-
Investing in the right security technology ought to be a no-brainer, yet still not every organization does. There are plenty of stories out there that illustrate what happens when you don’t invest in the right security technology for the particular circumstances. Identity management is one of the...
Posted to
Security Web
by
David Shephard
on
May 20, 2013
Filed under:
Filed under: NetIQ, IT Security, Identity Theft, Identity Management, password policy, David Shephard, Security Web, IDG Connect, Hackers, Palm Beach County Health Department, Data Breach Today, ID Theft
-
Compliance with legislation is mandatory for a company planning to operate in a particular territory – this includes supra-national organisations such as the EU . However, compliance with security legislation is often complex and usually expensive, involving as it does an investment in a range...
Posted to
Security Web
by
David Shephard
on
May 6, 2013
Filed under:
Filed under: Credit Card Data, Geoff Webb, NetIQ, Cloud Computing, Compliance, HIPAA, File Integrity Monitoring, SOX, regulation, legislation, PCI-DSS, IT Security, Audit, EU, David Shephard, Breaches, Security Web
-
For most consumers, Dropbox has established itself as the go-to name for online storage. It’s fast to set up, easy to use, and is cross-platform. What’s not to like? For IT admins, cloud services aimed at consumers fall short in many areas, despite some services including features such as...
Posted to
Security Web
by
David Shephard
on
Apr 17, 2013
Filed under:
Filed under: Encryption, NetIQ, Cloud Computing, Compliance, cloud security, IT Security, DropBox, Two Factor Authentication, David Shephard, Security Web, IDG Connect, SSL, Consumer Cloud
-
It’s long been a tenet of IT security that while technology is a critical element of the battle to keep the bad guys out, education of end users is just as important. Looked at holistically, it is clear that, the more people working for and with an organisation are aware that their behaviour can...
Posted to
Security Web
by
David Shephard
on
Apr 10, 2013
Filed under:
Filed under: Security Policy, malware, hacking, IT Security, Risk, Phishing, Passwords, Cisco, David Shephard, Security Risk, Security Web, Security Training, Cryptosmith, Poisoned Website, 25 Worst Passwords of the Year, Security Education, SplashData, Hackers
-
According to a recent survey , if you are a security professional counting on a Security Information and Event Management (SIEM) solution to protect your critical assets from nefarious hackers, state-sponsored exploits or the inadvertent missteps of an eager new employee, you may not be as enthusiastic...
Posted to
Security Web
by
Renee Bradshaw
on
Apr 9, 2013
Filed under:
Filed under: Insider Attack, Change Control, Data Protection, malicious insider, Data Security, File Integrity Monitoring, malware, hacking, insider threat, IT Security, Vulnerability, Security Management, Renee Bradshaw, SIEM, Change Guardian, Hack, Data Loss, Security Information and Event Management, IT Security, Security Intelligence, IT Staffing, IT Environment, insider threats, Security Information, Change Management, Security Web, hacktivism
-
I'll admit it. I'm a sci-fi geek. If a story or movie has flying saucers, aliens, or space battles-I've probably read it or seen it. I remember being particularly spooked by the classic 1951 film The Thing from Another World based on a 1938 short story "Who Goes There?" What I didn't...
Posted to
Security Web
by
Wes Heaps
on
Dec 11, 2012
Filed under:
Filed under: Access Control, Active Directory, Microsoft, IT Security, Identity and Access Management, Microsoft Active Directory, Directory Administration, Wes Heaps, Directory, Windows Server 2012, Dynamic Access Control, DAC, Security Risk, The Thing from Another World, Security Web
-
[Apologies in advance to non-U.S. readers, non-AMC cable TV or Netflix subscribers, and non-zombie culture fans--that said, please bear with me, folks, I hope this will make sense in a moment] This past Monday morning, I grabbed a cup of coffee with a colleague and fellow fan of the wildly popular AMC...
Posted to
Security Web
by
Brennan O'Hara
on
Dec 6, 2012
Filed under:
Filed under: IT Security, Social Media, Cloud, Priviledged User, BYOD, Bring Your Own Device, Brennan O'Hara, insider threats, Security Information, User Community, The Walking Dead, Change Management, Zombies, Security Web
-
In today's world, just managing identities isn't enough for most organizations anymore. With increasing regulations both internally and externally, automated provisioning and deprovisioning is just the beginning of what any identity management solution should be doing for you today. Basically...
