Tag: security

New York’s New Security Rules Emphasize Identity and Access Management

NY Security
In September 2016, New York Governor Andrew Cuomo announced new regulations that established minimum security requirements for the protection of sensitive data in the financial services sector. The first state-mandated regulations of their kind in the nation, the new rules cover banks, insurance companies, and other financial services firms licensed by the New York Department of Financial Services (DFS),...

Data Manipulation: A More Troubling Problem than Data Theft

PAS
Many people are concerned about the theft of sensitive information, and rightfully so. According to the 2016 Identity Fraud study by Javelin Strategy and Research, identity theft cost U.S. consumers $15 billion in 2015. Businesses also fall victim to identity theft, to the tune of $221 billion worldwide each year. But a more insidious data security problem is gaining...

Why the IoT Needs IAM, Part 2: The Complexity of Controlling Access

DDOS
In a previous post Why the IoT Needs IAM, Part 1: Rise of the Botnets, we discussed the growth of the Internet of Things (IoT) and the enormous attack surface created by billions of Internet-connected devices. Many of these devices have been recruited into botnet armies that are used to launch distributed denial of service (DDoS) attacks. Others are...

Why the IoT Needs IAM, Part 1: Rise of the Botnets

Clango
In the Internet of Things (IoT), billions of connected objects quietly collect and transmit data and perform a wide range of functions, generally without human intervention. Imagine vending machines that tell you when they need to be replenished, vehicles that schedule their own maintenance, and “smart home” products that let you lock your doors, control your thermostat, and peek...

Why Does Identity and Access Management / Governance Matter?

IAM
The risks associated with insider-threat theft and data breaches are well known. At the very least we ought to be aware of who is currently able to access our information resources and operational controls. We need to understand the risks to the enterprise if information or access falls into the wrong hands, or is corrupted in some way. Whatever...

How Enterprise Asset Management Helps Enable Digital Transformation

MaxFactory
At the end of every year, IT industry analysts and research firms try to predict which technology trends will have the greatest impact in the coming months. Some of the top picks for 2017 include artificial intelligence and machine learning, augmented and virtual reality, 3-D printing, Blockchain, and wearables. Meanwhile, cloud computing will continue to grow unabated, and billions...

Why IAM Is Often Put on the Back Burner and Why It Shouldn’t Be

Kabir
So, you’ve just been breached. Now what? Many questions come to mind. Is the breach contained? Who was behind it? Were they internal or external? How did they get in? What did they get? Depending on your organization’s level of sophistication in response to such incidents, a number of processes, controls, and workflows will be initiated and checked. Some...

The Role of Context in ICS Security Risk Assessment

SCADA
In our last post Understanding the Security Risks of Industrial Control Systems we discussed the growing security threat to the Industrial Control Systems (ICS) used to support critical infrastructure and drive processes in a number of industry sectors. Increasingly, ICS components and systems are connected via the public Internet rather than private networks. Many of these components have weak...

Understanding the Security Risks of Industrial Control Systems

ICS
An Industry Control System (ICS) component is a device, such as a digital controller, that accepts input, performs a specific function and provides output. For example, a digital controller in an HVAC unit might monitor ambient air temperature and tell the system to turn on or off based upon its settings. The definition of such a controller can be...

Why User Identities Are the Weak Link in Enterprise Security

PAS
According to the Identity Management Institute, more than 90 percent of all cyberattacks are successfully executed with credentials obtained from unwitting users. Spear phishing attacks are the most common method used to steal this information. It is easy and inexpensive for cybercriminals to send a fake email with a malicious attachment or link that downloads spyware to the victim’s...