Security Management Strategies for the CIO
Email Alerts
-
Managing identities in hybrid worlds
The world in which successful IAM programs must be implemented is increasingly complex, a mix of legacy on-premise IAM infrastructures, cloud-based IDaaS for hybrid cloud infrastructures, and mobile devices that are either an authentication token in ... E-Zine
-
Guide to managing identities and access control
SearchSecurity.com presents a comprehensive guide to managing user identities and access control within the enterprise. Our experts cover all the angles with technical advice on: centralized identity management; the importance of uniting IAM and data... E-Book
-
Meeting cloud computing compliance mandates
November's edition of Information Security magazine covers a variety of IT security-related topics. Check out this e-zine to learn about re-architecting your provisioning system, meeting compliance mandates in the cloud, how the economy is affecting ... E-Zine
-
Why privileged account management is critical to today's data security
This month's cover story is about reigning in privileged accounts such as the UNIX root and Windows Administrator accounts. Regulatory requirements and economic realities are pressuring enterprises to secure their privileged accounts, but how? Also i... E-Zine
-
Special manager's guide: Monitoring identities
In this month's issue of Information Security magazine, learn how using two-factor authentication to enhance organizational security. Meet regulations, tighten security and save money with better ID and access management. We review ForeScout Technolo... E-Zine
-
Identity crisis solved: Tips from a top identity management expert
General Motors and its Chief Architect of Identity Management, Jarrod Jasper, reduced user profiles from 40 to one. Get tips on how they did it. Plus, find out more about PCI 101, how the credit card association believes how it can help reduce credit... E-Zine
-
Quiz: Monitoring your trusted insiders
How much have you learned about monitoring your privileged insiders? Test your knowledge in this short quiz. Quiz
-
Best Identity and Access Management Products 2011
Readers vote on the best identity and access management products, including user identity access privilege and authorization management, single sign-on, user identity provisioning. Guide
-
Quiz: Compliance-driven role management
Use this five-question quiz to test your knowledge of role and entitlement management. Quiz
-
Lesson 3: How to implement secure access 2
In Lesson 3 of Wireless Security Lunchtime Learning, you'll learn the pros and cons of the various wireless access protocols so that you can choose the best method to control, authenticate and authorize access to your WLAN. Security School
-
Quiz: The new school of enterprise authentication
Take this five-question quiz to test your knowledge of Mark Diodati's enterprise authentication lesson. Quiz
-
Using IAM, password and provisioning management tools for compliance
Provisioning and password management tools can ease complexity, reduce help desk calls and save money. But they also have an added benefit: they can help with your compliance woes. Identity and Access Manag
-
Quiz: Using IAM tools to improve compliance
A five-question multiple-choice quiz to test your understanding of the content presented by expert Tom Bowers in this lesson of SearchSecurity.com's Identity and Access Management Security School. Identity and Access Manag
-
Enhanced Identity and Access Management
From consolidating directories to automating provisioning and rolling out single sign-on, these sessions identify how leading organizations are strengthening authorization and enforcing access controls. Session Downloads
-
Answer page: Authentication quiz
SearchSecurity Retention
-
Identity and Access Management Security School
This Security School explores critical topics related to helping security practitioners establish and maintain an effective identity and access management plan. Security School
- See more Essential Knowledge on Enterprise User Provisioning Tools
-
Access certification technology helps financial firm with compliance
Fortune 500 company uses access certification technology to meet new SOX-like requirements for non-public insurance companies. Article | 28 Nov 2010
-
Knowledge-based authentication treads lightly on privacy issues
Expanding use of verification questions prompts concerns about privacy issues, but businesses say KBA has been vital in reducing fraud. Article | 10 Feb 2010
-
In Oracle-Sun deal, analysts predict identity management fallout
Updated: As a combined company, Oracle and Sun Microsystems will be the No. 1 vendor in enterprise identity management, but analysts and a competing vendor say consolidating and unifying the product portfolio could be a painful process for customers.... Article | 20 Apr 2009
-
New Sun product illustrates identity management trend
Sun's Identity Compliance Manager gives enterprises a starting point for more complex ID management projects, says analyst. Article | 20 Oct 2008
-
Societe Generale bolsters internal controls, discovers second insider
Trader Jerome Kerviel conducted more than $7 billion in fraudulent trades with the help of an assistant, according to an investigation conducted by banking giant Societe Generale Article | 27 May 2008
-
Former LendingTree employees pilfer firm's customer database
