Security Management Strategies for the CIO
Email Alerts
-
Using IAM, password and provisioning management tools for compliance
Provisioning and password management tools can ease complexity, reduce help desk calls and save money. But they also have an added benefit: they can help with your compliance woes. Identity and Access Manag
-
IAM Security School quick quiz
Quiz
-
Endpoint security protection: Policies for endpoint control
In this lesson, guest instructor Ben Rothke, Director of Security Technology Implementation for a large financial services company, provides tactics for endpoint security, policies for controlling endpoints and insight as to where endpoint security t... Identity and Access Manag
-
How to break into a computer that is right at your fingertips
Stressing the importance of physical security, Joel Dubin explains how a hacker can bypass a BIOS password and break into a computer. Book Chapter
-
Spy vs. Spy
Excerpt from Chapter 6 of Spies Among Us: How to Stop the Spies, Terrorists, Hackers, and Criminals You Don't Even Know You Encounter Every Day. Book Chapter
-
SAP Security Learning Guide
This guide pulls SAP security information from both SearchSecurity.com and its sister site, SearchSAP.com, to provide the most comprehensive resource around for all aspects of making your SAP system bulletproof. Learning Guide
-
Lesson/Domain 2 -- Security School: Training for CISSP Certification
SearchSecurity.com Security School webcasts are focused on CISSP training. Each lesson corresponds to a specific domain in the CISSP exam's "Common Body of Knowledge." School
-
Passwords: Do you speak Geek?
Test your knowledge of password-related terminology. Quiz
-
Infosec Know IT All Trivia: Secure passwords
Strengthen your passwords with the information you'll learn taking our trivia. Quiz
-
2013 Verizon DBIR: Authentication attacks affect all organizations
The 2013 Verizon data breach report details how authentication attacks affect organizations of all sizes, blaming single-factor passwords. News | 23 Apr 2013
-
Scope of Dropbox security breach is undetermined
Dropbox spokesman says investigation is ongoing after attackers gained access to an employee account leaking user email addresses. News | 01 Aug 2012
-
Dropbox to implement two-factor authentication
Investigators believe some of the Web-based storage service's accounts were compromised following a password breach at another website. News | 01 Aug 2012
-
Password database inventory required following LinkedIn breach
Many organizations have acquired legacy applications over the years, storing password data and other information in clear text, according to one noted security expert. News | 25 Jun 2012
-
All leaked LinkedIn passwords disabled, users notified
After hackers posted 6.5 million LinkedIn passwords on a Russian site last week, the company has disabled all at-risk accounts and notified their users. News | 11 Jun 2012
-
LinkedIn alerts authorities, Facebook notifies potential password victims
Law enforcement join LinkedIn in its probe into how 6.5 million passwords were posted to a hacker forum this week. Meanwhile, Facebook reaches out to potential victims. News | 07 Jun 2012
-
eHarmony resets account credentials following LinkedIn password leak
Dating site eHarmony said it is resetting a “small fraction” of accounts after it discovered user passwords among those posted to a Russian hacking website. News | 07 Jun 2012
-
LinkedIn investigating user account password breach
More than 6 million passwords may have been stolen from the servers of social network LinkedIn and posted to a Russian hacking forum. News | 06 Jun 2012
-
Verizon data breach report shows weak passwords at root of 2011 data breaches
Weak and default passwords are at the root of many data security breaches investigated by Verizon in 2011. News | 07 Mar 2012
-
Morto worm, an old-school Internet worm, spreading via RDP
Security firms say the Morto worm isn’t a Trojan, but an Internet worm that spreads via Windows Remote Desktop Protocol (RDP). News | 29 Aug 2011
- See more News on Password Management and Policy
-
Aligning enterprise identity and access management with CIO priorities
