Security Management Strategies for the CIO
Email Alerts
-
Quiz: Monitoring your trusted insiders
How much have you learned about monitoring your privileged insiders? Test your knowledge in this short quiz. Quiz
-
Best Identity and Access Management Products 2011
null
-
Quiz: Compliance-driven role management
Use this five-question quiz to test your knowledge of role and entitlement management. Quiz
-
Lesson 3: How to implement secure access 2
In Lesson 3 of Wireless Security Lunchtime Learning, you'll learn the pros and cons of the various wireless access protocols so that you can choose the best method to control, authenticate and authorize access to your WLAN. Security School
-
Quiz: The new school of enterprise authentication
Take this five-question quiz to test your knowledge of Mark Diodati's enterprise authentication lesson. Quiz
-
Quiz: Using IAM tools to improve compliance
A five-question multiple-choice quiz to test your understanding of the content presented by expert Tom Bowers in this lesson of SearchSecurity.com's Identity and Access Management Security School. Identity and Access Manag
-
Using IAM, password and provisioning management tools for compliance
Provisioning and password management tools can ease complexity, reduce help desk calls and save money. But they also have an added benefit: they can help with your compliance woes. Identity and Access Manag
-
Enhanced Identity and Access Management
From consolidating directories to automating provisioning and rolling out single sign-on, these sessions identify how leading organizations are strengthening authorization and enforcing access controls. Session Downloads
-
Answer page: Authentication quiz
SearchSecurity Retention
-
Identity and Access Management Security School
This Security School explores critical topics related to helping security practitioners establish and maintain an effective identity and access management plan. Security School
- See More: Essential Knowledge on Enterprise User Provisioning Tools
-
Access certification technology helps financial firm with compliance
Fortune 500 company uses access certification technology to meet new SOX-like requirements for non-public insurance companies. Article | 28 Nov 2010
-
Knowledge-based authentication treads lightly on privacy issues
Expanding use of verification questions prompts concerns about privacy issues, but businesses say KBA has been vital in reducing fraud. Article | 10 Feb 2010
-
In Oracle-Sun deal, analysts predict identity management fallout
Updated: As a combined company, Oracle and Sun Microsystems will be the No. 1 vendor in enterprise identity management, but analysts and a competing vendor say consolidating and unifying the product portfolio could be a painful process for customers.... Article | 20 Apr 2009
-
New Sun product illustrates identity management trend
Sun's Identity Compliance Manager gives enterprises a starting point for more complex ID management projects, says analyst. Article | 20 Oct 2008
-
Societe Generale bolsters internal controls, discovers second insider
Trader Jerome Kerviel conducted more than $7 billion in fraudulent trades with the help of an assistant, according to an investigation conducted by banking giant Societe Generale Article | 27 May 2008
-
Former LendingTree employees pilfer firm's customer database
The online mortgage lending exchange site said several of its former employees shared their passwords with unapproved lenders to access customer records. News | 22 Apr 2008
-
Hitachi acquires M-Tech Systems for identity management
M-Tech will become Hitachi ID Systems under the deal. The M-Tech acquisition is part of a broader trend of companies aggressively acquiring IAM technology. Article | 08 Apr 2008
-
Sun shifts strategy with GRC push
Sun Microsystems is making a move into the governance, risk and compliance market, ramping up the competition against Oracle, IBM, CA and others. Article | 04 Mar 2008
-
Security360: Identity management market
Analyst Mark Diodati describes the leaders of the identity management market; IBM's Joe Anthony explains Big Blue's strategy and Novell's Dale Olds on user-centric identity. Article | 08 Feb 2008
-
Survey finds access control problems at many firms
Despite the growing data breach threat as a result of trusted insiders, many firms are failing to implement a strong access governance program, according to a recent survey. News | 04 Feb 2008
- See More: News on Enterprise User Provisioning Tools
-
Identity management compliance: How IAM systems support compliance
Learn about the identity management and compliance relationship and how IAM should and shouldn't support good enterprise compliance processes. Tip
-
Privileged user access management: How to avoid access creep
One of the most difficult areas of privileged user access management is avoiding access creep. John Burke covers how to keep privileged users in check. Tip
-
How to prevent phishing attacks: User awareness and training
In this expert tip, David Sherry describes how a combination of technical controls and user awareness training can help put a dent in phishers’ attempts at spear phishing. Tip
-
Role-based access control for effective security management
Effective role-based access control is vital for properly managing user access rights and enforcing access policies, but avoiding role sprawl can be challenging. Tip
-
XACML tutorial: Using XACML as a foundation for entitlement management
Learn how to use XACML to externalize fine-grained authorization from application logic and support cloud-based IAM initiatives. Tip
-
Using an IAM maturity model to hone identity and access management strategy
Forrester Research’s Andras Cser discusses how to use an IAM maturity model to assess your identity and access management strategy. Tip
-
A primer for user privilege management in Windows Server 2008
Privilege management can be a troublesome endeavor, but Windows Server 2008 introduces a multi-level privilege attribute system with better limits for standard users. Expert Randall Gamby explains the options in Windows Server 2008 for user privilege... Tip
-
User provisioning best practices: Access recertification
User access recertification is the process of continually auditing users' permissions to make sure they have access only to what they need. Implementing recertification, however, can be challenging. Get best practices on creating a recertification pr... Tip
