Access "Interview: CISO explains enterprise's access control policies"
This article is part of the October 2007 issue of Tips from the 2007 Security 7 Awards
Authentication and access control used to be fairly simple propositions: set up user IDs, passwords and role-based permissions and you were done. In today's enterprise environments, you have to get deeper in the weeds. Mike Roberti, the chief information systems security officer at Harris Corp., knows that as well as anyone, having the unenviable task of ensuring his 10,000 users have secure access to the resources they require. Mike Roberti Authentication and access control are challenges for distributed companies, especially with partners and customers needing access to the network. How have you handled that? One of the things we had been trying to accomplish was the synchronization of IDs and passwords across the corporation. There were people trying to remember 10-plus passwords. The second thing was to give our users the ability to reset a password without having to call the help desk. Our vendor, Avatier, said, 'Give me your analyst for an hour and we'll have it in production in an hour.' That was a challenge, I thought. But within an hour it was ... Access >>>
Premium Content for Free.
Achieving Access Control with Symark PowerBroker 5.0
In this product review, discover everything you need to know about Symark PowerBroker 5.0, such as policy control, logging and reporting capabilities, configuration and management.
Guardium SQL Guard 6.0 product review
Guardium SQL Guard 6.0 is evaluated on its ability to monitor access to SQL databases. SQL Guard ensures a system of checks and balances between the security and database engineering teams.
Knoppix-NSM removes complexity of Snort-based network security monitoring
by Russ McRee, Contributor
Open source Knoppix-NSM is a complete network security monitoring system on a single CD.
Device Management: Pointsec Protector software review
Pointsec Protector manages unsecured ports and endpoint devices while transparently delivering encryption, filtering content, enforcing policies and maintaining an audit trail, even when mobile devices are disconnected from the network.
BeyondTrust Privilege Manager 3.0 product review
BeyondTrust's Privilege Manager 3.0 addresses elevated user privileges through a Group Policy extension that allows organizations to control permissions for selected processes and applications.
- Achieving Access Control with Symark PowerBroker 5.0
SonicWALL TZ 180W firewall product review
SonicWALL TZ 180W is an effective firewall for small- and medium-size businesses with a subset of features that will appeal to network managers.
Proofpoint On Demand Product Review
In this product review, learn about Proofpoint On Demand antivirus and antispam features.
Security 7 Award winners successfully integrate security and business
The 2007 Information Security magazine Security 7 Award winners demonstrate how their strategies for integrating their security programs into the overall business.
Log management reins in security and network device data
Learn how to manage log data from security and network devices in order to manage security events in real time.
Automated configuration management tools clean out redundant rules
Change management becomes a tough challenge when implementing numerous firewalls.
- SonicWALL TZ 180W firewall product review
Learn to balancing security and usability
Security measures such as constant password changes, are becoming intrusive, and the return is questionable.
Interview: CISO explains enterprise's access control policies
Access control and authentication isn't as simple as setting up user IDs and passwords.
Vendor compliance management: Are health care software vendors HIPAA compliant?
Software used in health care is rife with vulnerabilities. It's time vendors shape up.
- Viewpoint: Hard drive encryption growing
Redefining free security software
Popular open source security products such as Nessus, Snort and Clam AV are being commercialized, redefining the notion of free software.
- Learn to balancing security and usability
More Premium Content Accessible For Free
Deploying data protection technologies properly requires a lot of time and patience. While most firms can get started by using preconfigured policies...
The bring your own device (BYOD) movement, which has flooded the enterprise with employee-owned smartphones, tablets, phablets and purse-sized ...
For so long penetration testing meant hiring an expert to use skill and savvy to try to infiltrate the company system. But, as with most ...