Security Management Strategies for the CIO
- Web Authentication and Access Control
- User Authentication Services
- Identity Management Technology and Strategy
Email Alerts
-
risk-based authentication (RBA)
Risk-based authentication (RBA) is a method of applying varying levels of stringency to authentication processes based on the likelihood that access to a given system could result in its being compromised. As the level of risk increases, the authentication process becomes more comprehensive and restrictive.Definition
-
Privilege access management: User account provisioning best practices
Broad user account provisioning can give users too much access. Randall Gamby offers privilege access management advice to prevent 'privilege creep.'Answer
-
MDM architecture considerations for enterprise identity management
Randall Gamby details which enterprise identity management features to look for when evaluating products as the basis for an MDM architecture.Answer
-
Submit your questions about IAM
Randall Gamby is standing by to give you free, unbiased advice on identity and access management.Answer
-
Enterprise user de-provisioning best practices: How to efficiently revoke access
Misplaced or stagnant employee access can be dangerous; Randall Gamby details user provisioning best practices for setting up a system to combat this risk.Answer
-
GlobalSign hack update: Certificate authority finds no rogue certs
Following a breach to a GlobalSign Web server, an extensive investigation found no evidence of an infiltration of its digital certificate infrastructure and no leakage of its certificate keys.News | 15 Dec 2011
-
The pros and cons of delivering Web pages over an SSL connection
An SSL connection can help secure Web browsing, but can affect website performance. Michael Cobb explains the pros and cons of an SSL connection.Answer
-
OAuth 2.0: Pros and cons of using the federation protocol
Learn the advantages and disadvantages of using Open Authorization for Web application authentication.Answer
-
Insufficient authorization: Hardening Web application authorization
Insufficient authorization errors can lead to Web app compromises and data loss. Learn how to fix these authorization errors.Answer
-
RSA responds to SecurID attack, plans security token replacement
Following a retooling of its manufacturing and supply chain management processes, RSA plans to replace security tokens for high risk customers.News | 07 Jun 2011
- VIEW MORE ON : Web Authentication and Access Control
-
PIN lock
The PIN lock is an authentication measure for mobile phones that requires the entry of a personal identification number (PIN) code before a device can be used.Definition
-
risk-based authentication (RBA)
Risk-based authentication (RBA) is a method of applying varying levels of stringency to authentication processes based on the likelihood that access to a given system could result in its being compromised. As the level of risk increases, the authentication process becomes more comprehensive and restrictive.Definition
-
Dropbox to implement two-factor authentication
Investigators believe some of the Web-based storage service's accounts were compromised following a password breach at another website.News | 01 Aug 2012
-
Alternatives to passwords: Replacing the ubiquitous authenticator
-
Alternatives to passwords: Replacing the ubiquitous authenticator
As the relative security of passwords falters, are they destined for obscurity?Magazine
-
Gemalto announcement increases two-factor authentication options
Gemalto's Protivia Mobile One Time Password application provides two-factor authentication for users on iPhones, BlackBerrys and some Windows smartphones.Article | 16 Feb 2011
-
nuBridges offers cloud-based data tokenization service
nuBridges announced its Tokenization as a Service (TaaS) cloud-based data tokenization service, and promised customers ownership of their data even if they cancel the service.Article | 16 Feb 2011
-
Lumension announces early adopter program for whitelisting software
Lumension announced its an early adopter program for companies to try its Intelligent Whitelisting product for endpoint security.Article | 14 Feb 2011
-
privilege escalation attack
A privilege escalation attack is a type of network intrusion that takes advantage of programming errors or design flaws to grant the attacker elevated access to the network and its associated data and applications.Definition
-
user account provisioning
User account provisioning is a business process for creating and managing access to resources in an information technology (IT) system. To be effective, an account provisioning process should ensure that the creation of accounts and provisioning of access to software and data is is consistent and simple to administer.Definition
- VIEW MORE ON : User Authentication Services
-
PIN lock
The PIN lock is an authentication measure for mobile phones that requires the entry of a personal identification number (PIN) code before a device can be used.Definition
-
The Obama administration’s Identity Ecosystem plan: What to expect
President Obama's proposed Identity Ecosystem seeks to lock down personal credentials, but is it actually feasible?News | 20 Jul 2011
-
Verizon enhances enterprise identity management services
Verizon enhanced its enterprise identity management services with identity registration, credential provisioning and risk-based authentication.Article | 17 Feb 2011
-
Microsoft's Charney details new botnet protection, IdM technology at RSA
At the 2010 RSA Conference, Scott Charney, Microsoft's top Trustworthy Computing executive, discussed the software giant's new approach to botnet protection, detailed its new identity management technologies and explained why cloud computing risks upsetting the balance of power between individuals and governments.Article | 02 Mar 2010
-
Joining security information management systems with identity management systems boosts security
Integrating security information management systems with identity management systems ties policy violations and vulnerabilities to user activityFeature
-
Joining security information management systems with identity management systems boosts security
-
onboarding and offboarding
In identity management, onboarding is the addition of a new employee to an organization's identity and access management (IAM) system. The term is also used if an employee changes roles within the organization and is granted new or expanded access privileges. Conversely, offboarding refers to the IAM processes surrounding the removal of an identity for an employee who has changed roles or left the organization.Definition
-
How to shift to centralized authentication and ease compliance
An authentication framework based on a decentralized operational model is commonplace in the financial-services market, but complicates compliance. In this tip, Randall Gamby explains how financial companies can migrate to a centralized authentication system and reduce the time and effort required to maintain regulatory compliance.Tip
-
Microsoft Stirling Beta 2 release includes Exchange SaaS offering
Microsoft continues to meld security and identity management, and brings it forward with the Beta 2 release of Stirling, the next generation of its Forefront Security Suite.News | 14 Apr 2009
-
Tying log management and identity management shortens incident response
Tying log management to user identity shortens incident response and forensics investigation cycles. Learn how compliance has mandated that organizations determine not only when incidents occurred, but who is responsible for unauthorized access.Feature
- VIEW MORE ON : Identity Management Technology and Strategy