Information Security Articles

Showing Articles: 13 of 3

Apr 30 2014

Free Can Make You Bleed

By now anyone concernedwith internet security has heard about the Heartbleed security vulnerability in OpenSSL.  What you may not be aware of is how much money and personal information is riding on this “free” security program and others like it (OpenSSH).  Free is not usually a bad thing, but it can be when it causes the software your business depends on to be under resourced…

Keep Reading

Apr 27 2014

Privileged Users – Not Malicious But Still a Threat

One of challenges security architects face is finding the right balance between security and end user convenience. This conflict is typified by the example of password policies. A too stringent policy drives users to write down their passwords on sticky notes (thus defeating the security objective) and a too weak policy leaves passwords exposed to cracking…

Keep Reading

Mar 18 2014

People Centered Security: Themes from The Gartner IAM Summit

Growing up, we get a lot of conflicting advice. We are told  “look before you leap” but also “nothing ventured nothing gained”. The book of clichés is littered with other examples. The world of Identity and Access Management is similarly conflicted. On the one hand, IAM  should be transparent to the user and simple to administer. On the other hand, IAM must enforce the principle of least privilege. These goals are mutually exclusive. Why? It is just too complex to define specifically the fine grained access each user needs in order to perform their job and manage that access over time in a dynamic work environment. The result is too many job roles, too many exceptions and ultimately weaker, not stronger…

Keep Reading