Randall Gamby says aligning enterprise identity and access management with business and CIO priorities demands a more strategic approach to IAM. Tip
-
Information security controls for data exfiltration prevention
Enterprises may be amazed to discover how valuable their data is to attackers. Learn five information security controls to prevent data exfiltration. Tip
-
How diligent user account security thwarts password recovery attacks
The recent CloudFlare hack showed how poor user account security and password recovery can be compromised. Learn how to avoid a similar incident. Tip
-
Android security settings and controls for Android enterprise security
Can Androids ever be secure enough for corporate use? Learn about Android security controls to enable effective Android enterprise security. Tip
-
Privileged user access management: How to avoid access creep
One of the most difficult areas of privileged user access management is avoiding access creep. John Burke covers how to keep privileged users in check. Tip
-
Using an IAM maturity model to hone identity and access management strategy
Forrester Research’s Andras Cser discusses how to use an IAM maturity model to assess your identity and access management strategy. Tip
-
Alternatives to password-reset questions tackle social networking cons
With so much personal information available on the Internet, finding the answers to someone's password-reset questions can be quite easy. In this tip, learn about alternatives to the password-reset question option that can lead to more secure Interne... Tip
-
Making the case for enterprise IAM centralized access control
Central access to multiple applications and systems can raise the level of security while getting rid of lots of red tape, so how do you go about creating central access management? In this tip, IAM expert David Griffeth explains the steps. Tip
-
Best practices for a privileged access policy to secure user accounts
Enterprises need to secure accounts belonging to actual users by reviewing and monitoring their privileged access. Tip
-
Security book chapter: The Truth About Identity Theft
Jim Stickley, author of The Truth About Identity Theft, explains how easy it really is to hack a password. Tip
- See more Tips on Password Management and Policy
-
Can a password blacklist improve general enterprise password security?
Expert Michael Cobb reacts to the BlackBerry 10 password blacklist and determines whether enterprises could adopt it to further secure passwords. Answer
-
Dropbox security concerns: Time to find secure Dropbox alternatives?
Are Dropbox security concerns serious enough to require enterprise users to switch to secure Dropbox alternatives? Expert Michael Cobb discusses. Answer
-
How to address password change frequency, reuse for third-party apps
Expert Michael Cobb explains how password change frequency and reuse for third-party apps should be addressed in enterprise password policies. Answer
-
Brute-force SSH attack prevention depends on network monitoring basics
Expert Brad Casey discusses why effective brute-force SSH attack prevention means improving network monitoring instead of closing TCP port 22. Answer
-
Adjust security policies to combat Windows password hint attacks
Researchers have revealed potential Windows user password hint vulnerabilities. Expert Michael Cobb discusses how to address such attacks in policies. Answer
-
How to secure Android devices: Advice for good Android lock patterns
Get advice from expert Michael Cobb on how to secure your Android device with good Android lock patterns. Answer
-
Online password security: Are Verified by Visa-like programs enough?
Randall Gamby offers additional security measures enterprises can employ to supplement their existing password-reset process. Answer
-
Password compliance and password management for PCI DSS
Can poor password management lead to PCI DSS non-compliance? Mike Chapple outlines key password compliance best practices. Answer
-
Image-based authentication: Viable alternative authentication method?
Randall Gamby addresses the criticisms of image-based authentication and considers if it's a viable enterprise alternative authentication method. Answer
-
Minimum password length best practices: Are 14-character passwords necessary?
