In the wake of the NSA leak by former systems administrator Edward Snowden, how can organizations limit the amount of data access offered to those managing IT systems? Former CIA CISO Robert Bigman explains.
Having the right log and access management tools in place - and not all tools are used by all agencies at all times - doesn't mean that the proper authorities are alerted in a timely manner to activities that could jeopardize the nation's security.
Collecting massive amounts of data on individuals, whether in the government or private sector, has become the norm in our society. It's not quite Orwellian, but it's a situation we might have to learn to live with.
Beyond mobile device and data security, what are the ID and access challenges facing security leaders - and how are cutting-edge organizations tackling them? CSOs Elayne Starkey and Malcolm Harkins share tips.
Business line managers are in better positions to control and monitor network and system access privileges than IT departments, since they know their employees and the privileges they should be provided, says Bill Evans of Dell Software.
Because managing identities is a global problem, it requires a global solution, says Paul Simmonds of the Jericho Forum. A new organization has been established to address global identity. Simmonds offers insight.
National Institute of Standards and Technology's Jeremy Grant says the government will fund pilot projects to accelerate progress toward the creation of improved, interoperable systems for secure, privacy-enhancing trusted online credentials.
Banking institutions have spent the last two years enhancing authentication to conform to regulatory mandates. Organizations in other sectors can learn important authentication lessons from the banking industry.
Kathryn Marchesini, a privacy adviser at the Office of the National Coordinator for Health IT, outlines the three most important steps healthcare organizations should take to avoid breaches of information on mobile devices.
The answer seems obvious, especially in the context of IT security and information risk. Yet, is it, especially when developing codes and standards, as well as funding research and development initiatives that involve taxpayer money?