Blog Posts Tagged with "Access Control"
Follow Up to the Out of Band Authentication Post
May 16, 2012 Added by:Brent Huston
Sadly, there are more than a few who are struggling to get OOBA right or done at all. As with most things, it helps to do a little research. Organizations should perform due diligence on their vendors and factor vendor risks into the equation of purchases and project planning...
Comments (0)
How Does Your Bank Protect Your Data?
May 15, 2012 Added by:Robert Siciliano
Financial institutions have established a layered security approach that includes multi-factor authentication, as well as doing due diligence when it comes to identifying customers as real people whose identities haven’t been stolen...
Comments (0)
FBI Guidance of Combating the Insider Threat
May 15, 2012 Added by:Infosec Island Admin
The thief who is harder to detect and who could cause the most damage is the insider — the employee with legitimate access. They may steal solely for personal gain or be a “spy”—someone who is stealing company information or products in order to benefit another organization or country...
Comments (0)
Treat Passwords Like Cash
May 15, 2012 Added by:Danny Lieberman
Every Web site and business application has a different algorithm and password policy. For users, who need to maintain strong passwords using 25 different policies on 25 different systems sites, it’s impossible to maintain a strong password policy without making some compromises...
Comments (0)
Securing Your Company Against BYOD-Created Threats
May 14, 2012 Added by:Ashley Furness
The increasing emergence of Bring Your Own Device (BYOD) policies has both good and bad implications. Here are four strategies your company should implement to keep data secure while supporting employees' choice to use their own laptops, smartphones and tablets in the workplace...
Comments (2)
Twitter Hack! Five Ways to Avoid Being a Victim of Phishing
May 13, 2012 Added by:Brent Huston
Twitter is downplaying a security breach that exposed tens of thousands of user emails and passwords. The compromised Twitter accounts could have been the result of phishing attacks. Whenever you read about such breaches, it is always a good idea to change your password...
Comments (0)
Firewalls: Stop Blocking by IP and Port
May 09, 2012 Added by:Phil Klassen
There has been some good discussions on firewalls, and the majority of the feedback is that firewalls are still an important part of the security infrastructure. However, I am surprised that the discussion revolves around legacy features and not those required to meet today's needs...
Comments (3)
Ninth Circuit Narrows Computer Fraud and Abuse Act Reach
May 07, 2012 Added by:David Navetta
The crux is the recent application of the Computer Fraud and Abuse Act criminalizing violations of website terms of use and employer restrictions on employee computer uses, stemming in particular from what the statute’s term “exceeds authorized access” does and does not mean...
Comments (0)
Understanding Trust
May 07, 2012 Added by:Kevin W. Wall
In computer security, we should strive to make all trust relationships explicit and leave nothing to chance or misinterpretation. That's one key step in defining a trust model. At its core, information security is largely about the two goals of “ensuring trust” and “managing risk”...
Comments (0)
NIST: Secure Biometric Acquisition with Web Services
May 04, 2012 Added by:Headlines
Researchers at the NIST have developed a new protocol for communicating with biometric sensors over wired and wireless networks, called WS-Biometric Devices (WS-BD), allows desktops, laptops, tablets and smartphones to access sensors that capture biometric data using web services...
Comments (0)
Password Policy: Sharing Passwords
May 03, 2012 Added by:benson dana
I once worked at a place where a senior manager collected the passwords of employees. There had been resistance to giving up this policy, and the excuse was that this unit's mission was unique and that this was necessary. How often does the internal auditor hear this excuse?
Comments (0)
Why Do You Need Privileged Identity Management?
May 01, 2012 Added by:DHANANJAY ROKDE
Most access provided is typically role-based. However, many forget to consider factors like data classification and ownership. Network, system and database managers get access to what they are responsible for, but there are five questions that need to be asked...
Comments (0)
Recovering Windows Passwords Remotely in Plain Text
April 26, 2012 Added by:Dan Dieterle
There has been a lot of buzz across the web the last few months about a program called “Mimikatz”. It is an interesting program that allows you to recover Windows passwords from a system in clear text. The passwords for anyone who has logged into a machine can be displayed...
Comments (0)
Protecting Data in Use
April 26, 2012 Added by:Simon Heron
The security of data in use is about risk mitigation. However, with the current targeted attacks and the proliferation of zero day threats, the risk level is high. It is necessary that action is taken to implement the required precautions that reduce the risk to an acceptable level...
Comments (0)
Social Media Security 101
April 24, 2012 Added by:Joel Harding
EVERYTHING is compromised. Every web site, every data base, every place that touches the web – I assume this at all times. There is not one among us whose network has not been compromised. The security mantra in the past was “Risk Avoidance”. That is no longer the case...
Comments (0)
The Fort Knox Approach to Security
April 23, 2012 Added by:PCI Guru
Most of you are protecting everything with equal rigor. Does everything need to be protected with the same thoroughness? Probably not and that is what makes infosec a difficult occupation. We neglect to delineate what needs the most protection and what does not need as much or any...
Comments (0)
- Not Totally Sure What Just Happened...
- Has Anonymous Infiltrated the US Government?
- Big Opportunities in the Cloud
- Zeus Malware Targeting Facebook, Gmail and Yahoo Users
- Follow Up to the Out of Band Authentication Post
- Skype Malware Campaign Spreading Poison Ivy Trojan
- I Hope Edo is Worth the Privacy Risk
- Dutch MoD Innovation Competition 2012: CYBER Operations 2.0
- NIST Workshop: The Technical Aspects of Botnets
- Security Automation by Hand - Batch/Bash/FOR