NetIQ Qmunity

Sykipot & Smartcard Security???

As some of you may be aware, Ron Lapedis and I are providing the Biometrics and Access Token Technology, 10 Years Later session at the 2012 RSA Conference . Our original thought in proposing the session was that given the various hacks, attacks, and leaks...

Published Wed, Jan 25 2012 3:15 PM by Michael F. Angelo

Filed under: eWeek, RSAC, Trojans, Smartcard, CAC, Sykipot, RSA 2012, APT, Common Access Card

Cloud Security: SWAT Your Worry?

Cloud architectures aren’t secure. That’s one takeaway I got from Bob Violino 's piece for Computerworld: " Cloud SWAT teams ". It outlines a security incident response approach we recommend on a regular basis, in fact you'll...

Published Mon, Jan 09 2012 11:19 AM by RichardWhitehead

Filed under: PCI DSS, NetIQ, Cloud Computing, Compliance, Computerworld, HIPAA, cloud security, SOX, Identity Theft, Public Cloud, Sony, Novell, Harris Interactive, Bob Violino, Amazon Web Services, Cloud Security Services, Access Management

Dumbing Down of Common Criteria...Continued

On November 28th, NIAP posted two new documents on the Evolution Announcement page. In my earlier blog, the Dumbing Down of the Common Criteria , I discussed a direction that was being pushed within the CC community to only offer EAL1 certifications....

Published Wed, Dec 21 2011 10:49 AM by Michael F. Angelo

Filed under: Certification, NIAP, Common Criteria Certification, EAL4, EAL2, EAL3, Orange Book, Mutual Recognition Agreement, BSI, EAL1, IEL, Government Certification, CESG, CCEVS, MRA, CCS

The Dumbing Down of Product Security Certifications.

In the past any industry desiring to provide technology to government agencies was compelled to submit their products to be certified. For each country and government market the company would have to go through a certification process. The certification...

Published Thu, Dec 01 2011 12:20 PM by Michael F. Angelo

Filed under: Certification, Common Criteria, NIAP, Protection Profile, EAL4, PP, EAL2, ISO/IEC 15408, ST, Security Target, CC, Assurance Continuity, National Information Assurance Program

Tuscany, More than Gorgeous Landscapes and Culture, gets IAM

What if cyber criminals broke into a network for 3,000 government workers? What if those workers served 3.7 million citizens? And what if those citizens lived in the world-famous and tourist-rich Tuscany, Italy , which is home to Florence, Siena and Pisa...

Published Wed, Nov 30 2011 3:20 PM by David Shephard

Filed under: Cyber Attacks, IAM, Identity and Access Management, Identity Manager, Cyber Crime, Tuscany, Italy, Government, Net Studio

Defending the Cloud Against Blended Threats

55% of respondents to a recent NetIQ / Harris Interactive IT security survey cited that their inability to manage security in the cloud as the most difficult challenge. This was only beaten by a lack of time to monitor vast amounts of data (64%) and closely...

Published Tue, Nov 08 2011 3:20 PM by DiptoChakravarty

Filed under: Security, Virtualization, NetIQ, Cloud Computing, malware, IT Security, Cloud, Public, Hybrid, Private, Threats, Cyber Attacks, Charlie Miller, Cyber Espionage, Apple App Store, iTunes, Apple, Cloud Computing Conference, iPad, Maliciouis App, CloudExpo, Adidas, iPhone, Harris Interactive

Reflection upon the ISSA Awards

Recently I attended the 2011 ISSA International Conference . At it I was honored as the 2011 ISSA Professional of the Year . This was somewhat of a surprise when they first announced it, and was greatly appreciated. I also had the privilege of being recognized...

Published Mon, Oct 31 2011 12:25 PM by Michael F. Angelo

Filed under: Security, CERT, Skipjack, ISSA, Keynote, Rainbow books, Professional of the Year, Morris the Worm, Conference, Clipper, NIAP, Opening speech, Common Criteria Certification, Duku, Zeus, Ethics, Zardoz, Morris worm, Spy Eye, Rainbow series

The Sentinel and Change Guardian Demo from BrainShare

So you have contracted out your systems administration. The next thing you know the contract administrators have created back-doors to sensitive systems and data. This was the premise of the NetIQ keynote Sentinel 7 and Change Guardian for Windows demonstration...