-
Self-service user identity management: Pitfalls and processes
While it might seem that self-service user identity management can save time and money, as well as keep information more current, there are a number of potential pitfalls. In this expert tip, Randall Gamby explains how to avoid these issues. Tip
-
Role-based access control: Pros of an open source RBAC implementation
There are many advantages to an open source RBAC implementation. However, it's important to know the context in which such a product will work best. In this tip, expert Randall Gamby discusses how to determine if open source RBAC is right for you. Tip
- See More: Tips on Enterprise User Provisioning Tools
-
SCIM identity management strategy: Time to outsource IdM?
Randall Gamby outlines the SCIM identity management standard and offers identity management for those enterprises considering outsourcing. Answer
-
Dynamic authorization vs. other access management technologies
Randall Gamby discusses the advantages of dynamic authorization vs. other access management strategies and implementation best practices. Answer
-
SaaS access management: Finding the best single sign-on technology
Expert Randall Gamby details key strategies for SaaS access management and contemporary single sign-on technology that's truly interoperable. Answer
-
Enterprise user de-provisioning best practices: How to efficiently revoke access
Misplaced or stagnant employee access can be dangerous; Randall Gamby details user provisioning best practices for setting up a system to combat this risk. Answer
-
Can DHCP management tools be used to manage user account permissions?
Learn more about whether using DHCP management tools is an effective way to manage user account permissions, and what other options might be, in this expert response from Randall Gamby. Ask the Expert
-
OpenLDAP migration: OpenLDAP from an Active Directory schema
While integrating user provisioning products may seem like a lot of work, there are strategies to make it go smoothly. In this expert response, Randall Gamby describes how to incorporate OpenLDAP into an Active Directory schema. Ask the Expert
-
The pros and cons of automated user provisioning software
Automated user provisioning software can offer many benefits to enterprises, but its high cost and labor-intensive implementation may mean it's not right for yours. IAM expert Randall Gamby addresses the topic. Ask the Expert
-
Choosing an identity and access management architecture
As most identity management products on the market tend to provide user-centric identity management or provider-centric identity management, which is more secure? In this expert response, Randall Gamby explains how to choose an identity and access ma... Ask the Expert
-
Creating a user account management policy to delete old accounts
If you're not deleting orphaned accounts, you may be leaving the door wide open to attackers. In this expert response from Randall Gamby, learn how to create an effective user account management policy for getting rid of old accounts. Ask the Expert
-
Separation of duties: Internal user account controls
If your user account administration is dispersed among different departments, you might be looking into centralizing it. This can work, provided you have a trustworthy administrator and separation of duties controls. Ask the Expert
- See More: Expert Advice on Enterprise User Provisioning Tools
-
role-based access control (RBAC)
Role-based access control (RBAC) is a method of regulating access to computer or network resources based on the roles of individual users within an enterprise... Definition
-
authentication, authorization, and accounting (AAA)
Authentication, authorization, and accounting (AAA) is a framework for intelligently controlling access to computer resources, enforcing policies, auditing usage, and providing the information necessary to bill for services. Definition
-
onboarding and offboarding
In identity management, onboarding is the addition of a new employee to an organization's identity and access management (IAM) system. Definition
-
role mining
Role mining is the process of analyzing user-to-resource mapping data to determine or modify user permissions for role-based access control (RBAC) in an enterprise... (Continued) Definition
-
user profile
In a Windows environment, a user profile is a record of user-specific data that define the user's working environment. Definition
-
RADIUS (Remote Authentication Dial-In User Service)
Remote Authentication Dial-In User Service (RADIUS) is a client/server protocol and software that enables remote access servers to communicate with a central server to authenticate dial-in users and authorize their access to the requested system or s... Definition
-
logon (or login)
In general computer usage, logon is the procedure used to get access to an operating system or application, usually in a remote computer. Definition
-
federated identity management (FIM)
Federated Identity Management (FIM) is an arrangement that can be made among multiple enterprises that lets subscribers use the same identification data to obtain access to the networks of all enterprises in the group... (Continued) Definition
-
AAA server (authentication, authorization, and accounting)
An AAA server is a server program that handles user requests for access to computer resources and, for an enterprise, provides authentication, authorization, and accounting (AAA) services. Definition
-
password synchronization
Password synchronization is an authentication process that coordinates user passwords across various computers and computing devices so a user only has to remember a single password instead of multiple passwords for different machines or devices. Definition
-
5 Common Missteps with Trusted Insider Privileges
Insiders with elevated privileges are trusted with the keys to the kingdom; they're also prime targets for abuse from outsiders. In this podcast, you’ll learn five quick fixes to lessen the risk posed by trusted insiders. Podcast
-
Best practices: Identity management - Part 1
In Best practices: Identity management - Part 1, experts Kelly Manthey and Peter Gyurko discuss development, education, strategies involving identity management. Video
-
What is identity management?
