In 2009, the federal government began development of the Identity, Credential, and Access Management (ICAM) architecture to address security weaknesses across agencies in the areas of user identification and authentication. Established by the Office of Management and Budget (OMB), the federal ICAM program provides guidance on IT policies, systems, and standards that help agencies monitor, manage, and secure access...

In our last post, we discussed how multifactor authentication (MFA) can help secure privileged accounts. Adding a second factor of authentication, such as a physical ID card or fingerprint, can prevent hackers from using a stolen username and password to gain access to a privileged account. That’s why security experts recommend MFA and many government and industry regulations require...

Organizations are rethinking their operational models, finding new solutions to problems, and enhancing the customer experience by integrating technology into everything they do. That’s the essence of digital transformation (DX). Rather than simply building on what you have with new technology, DX is intended to drive innovation and reinvent internal processes and the external markets you serve. The problem...

Access certification requires that managers regularly review their employees’ access to financial systems to validate that access privileges align with the employee’s job requirements. Many organizations have implemented access certification processes to comply with the Sarbanes-Oxley Act (SOX) of 2002. Because SOX mandates an annual evaluation of internal controls and procedures for maintaining the integrity of financial reporting, organizations...

Intuit recently notified users of its TurboTax software that their accounts might have been compromised using username/password combinations obtained from another source — what’s known as a credential-stuffing attack. The company said the hackers might have obtained the names, Social Security numbers, dates of birth, driver’s license numbers, and financial information of those affected. In credential stuffing, hackers use...