Posted to
Security Web
by
Wes Heaps
on
Nov 30, 2012
Filed under:
Filed under: Compliance, user monitoring, IT Security, Identity, Identity Management, SIEM, Identity and Access Management, Identity-Centric, Provisioning, Access Management, Security Information and Event Management, Identity is the Foundation, Security Intelligence, Deprovisioning, Breaches, Wes Heaps, Security Web
-
There’s been a siege mentality in the security community for a while now. Day after day of highly visible and damaging breaches, coupled with a steady diet of security vendor “quick fixes”, have left us battle weary, and oh-so jaded. Unfortunately, with the explosion of cloud computing...
Posted to
Security Web
by
Renee Bradshaw
on
Nov 21, 2012
Filed under:
Filed under: Cloud Computing, Compliance, InfoWorld, Risk Management, Verizon Breach Report, Data Security, File Integrity Monitoring, FIM, Password, Data Breach Report, IT Security, Cloud, Public Cloud, Risk, IT Budget, Information Security, Renee Bradshaw, Cloud Data, Cloud-Based Data, Mobile Devices, Data Breaches, Mobile Security, Passwords, Compliance Automation, Best Practice, Mobile Computing, IT Security, IT Staffing, Breaches, Continuous Monitoring, Eric Knorr, Security Web
-
In speaking with many IT Security Managers, CISOs and system administrators over the last year, I know that more industry regulations, breach notification requirements, and increasing penalties haven’t shielded anyone from experiencing a serious breach. They, and we, believe that the key to compliance...
Posted to
Security Web
by
Renee Bradshaw
on
Oct 17, 2012
Filed under:
Filed under: NetIQ, Compliance, Secure Configuration Manager, Security Policy, IT Security, CISO, Renee Bradshaw, Provisioning, BYOD, Michael Colson, Mobile Computing, IT Staffing, System Administrator, Deprovisioning, Breaches, Security Web
-
This is part of a blog series. For more details, start with the intro . Identity is the Foundation There's a meme going around at the moment calling Identity the new perimeter. It's not just one vendor or group so I won't name anyone in particular (you know who you are). But I have a fundamental...
Posted to
Security Web
by
Ian Yip
on
Sep 19, 2012
Filed under:
Filed under: NetIQ, IT Security, Identity, SIEM, Access Governance, Access Management, Ian Yip, username, context, Security Information and Event Management, Identity is the Foundation, Identity Provisioning, Identity is the New Perimeter, Security Web
-
This is part of a blog series. For more details, start with the intro . Evolving IT Security Teams DevOps If you haven't heard of DevOps, you should do a bit of research. Roughly defined, DevOps is: An emerging set of principles, methods and practices for communication, collaboration and integration...
Posted to
Security Web
by
Ian Yip
on
Sep 11, 2012
Filed under:
Filed under: Security, NetIQ, RSAC, IT Security, LinkedIn, Threat, CSO, SIEM, Ian Yip, 'RSA Conference', RethinkITSec, Rugged, NYT, Evolve, Manifesto, 'Rugged Software', 'Anton Chuvakin', DevOps, 'Data Science', New York Times, 'Software Development', Operations, Analysts, Security Web
-
This is part of a blog series. For more details, start with the intro . Own your security programme. We rarely see start-ups hire consultants to "consult" on IT security (except perhaps if they've had an incident and need to be seen as having done something about it). However, in larger...
-
This is part of a blog series. For more details, start with the intro . Manage risk appropriately, not compliance If it was all about compliance, we wouldn’t be hearing about the constant data breaches supposedly PCI compliant organisations keep being subjected to. Sure, if there are compliance...
Posted to
Security Web
by
Ian Yip
on
Sep 3, 2012
Filed under:
Filed under: PCI DSS, Compliance, Risk Management, IT Security, Risk, Information Security, Audits, Ian Yip, Trust, Security Web
-
If we look back a couple of years Gartner was saying that healthcare CIOs needed to take immediate steps toward implementing a sound wireless and mobile device strategy . I’m not convinced that those CIOs listened to Gartner. Rather, in my humble opinion, it was the continued groundswell of personal...
Posted to
Security Web
by
David Shephard
on
Aug 31, 2012
Filed under:
Filed under: Access Control, NetIQ, Compliance, Gartner, Regulations, IT Security, CIO, IAM, Novell, IdM, Identity Management, Identity and Access Management, iPad, Identity Manager, Mobile Devices, Mobile Security, Access Manager, BYOD, Smartphone, Healthcare, Bring Your Own Device, HIMSS Conference, Hospital, Remote Care Treatment, Netherlands, Porter Research, TMDi, Physicians, Information Systems, Wireless Medical Devices, Arkin, Patients, EMR, Security Mandates, Electronic Medical Records, Billian's HealthDATA, David Shephard, Mobile Computing, Nurses, Mobility Strategy, Monitoring Devices, Doctors, Security Web