The online mortgage lending exchange site said several of its former employees shared their passwords with unapproved lenders to access customer records. News | 22 Apr 2008
-
Hitachi acquires M-Tech Systems for identity management
M-Tech will become Hitachi ID Systems under the deal. The M-Tech acquisition is part of a broader trend of companies aggressively acquiring IAM technology. Article | 08 Apr 2008
-
Sun shifts strategy with GRC push
Sun Microsystems is making a move into the governance, risk and compliance market, ramping up the competition against Oracle, IBM, CA and others. Article | 04 Mar 2008
-
Security360: Identity management market
Analyst Mark Diodati describes the leaders of the identity management market; IBM's Joe Anthony explains Big Blue's strategy and Novell's Dale Olds on user-centric identity. Article | 08 Feb 2008
-
Survey finds access control problems at many firms
Despite the growing data breach threat as a result of trusted insiders, many firms are failing to implement a strong access governance program, according to a recent survey. News | 04 Feb 2008
- See more News on Enterprise User Provisioning Tools
-
Security transitions: Changes that make a difference
This month, Information Security Magazine examines security industry changes that can really make a difference: improving identity management and building security into software from the get go. Opinion
-
Stopping privilege creep: Limiting user privileges with access reviews
Most enterprises suffer from privilege creep among long-time employees. Peter Gregory explains how to limit user privileges with access reviews and automation. Tip
-
Extended enterprise poses identity and access management challenges
Cloud and distributed computing have caused many enterprise IAM challenges. Eve Maler details how Forrester's Zero Trust model can help. Tip
-
Identity management compliance: How IAM systems support compliance
Learn about the identity management and compliance relationship and how IAM should and shouldn't support good enterprise compliance processes. Tip
-
Privileged user access management: How to avoid access creep
One of the most difficult areas of privileged user access management is avoiding access creep. John Burke covers how to keep privileged users in check. Tip
-
How to prevent phishing attacks: User awareness and training
In this expert tip, David Sherry describes how a combination of technical controls and user awareness training can help put a dent in phishers’ attempts at spear phishing. Tip
-
Role-based access control for effective security management
Effective role-based access control is vital for properly managing user access rights and enforcing access policies, but avoiding role sprawl can be challenging. Tip
-
XACML tutorial: Using XACML as a foundation for entitlement management
Learn how to use XACML to externalize fine-grained authorization from application logic and support cloud-based IAM initiatives. Tip
-
Using an IAM maturity model to hone identity and access management strategy
Forrester Research’s Andras Cser discusses how to use an IAM maturity model to assess your identity and access management strategy. Tip
-
A primer for user privilege management in Windows Server 2008
Privilege management can be a troublesome endeavor, but Windows Server 2008 introduces a multi-level privilege attribute system with better limits for standard users. Expert Randall Gamby explains the options in Windows Server 2008 for user privilege... Tip
-
User provisioning best practices: Access recertification
User access recertification is the process of continually auditing users' permissions to make sure they have access only to what they need. Implementing recertification, however, can be challenging. Get best practices on creating a recertification pr... Tip
- See more Tips on Enterprise User Provisioning Tools
-
Enterprise risk-based authentication: Has it finally arrived?
Expert Randall Gamby discusses risk-based authentication, and whether that type of user identification system is right for the enterprise. Answer
-
Privilege access management: User account provisioning best practices
Broad user account provisioning can give users too much access. Randall Gamby offers privilege access management advice to prevent 'privilege creep.' Answer
-
SCIM identity management and SCIM provisioning options
SCIM identity management and identity provisioning have increased in their implementation. Learn how a company can assess these technology options. Answer
-
SCIM identity management strategy: Time to outsource IdM?
Randall Gamby outlines the SCIM identity management standard and offers identity management for those enterprises considering outsourcing. Answer
-
Dynamic authorization vs. other access management technologies
Randall Gamby discusses the advantages of dynamic authorization vs. other access management strategies and implementation best practices. Answer
-
SaaS access management: Finding the best single sign-on technology
Expert Randall Gamby details key strategies for SaaS access management and contemporary single sign-on technology that's truly interoperable. Answer
-
Enterprise user de-provisioning best practices: How to efficiently revoke access
Misplaced or stagnant employee access can be dangerous; Randall Gamby details user provisioning best practices for setting up a system to combat this risk. Answer
-
Can DHCP management tools be used to manage user account permissions?