Should all enterprises mandate 14-character passwords, or are passwords alone not enough? IAM expert Randall Gamby offers his minimum password length best practices. Answer
- See more Expert Advice on Password Management and Policy
-
onboarding and offboarding
In identity management, onboarding is the addition of a new employee to an organization's identity and access management (IAM) system. The term is also used if an employee changes roles within the organization and is granted new or expanded access pr... Definition
-
war dialer
A war dialer is a computer program used to identify the phone numbers that can successfully make a connection with a computer modem. Definition
-
TACACS (Terminal Access Controller Access Control System)
TACACS (Terminal Access Controller Access Control System) is an older authentication protocol common to UNIX networks that allows a remote access server to forward a user's logon password to an authentication server to determine whether access can be... Definition
-
session replay
Session replay is a scheme a cracker uses to masquerade as an authorized user on an interactive Web site... (Continued) Definition
-
salt
In password protection, salt is a random string of data used to modify a password hash. Definition
-
shadow password file
In the Linux operating system, a shadow password file is a system file in which encryption user password are stored so that they aren't available to people who try to break into the system. Definition
-
passphrase
A passphrase is a string of characters longer than the usual password (which is typically from four to 16 characters long) that is used in creating a digital signature (an encoded signature that proves to someone that it was really you who sent a mes... Definition
-
password
A password is an unspaced sequence of characters used to determine that a computer user requesting access to a computer system is really that particular user. Definition
-
logon (or login)
In general computer usage, logon is the procedure used to get access to an operating system or application, usually in a remote computer. Definition
-
masquerade
In general, a masquerade is a disguise. Definition
- See more Definitions on Password Management and Policy
-
PayPal CISO hopes FIDO Alliance can help replace weak passwords
Video: PayPal CISO Michael Barrett discusses the FIDO Alliance launch and how the open standard for online authentication might help replace weak passwords. Video
-
The business case for enterprise password management
Spyro Malaspinas discusses the importance of enterprise password management and how your business can benefit from implementing good identity management practices. Video
-
PCI compliance requirement 8: Unique IDs
In a nutshell, Requirement 8 of the Payment Card Industry Data Security Standard calls for individual identification for anyone and everyone who has access to cardholder data. Video
-
PCI compliance requirement 2: Defaults
PCI pros Diana Kelley and Ed Moyle review Requirement 2 of the Payment Card Industry Data Security Standard: Defaults. Video
-
Smart shopper: What to look for in password management and provisioning
Password management vendors are getting into the full-blown provisioning game, and traditional vendors are adding Windows logon extensions to facilitate self-service-a hallmark of a password management-only solutions in the past. As these two markets... Podcast
-
Can a password blacklist improve general enterprise password security?
Expert Michael Cobb reacts to the BlackBerry 10 password blacklist and determines whether enterprises could adopt it to further secure passwords. Answer
-
2013 Verizon DBIR: Authentication attacks affect all organizations
The 2013 Verizon data breach report details how authentication attacks affect organizations of all sizes, blaming single-factor passwords. News
-
Dropbox security concerns: Time to find secure Dropbox alternatives?
Are Dropbox security concerns serious enough to require enterprise users to switch to secure Dropbox alternatives? Expert Michael Cobb discusses. Answer
-
How to address password change frequency, reuse for third-party apps
Expert Michael Cobb explains how password change frequency and reuse for third-party apps should be addressed in enterprise password policies. Answer
-
Brute-force SSH attack prevention depends on network monitoring basics
Expert Brad Casey discusses why effective brute-force SSH attack prevention means improving network monitoring instead of closing TCP port 22. Answer
-
PayPal CISO hopes FIDO Alliance can help replace weak passwords
Video: PayPal CISO Michael Barrett discusses the FIDO Alliance launch and how the open standard for online authentication might help replace weak passwords. Video
-
Adjust security policies to combat Windows password hint attacks
Researchers have revealed potential Windows user password hint vulnerabilities. Expert Michael Cobb discusses how to address such attacks in policies. Answer
-
Aligning enterprise identity and access management with CIO priorities
Randall Gamby says aligning enterprise identity and access management with business and CIO priorities demands a more strategic approach to IAM. Tip
-
How to secure Android devices: Advice for good Android lock patterns
Get advice from expert Michael Cobb on how to secure your Android device with good Android lock patterns. Answer
-
Information security controls for data exfiltration prevention
Enterprises may be amazed to discover how valuable their data is to attackers. Learn five information security controls to prevent data exfiltration. Tip
- See more All on Password Management and Policy
About Password Management and Policy
Discover how to succeed in password management. Learn how to implement a password policy, software and tools, how to choose the right password length and when to change your password. Also, get advice on password cracking software, tools and programs.