NetIQ Qmunity

Can Compliance Provide Good Enough Security?

Compliance with legislation is mandatory for a company planning to operate in a particular territory – this includes supra-national organisations such as the EU . However, compliance with security legislation is often complex and usually expensive, involving as it does an investment in a range...

Posted to Security Web by David Shephard on May 6, 2013
Filed under: Filed under: Credit Card Data, Geoff Webb, NetIQ, Cloud Computing, Compliance, HIPAA, File Integrity Monitoring, SOX, regulation, legislation, PCI-DSS, IT Security, Audit, EU, David Shephard, Breaches, Security Web
Is BYOD Now a Done Deal?

We like to think of Bring Your Own Device (BYOD) as a new phenomenon but nothing could be further from the truth. In the 1980s when the PC was introduced, employees started buying them on departmental budgets and running spreadsheets because of the difficulty of getting time on the corporate mainframe...

Posted to Security Web by David Shephard on May 1, 2013
Filed under: Filed under: Data Breach, Compliance, Cloud, iPad, BYOD, Bring Your Own Device, David Shephard, Security Web, PC, Salesforce.com, Lotus 1-2-3
Consumer Cloud Services Have Gained a Poor Reputation for Security. Is it Justified?

For most consumers, Dropbox has established itself as the go-to name for online storage. It’s fast to set up, easy to use, and is cross-platform. What’s not to like? For IT admins, cloud services aimed at consumers fall short in many areas, despite some services including features such as...

Posted to Security Web by David Shephard on Apr 17, 2013
Filed under: Filed under: Encryption, NetIQ, Cloud Computing, Compliance, cloud security, IT Security, DropBox, Two Factor Authentication, David Shephard, Security Web, IDG Connect, SSL, Consumer Cloud
Putting the “Who” in Your Who-Dunnit

In today's world, just managing identities isn't enough for most organizations anymore. With increasing regulations both internally and externally, automated provisioning and deprovisioning is just the beginning of what any identity management solution should be doing for you today. Basically...

Posted to Security Web by Wes Heaps on Nov 30, 2012
Filed under: Filed under: Compliance, user monitoring, IT Security, Identity, Identity Management, SIEM, Identity and Access Management, Identity-Centric, Provisioning, Access Management, Security Information and Event Management, Identity is the Foundation, Security Intelligence, Deprovisioning, Breaches, Wes Heaps, Security Web
Getting to Lower Risk without Breaking the Bank (or your Back!)

There’s been a siege mentality in the security community for a while now. Day after day of highly visible and damaging breaches, coupled with a steady diet of security vendor “quick fixes”, have left us battle weary, and oh-so jaded. Unfortunately, with the explosion of cloud computing...

Posted to Security Web by Renee Bradshaw on Nov 21, 2012
Filed under: Filed under: Cloud Computing, Compliance, InfoWorld, Risk Management, Verizon Breach Report, Data Security, File Integrity Monitoring, FIM, Password, Data Breach Report, IT Security, Cloud, Public Cloud, Risk, IT Budget, Information Security, Renee Bradshaw, Cloud Data, Cloud-Based Data, Mobile Devices, Data Breaches, Mobile Security, Passwords, Compliance Automation, Best Practice, Mobile Computing, IT Security, IT Staffing, Breaches, Continuous Monitoring, Eric Knorr, Security Web
2013: The Year of Continuous, Real-time Threat Monitoring in Business Context

2013 Prediction: Threat detection and management will be required to monitor continuously and in business context with regard to level of risk. Given the rapid change, information requirements, environment complexity, growing devices, explosive data growth and growing real-time analysis requirements...

Posted to Security Web by Michele Hudnall on Nov 20, 2012
Filed under: Filed under: Heartland Breach, Change Control, Compliance, Heartland, Gartner, Risk Management, Verizon Breach Report, Data Security, Vulnerability, Threat, Log Files, Certification, Breach, IT Audit, Security Management, Security Breach, Access, SIEM, Outage, Data Breaches, ZDNet, Big Data, BYOD, Threat Detection, security incidents, Compliance Automation, Bring Your Own Device, 'Anton Chuvakin', IT Security, Michele Hudnall, Huff Post Live, Analytics, Breaches, BSM, Business Service Management, Continuous Monitoring, DevOpsSec, Networkworld, DHS, Availability, Department of Homeland Security, Threat Monitoring, Security Web
Cloud Security Starts at Home

The cloud can bring great benefits to your business, yet there is little doubt that it can also affect the security of your sensitive data and systems. It introduces huge complexity to your IT environment, leading to increased risks of breach or compliance gaps. The good news is that taking proactive...

Posted to Security Web by Renee Bradshaw on Nov 13, 2012
Filed under: Filed under: Security, Compliance, cloud security, Cloud, Risk, Breach, Renee Bradshaw, Automation, Security Intelligence, IT Environment, Security Web
Is Cloud Slicing in Your Future?

Cloud computing vendors sense an opportunity to offer services for the healthcare space, as they position their service offerings for specific vertical industries, says a recent Network World article . One NetIQ AppManager customer , Verizon's Terremark division, is accomplishing this through establishing...

Posted to Data Center Solutions by Travis Greene on Oct 22, 2012
Filed under: Filed under: appmanager, cloud, Travis Greene, Terremark, HIPAA, compliance, cloud slicing, Network World, Data Center Solutions
Compliance & Regulations - Not Shielding You from Breaches

In speaking with many IT Security Managers, CISOs and system administrators over the last year, I know that more industry regulations, breach notification requirements, and increasing penalties haven’t shielded anyone from experiencing a serious breach. They, and we, believe that the key to compliance...