Learn more about whether using DHCP management tools is an effective way to manage user account permissions, and what other options might be, in this expert response from Randall Gamby. Ask the Expert
-
OpenLDAP migration: OpenLDAP from an Active Directory schema
While integrating user provisioning products may seem like a lot of work, there are strategies to make it go smoothly. In this expert response, Randall Gamby describes how to incorporate OpenLDAP into an Active Directory schema. Ask the Expert
-
The pros and cons of automated user provisioning software
Automated user provisioning software can offer many benefits to enterprises, but its high cost and labor-intensive implementation may mean it's not right for yours. IAM expert Randall Gamby addresses the topic. Ask the Expert
- See more Expert Advice on Enterprise User Provisioning Tools
-
privilege creep
Privilege creep is the accumulation of IT access privileges beyond what an end user needs to do his or her job, enabling the potential abuse of privileges. Definition
-
role-based access control (RBAC)
Role-based access control (RBAC) is a method of regulating access to computer or network resources based on the roles of individual users within an enterprise... Definition
-
authentication, authorization, and accounting (AAA)
Authentication, authorization, and accounting (AAA) is a framework for intelligently controlling access to computer resources, enforcing policies, auditing usage, and providing the information necessary to bill for services. Definition
-
identity access management (IAM) system
An identity management access (IAM) system is a framework for business processes that facilitates the management of electronic identities. Definition
-
onboarding and offboarding
In identity management, onboarding is the addition of a new employee to an organization's identity and access management (IAM) system. The term is also used if an employee changes roles within the organization and is granted new or expanded access pr... Definition
-
role mining
Role mining is the process of analyzing user-to-resource mapping data to determine or modify user permissions for role-based access control (RBAC) in an enterprise... (Continued) Definition
-
user profile
In a Windows environment, a user profile is a record of user-specific data that define the user's working environment. Definition
-
RADIUS (Remote Authentication Dial-In User Service)
Remote Authentication Dial-In User Service (RADIUS) is a client/server protocol and software that enables remote access servers to communicate with a central server to authenticate dial-in users and authorize their access to the requested system or s... Definition
-
logon (or login)
In general computer usage, logon is the procedure used to get access to an operating system or application, usually in a remote computer. Definition
-
federated identity management (FIM)
Federated Identity Management (FIM) is an arrangement that can be made among multiple enterprises that lets subscribers use the same identification data to obtain access to the networks of all enterprises in the group... (Continued) Definition
- See more Definitions on Enterprise User Provisioning Tools
-
5 Common Missteps with Trusted Insider Privileges
Insiders with elevated privileges are trusted with the keys to the kingdom; they're also prime targets for abuse from outsiders. In this podcast, you’ll learn five quick fixes to lessen the risk posed by trusted insiders. Podcast
-
Best practices: Identity management - Part 1
In Best practices: Identity management - Part 1, experts Kelly Manthey and Peter Gyurko discuss development, education, strategies involving identity management. Video
-
What is identity management?
Do you know what identity management is and how to properly manage it? This expert video featuring Kelly Manthey and Peter Gyurko explores the role of identity mangement and how it can benefit your enterprise. Video
-
Identity management maturity model
Learn about identity management and its capabilities in a detailed maturity model that highlights people, process and technology. Video
-
A buyer's guide to buying a provisioning system
Video: Randall Gamby on what to look for in a provisioning vendor and how to choose the product that's right for your enterprise. Video
-
Regulatory requirements driving enterprise role and entitlement management
Learn how implementing IAM technologies and strategies can help your enterprise achieve compliance with various regulations. Video
-
Top tactics for endpoint security
The start- and end-points of today's enterprise networks are radically different than they were 10 years ago. IT staffs no longer have control over every endpoint connecting to the network, leading to a host of problems where access control is weak o... Video
-
PCI compliance requirement 7: Restrict access
Diana Kelley and Ed Moyle of Security Curve review PCI compliance requirement 7: "Restrict access to cardholder data." Video
-
PCI compliance requirement 8: Unique IDs
In a nutshell, Requirement 8 of the Payment Card Industry Data Security Standard calls for individual identification for anyone and everyone who has access to cardholder data. Video
-
Using IAM tools to improve compliance
Provisioning and password management tools can ease complexity, reduce help desk calls and save money. But they also have an added benefit: They can help ease enterprise compliance woes. Video
- See more Multimedia on Enterprise User Provisioning Tools
-
privilege creep
Privilege creep is the accumulation of IT access privileges beyond what an end user needs to do his or her job, enabling the potential abuse of privileges. Definition
-
Stopping privilege creep: Limiting user privileges with access reviews
Most enterprises suffer from privilege creep among long-time employees. Peter Gregory explains how to limit user privileges with access reviews and automation. Tip
-
Security transitions: Changes that make a difference
This month, Information Security Magazine examines security industry changes that can really make a difference: improving identity management and building security into software from the get go. Opinion
-
Managing identities in hybrid worlds
The world in which successful IAM programs must be implemented is increasingly complex, a mix of legacy on-premise IAM infrastructures, cloud-based IDaaS for hybrid cloud infrastructures, and mobile devices that are either an authentication token in ... E-Zine
-
Enterprise risk-based authentication: Has it finally arrived?
Expert Randall Gamby discusses risk-based authentication, and whether that type of user identification system is right for the enterprise. Answer
-
Extended enterprise poses identity and access management challenges
Cloud and distributed computing have caused many enterprise IAM challenges. Eve Maler details how Forrester's Zero Trust model can help. Tip
-
Privilege access management: User account provisioning best practices
Broad user account provisioning can give users too much access. Randall Gamby offers privilege access management advice to prevent 'privilege creep.' Answer
-
SCIM identity management and SCIM provisioning options
SCIM identity management and identity provisioning have increased in their implementation. Learn how a company can assess these technology options. Answer
-
Identity management compliance: How IAM systems support compliance
Learn about the identity management and compliance relationship and how IAM should and shouldn't support good enterprise compliance processes. Tip
-
role-based access control (RBAC)
Role-based access control (RBAC) is a method of regulating access to computer or network resources based on the roles of individual users within an enterprise... Definition
- See more All on Enterprise User Provisioning Tools
About Enterprise User Provisioning Tools
Get tips and tricks on user provisioning, such as how to administer employee access and IDs and passwords, information on user account management and audit and analysis.