Published Thu, Oct 27 2011 2:20 PM by David Shephard

Filed under: Security, NetIQ, Personally Identifiable Information, PII, CISO, CIO, IAM, Novell, Identity and Access Management, customer data, BrainShare, administration, Sentinel, Change Guardian, contractors, outsourcing, Keynote

Preface to Becoming a Security Detective

What do Aurora and Shady Rat have in common? They are both so called operations that describe system breaches in high profile companies and government agencies. These and countless other events pointedly demonstrate that few systems are unassailable and...

Published Tue, Oct 18 2011 2:00 PM by Garve Hays

Filed under: Security, Access Control, Log Management, Logs, Breach, Sony, PlayStation Network, Aurora, Shady Rat

Do you think your organization is too small to attract hackers? Think again!

Is your organization a target for hackers? If you keep data in the cloud - either public or private - you might be coasting along with a false sense of security, even if you’re not one of the big boys. Amidst the recent hack attacks on Sony, Lockheed...

Published Wed, Jul 27 2011 10:01 AM by JeffCutler

Filed under: Security, Log Management, Cloud, Cyber Attacks, WSJ.com, City Newsstand

Automate Your Way to Security Assurance

There is an exciting (ok, I don't get out much) proposal from Neil MacDonald , of Gartner, that he calls systematic workload reprovisioning. The idea is to periodically stop and restart instances of programs or workloads on a server, using a vetted...

Published Tue, Jul 19 2011 8:45 AM by Garve Hays

Filed under: Security, IT process automation, NetIQ, Gartner, ITPA, VMware, Amazon, Cloud, Automation, Workflow, Xen, Rackspace, KVM, Run Book Automation, Hyper-V

Macau's ePass Program Gives Every Citizen Secure Single Sign-On

A few days ago my fellow blogger Chase Jones outlined how access governance is the key to compliance and risk management . So, I wanted to take a look at a real life application and how it was being used. On the other side of the globe is Macau , which...

Published Mon, Jul 18 2011 10:00 AM by David Shephard

Filed under: single sign-on, IAM, Identity Management, e-services, 2-factor authentication, Macua, SAR, China, People's Republic of China, Identity and Access Management, APICTA, ePass, Access Governance

Washington Post Jobs Board - Cloud Security Specialist Needed

While the headline on this post is a bit tongue-in-cheek, it’s accurate. On June 27 and 28, unauthorized parties attacked the job boards at the online Washington Post site. While the publication says no passwords or personal data was affected, their...

Published Mon, Jul 11 2011 11:02 AM by JeffCutler

Filed under: Security, Cloud, Washington Post, Hack

Asking the Right Questions of Your Cloud Provider

Let’s assume for a moment that you’re in charge of IT for a large corporation. It doesn’t have to be a multi-billion dollar concern or even an international firm. We just want to set the stage for what I’m about to present you...

Published Thu, Jul 07 2011 12:09 PM by JeffCutler

Filed under: Security, Cloud Computing, Compliance, Service Providers, Cloud Data, Cloud Storage, LulzSec, Cloud Application

Questions & Answers from The Zero Trust Model - Putting Data Protection First

On June 30th we hosted along with leading online resource for information security professionals, Dark Reading , the webcast The Zero Trust Model: Putting Data Protection First with guest speaker John Kindervag , Senior Analyst at Forrester Research,...

Published Wed, Jul 06 2011 12:55 PM by David Shephard

Filed under: Security, Forrester Research, PCI DSS, NetIQ, SC Magazine, RSA, Verizon Breach Report, John Kindervag, Cloud, SaaS, PaaS, CISO, Log Files, Breach, Sony, Social Engineering, Identity Management, Zero Trust, NAV, IT, trusted, Trusted Users, Networks, Dark Reading, SIM, log data, Wireshark, Interfaces, data centric, PlayStation Network, SIEM, Cox Communications, Multitenancy, IaaS, Security as a Service

Follow Us

Syndication

Recent Posts

Tags

Archives