Security Management Strategies for the CIOAccess "Schneier-Ranum Face-Off: Is Perfect Access Control Possible?"
This article is part of the September 2009 issue of 2009 Security Readers' Choice Awards
Point: Bruce Schneier Access control is difficult in an organizational setting. On one hand, every employee needs enough access to do his job. On the other hand, every time you give an employee more access, there's more risk: he could abuse that access, or lose information he has access to, or be socially engineered into giving that access to a malfeasant. So a smart, risk-conscious organization will give each employee the exact level of access he needs to do his job, and no more. Over the years, there's been a lot of work put into role-based access control. But despite the large number of academic papers and high-profile security products, most organizations don't implement it--at all--with the predictable security problems as a result. Regularly we read stories of employees abusing their database access-control privileges for personal reasons: medical records, tax records, passport records, police records. NSA eavesdroppers spy on their wives and girlfriends. Departing employees take corporate secrets. A spectacular access control failure occurred in the ... Access >>>
Access TechTarget
Premium Content for Free.
What's Inside
Features
-
-
2009 Information Security magazine Readers' Choice Awards
For the fourth consecutive year, Information Security readers voted to determine the best security products. A record 1721 voters participated this year, rating products in 17 different categories.
-
Truth, lies and fiction about encryption
by Adrian Lane, Contributor
Encryption solves some very straight-forward problems but implementation isn't always easy. We'll explain some of the common misperceptions so you'll understand your options.
-
2009 Information Security magazine Readers' Choice Awards
-
-
Security threats to virtual environments less theoretical, more practical
The demonstration of a hacking tool at Black Hat that allows attackers to escape from virtual machines to attack their guest OS elevates the seriousness of security threats to virtualization.
-
Security threats to virtual environments less theoretical, more practical
-
Columns
-
Security best practices in hotels
Accountability for Internet security should be placed on users, not service providers such as hotels.
-
Schneier-Ranum Face-Off: Is Perfect Access Control Possible?
Security experts Bruce Schneier and Marcus Ranum debate whether perfect access control is possible.
-
What does PCI compliance really mean?
Passing an audit can lull an organization into a false sense of security.
-
Security best practices in hotels
More Premium Content Accessible For Free
Next-generation firewalls play by new rules
E-Zine
Firewalls started their journey to the next generation at about the same time as the Star Trek TV series. While the products have advanced with ...
Developing your endpoint security management transition plan
E-Handbook
This TechGuide will help you develop your endpoint security management transition plan. Articles focus on overcoming the challenges of Web-based ...
Unlock new pathways to network security architecture
E-Zine
Network security architecture is showing its age at many organizations. With new technology, different data types, and use of multi-generations of ...