one of the prominent things that needs to be considered.
The recently announced NIST framework is a lot of useless and redundant verbiage that collects existing standards that have existed for at least a decade. There is nothing fundamentally new, revolutionary or even effective in the framework.
Generally speaking, IT audits historically focused on identifying shortfalls in regulatory compliance, but without the authority to help select an appropriate mitigation when security shortcomings are discovered. For auditors to achieve any real improvements in reducing security risk, the auditors themselves need a broader mission and better training so that they…
Here’s where privileged identity management helps with regulatory compliance. These products inventory all systems, accounts and passwords – and track where they’re used.
For the most part, PCI-DSS is a good idea that improved the overall security of credit card payment handlers. However, PCI security flaws exist.