Tag: Cybersecurity

New York’s New Security Rules Emphasize Identity and Access Management

NY Security
In September 2016, New York Governor Andrew Cuomo announced new regulations that established minimum security requirements for the protection of sensitive data in the financial services sector. The first state-mandated regulations of their kind in the nation, the new rules cover banks, insurance companies, and other financial services firms licensed by the New York Department of Financial Services (DFS),...

Data Manipulation: A More Troubling Problem than Data Theft

PAS
Many people are concerned about the theft of sensitive information, and rightfully so. According to the 2016 Identity Fraud study by Javelin Strategy and Research, identity theft cost U.S. consumers $15 billion in 2015. Businesses also fall victim to identity theft, to the tune of $221 billion worldwide each year. But a more insidious data security problem is gaining...

Automation Helps Meet Regulatory Requirements for Privileged Accounts

Automation
Privileged account security has become a focal point of many government and industry regulations. Take, for example, the latest version of the Payment Card Industry Data Security Standard (PCI-DSS), which mandates security practices and controls that must be implemented by organizations that store, process, or transmit payment card data. PCI-DSS 3.2 requires that organizations change vendor-default passwords for privileged...

Why the IoT Needs IAM, Part 1: Rise of the Botnets

Clango
In the Internet of Things (IoT), billions of connected objects quietly collect and transmit data and perform a wide range of functions, generally without human intervention. Imagine vending machines that tell you when they need to be replenished, vehicles that schedule their own maintenance, and “smart home” products that let you lock your doors, control your thermostat, and peek...

The Intersection of Identity Management and Physical Security

IAM
Most people think of identity management as a tool for enhancing the security of systems, applications, networks, and data. By effectively managing user credentials, organizations can maintain strict control over access to IT resources and gain greater visibility into user behavior that could present a security threat. However, identity management can also play a role in strengthening physical security,...

How Do We Gain Total Access Visibility Across the Enterprise?

Ray Brisbane
Previously, we asked this question: Who has access to what, why, and who approved it? Our answer was to establish an integrated enterprise identity and access management (IAM) platform. The basic IAM components are fairly straightforward. Establishing the platform starts with maintaining a list of the identities that will need access to resources (systems, services, applications, information, and controls)...

Why IAM Is Often Put on the Back Burner and Why It Shouldn’t Be

Kabir
So, you’ve just been breached. Now what? Many questions come to mind. Is the breach contained? Who was behind it? Were they internal or external? How did they get in? What did they get? Depending on your organization’s level of sophistication in response to such incidents, a number of processes, controls, and workflows will be initiated and checked. Some...