In September 2016, New York Governor Andrew Cuomo announced new regulations that established minimum security requirements for the protection of sensitive data in the financial services sector. The first state-mandated regulations of their kind in the nation, the new rules cover banks, insurance companies, and other financial services firms licensed by the New York Department of Financial Services (DFS),...

Many people are concerned about the theft of sensitive information, and rightfully so. According to the 2016 Identity Fraud study by Javelin Strategy and Research, identity theft cost U.S. consumers $15 billion in 2015. Businesses also fall victim to identity theft, to the tune of $221 billion worldwide each year. But a more insidious data security problem is gaining...

Privileged account security has become a focal point of many government and industry regulations. Take, for example, the latest version of the Payment Card Industry Data Security Standard (PCI-DSS), which mandates security practices and controls that must be implemented by organizations that store, process, or transmit payment card data. PCI-DSS 3.2 requires that organizations change vendor-default passwords for privileged...

In my last two articles, I discussed various aspects of privileged account and endpoint security, with a focus on implementing a new solution. But what if you already have one of these solutions in place? Are you aware of all its features? Have you deployed it for the correct use cases? Are there integrations with other systems you already...

In the Internet of Things (IoT), billions of connected objects quietly collect and transmit data and perform a wide range of functions, generally without human intervention. Imagine vending machines that tell you when they need to be replenished, vehicles that schedule their own maintenance, and “smart home” products that let you lock your doors, control your thermostat, and peek...

Most people think of identity management as a tool for enhancing the security of systems, applications, networks, and data. By effectively managing user credentials, organizations can maintain strict control over access to IT resources and gain greater visibility into user behavior that could present a security threat. However, identity management can also play a role in strengthening physical security,...

Previously, we asked this question: Who has access to what, why, and who approved it? Our answer was to establish an integrated enterprise identity and access management (IAM) platform. The basic IAM components are fairly straightforward. Establishing the platform starts with maintaining a list of the identities that will need access to resources (systems, services, applications, information, and controls)...

So, you’ve just been breached. Now what? Many questions come to mind. Is the breach contained? Who was behind it? Were they internal or external? How did they get in? What did they get? Depending on your organization’s level of sophistication in response to such incidents, a number of processes, controls, and workflows will be initiated and checked. Some...