Posted to Security Web by Renee Bradshaw on Oct 17, 2012
Filed under: Filed under: NetIQ, Compliance, Secure Configuration Manager, Security Policy, IT Security, CISO, Renee Bradshaw, Provisioning, BYOD, Michael Colson, Mobile Computing, IT Staffing, System Administrator, Deprovisioning, Breaches, Security Web
10 IT Security Considerations - No.5 Manage Risk

This is part of a blog series. For more details, start with the intro . Manage risk appropriately, not compliance If it was all about compliance, we wouldn’t be hearing about the constant data breaches supposedly PCI compliant organisations keep being subjected to. Sure, if there are compliance...

Posted to Security Web by Ian Yip on Sep 3, 2012
Filed under: Filed under: PCI DSS, Compliance, Risk Management, IT Security, Risk, Information Security, Audits, Ian Yip, Trust, Security Web
Security a Top Concern for Healthcare Providers Implementing Mobile Solutions

If we look back a couple of years Gartner was saying that healthcare CIOs needed to take immediate steps toward implementing a sound wireless and mobile device strategy . I’m not convinced that those CIOs listened to Gartner. Rather, in my humble opinion, it was the continued groundswell of personal...

Posted to Security Web by David Shephard on Aug 31, 2012
Filed under: Filed under: Access Control, NetIQ, Compliance, Gartner, Regulations, IT Security, CIO, IAM, Novell, IdM, Identity Management, Identity and Access Management, iPad, Identity Manager, Mobile Devices, Mobile Security, Access Manager, BYOD, Smartphone, Healthcare, Bring Your Own Device, HIMSS Conference, Hospital, Remote Care Treatment, Netherlands, Porter Research, TMDi, Physicians, Information Systems, Wireless Medical Devices, Arkin, Patients, EMR, Security Mandates, Electronic Medical Records, Billian's HealthDATA, David Shephard, Mobile Computing, Nurses, Mobility Strategy, Monitoring Devices, Doctors, Security Web
Seussian Adventures in BYOD

Funny things happen when you’ve had a long day of work at a security software company and then go home and read “The Cat in the Hat” to the kids at bedtime. After I’ve been chatting all day with beleaguered IT managers about their pains and challenges, Dr. Seuss’ tale of...

Posted to Security Web by Renee Bradshaw on Aug 29, 2012
Filed under: Filed under: Security, Data Breach, Change Control, Compliance, Secure Configuration Manager, Risk Management, Regulations, File Integrity Monitoring, user monitoring, regulation, Consumerization, IT Security, Renee Bradshaw, Requirements, Audits, Monitoring, Security Breach, SIEM, Identity and Access Management, Sentinel, Change Guardian, Mobile Devices, Data Breaches, Mobile Security, Audit Reporting, BYOD, risk assessment, Healthcare, Cisco, Fortinet, Bring Your Own Device, Thing 2, iHealthBeat, Notify Technology, Osterman Research, Dr Suess, Thing 1, Security Web
You’re Fired!

A colleague sent me a reference to a posting recently where after reading the first paragraph, I immediately burst into laughter. Without calling the writer out (which is not the point), I’ll just state that it questioned the purpose and effectiveness of security awareness training – something...

Posted to Security Web by Michael Colson on Aug 22, 2012
Filed under: Filed under: Security, Data Breach, Compliance, Data Security, regulation, Information Security, Audit, hacker, password policy, corporate risk, Mandate, policy, PwC, Michael Colson, Vulnerabilities, Security Awareness Training, Procedure, Job Security, Security Posture, Environment, PricewaterhouseCoopers, Privacy Practices, Security Web
Security & Legal Confusion

As some have noticed, I have been holding off on posting over the past six months. This is because I have become confused with respect as to what to comment on and what to motivate changes for. If we look at the areas I typically track (certifications, cyber legislation / controls, security incidents...

Posted to Security Web by Michael F. Angelo on Aug 16, 2012
Filed under: Filed under: Compliance, Microsoft, NIST, hacking, Michael F. Angelo, Internet Kill Switch, Certification, Common Criteria, NIAP, Common Criteria Certification, security incidents, cyber legislation, security technology, cyber security, civil liability, risk assessment, key validation, Council on Critical Infrastructure Components, S3414, CBW, quantum cryptography, EAL, National Cyber Security Council, 1024 bit, evaluation assurance levels, cryptographic analysis tools, S.3414, Cyber Security Act of 2012, Mat Honan, Security Web
Managing Your IT Resources for Continuous Compliance

If you’re like me, you’re confused about the current state of the IT job market. A quick Internet search yields conflicting and discouraging headlines, such as: “IT Job Market Sees Improvement in 2012” “IT Job Market Shows Signs of Stagnation” “Companies Suffer...

Posted to Security Web by Renee Bradshaw on Aug 15, 2012
Filed under: Filed under: IT process automation, PCI DSS, SCAP, PCI Standards Council, Compliance, Policy Management, Secure Configuration Manager, HIPAA, PCI, Risk Management, PCI Standard, PA-DSS, Regulations, HIPPA: NERC CIP, SOX, NERC CIP, NERC, Standards, HITECH, regulation, PCI-DSS, IT Security, Standard of Good Practice, LinkedIn, Personally Identifiable Information, IT Budget, Security Certifications, IT Audit, Auditors, Security Management, Audit, Renee Bradshaw, Requirements, Audits, Automation, SIEM, Sentinel, Change Guardian, Audit Reporting, Sentinel 7, mandates, Mandate, Compliance Automation, Security Web