Do you know what identity management is and how to properly manage it? This expert video featuring Kelly Manthey and Peter Gyurko explores the role of identity mangement and how it can benefit your enterprise. Video
-
Identity management maturity model
Learn about identity management and its capabilities in a detailed maturity model that highlights people, process and technology. Video
-
Regulatory requirements driving enterprise role and entitlement management
Learn how implementing IAM technologies and strategies can help your enterprise achieve compliance with various regulations. Video
-
Top tactics for endpoint security
The start- and end-points of today's enterprise networks are radically different than they were 10 years ago. IT staffs no longer have control over every endpoint connecting to the network, leading to a host of problems where access control is weak o... Video
-
PCI compliance requirement 7: Restrict access
Diana Kelley and Ed Moyle of Security Curve review PCI compliance requirement 7: "Restrict access to cardholder data." Video
-
PCI compliance requirement 8: Unique IDs
In a nutshell, Requirement 8 of the Payment Card Industry Data Security Standard calls for individual identification for anyone and everyone who has access to cardholder data. Video
-
Using IAM tools to improve compliance
Provisioning and password management tools can ease complexity, reduce help desk calls and save money. But they also have an added benefit: They can help ease enterprise compliance woes. Video
-
Who goes there? Securing wireless access
Learn more about securing wireless access, including best practices for wireless access configuration from Lisa Phifer of Core Competence Inc. Video
-
Identity management compliance: How IAM systems support compliance
Learn about the identity management and compliance relationship and how IAM should and shouldn't support good enterprise compliance processes. Tip
-
role-based access control (RBAC)
Role-based access control (RBAC) is a method of regulating access to computer or network resources based on the roles of individual users within an enterprise... Definition
-
SCIM identity management strategy: Time to outsource IdM?
Randall Gamby outlines the SCIM identity management standard and offers identity management for those enterprises considering outsourcing. Answer
-
Dynamic authorization vs. other access management technologies
Randall Gamby discusses the advantages of dynamic authorization vs. other access management strategies and implementation best practices. Answer
-
SaaS access management: Finding the best single sign-on technology
Expert Randall Gamby details key strategies for SaaS access management and contemporary single sign-on technology that's truly interoperable. Answer
-
Enterprise user de-provisioning best practices: How to efficiently revoke access
Misplaced or stagnant employee access can be dangerous; Randall Gamby details user provisioning best practices for setting up a system to combat this risk. Answer
-
Privileged user access management: How to avoid access creep
One of the most difficult areas of privileged user access management is avoiding access creep. John Burke covers how to keep privileged users in check. Tip
-
How to prevent phishing attacks: User awareness and training
In this expert tip, David Sherry describes how a combination of technical controls and user awareness training can help put a dent in phishers’ attempts at spear phishing. Tip
-
Quiz: Monitoring your trusted insiders
How much have you learned about monitoring your privileged insiders? Test your knowledge in this short quiz. Quiz
-
Role-based access control for effective security management
Effective role-based access control is vital for properly managing user access rights and enforcing access policies, but avoiding role sprawl can be challenging. Tip
- See More: All on Enterprise User Provisioning Tools
About Enterprise User Provisioning Tools
Get tips and tricks on user provisioning, such as how to administer employee access and IDs and passwords, information on user account management and audit and analysis.