Home > Identity Management and Compliance Info Center

Identity Management and Compliance Info Center EMAIL THIS IDENTITY MANAGEMENT from SearchSecurity.com CA steers DLP towards access, identity management ARTICLE - Orchestria deal follows recent IAM acquisitions and takes a somewhat different tack from security vendors. Survey: Security Pros Identify Priorities for 2008 FEATURE - Security professionals prioritize mobility and security, identity and access management, protecting data and intellectual property and vulnerability management. Companies share identity management struggles ARTICLE - While most firms are pleased with the results of their identity management implementation, they faced many initial hurdles. VIEW ALL IN THIS TOPIC DATA PRIVACY from SearchSecurity.com IRS faulted for lax security controls, dangerous data risks ARTICLE - An inspector general audit criticizes the IRS for deploying a customer data and account management system with known security flaws. The IRS tried to have the report suppressed. Learning the language of global compliance TIP - When a company expands its operations to other countries, what compliance issues confront a security manager? PCI is about eliminating data, not securing it, former QSA says ARTICLE - Former QSA turned Forrester analyst John Kindervag calls PCI a "communicable disease." Anything introduced to the network is in PCI scope if credit card systems aren't segmented. VIEW ALL IN THIS TOPIC AUDIT AND COMPLIANCE from SearchSecurity.com E-discovery forces security organizations to prepare for eventual litigation FEATURE - The updated Federal Rules of Civil Procedure elevates understanding of e-discovery requirements to a high priority. GRC: Over-Hyped or Legit? FEATURE - Governance, risk and compliance (GRC) is being used as a catch-all phrase for most information security strategies and tagged onto various products, adding even more confusion in the market as to what it truly means or ... Mix of Frameworks and GRC Satisfy Compliance Overlaps FEATURE - Three organizations reveal how they use a combination of frameworks such as COBIT or ISO 27001 along with GRC tools satisfy overlapping industry and federal regulatory demands. VIEW ALL IN THIS TOPIC IDENTITY MANAGEMENT AND ACCESS CONTROL from SearchSecurity.com Editor's Desk FEATURE - FDIC for Identities Amazing Access FEATURE - Finding a comprehensive identity and access management architecture requires leadership to navigate the technology and implementation labyrinth. Access Management FEATURE - Vernier Networks' EdgeWall 7000 series VIEW ALL IN THIS TOPIC USER PROVISIONING from SearchSecurity.com What kinds of security defenses can prevent the hijacking of a city's fiber network? EXPERT RESPONSE - How do you prevent a network administrator from hijacking and preventing access to a city's fiber network? The answer is fairly low-tech, says network security expert Mike Chapple. Deleting user accounts: How to manage users during a layoff TIP - When budgets get cut across the enterprise, employees will probably get cut, too. So what's the best way to handle a large number of user account modifications or deletions? BeyondTrust Privilege Manager 3.0 product review FEATURE - BeyondTrust's Privilege Manager 3.0 addresses elevated user privileges through a Group Policy extension that allows organizations to control permissions for selected processes and applications. VIEW ALL IN THIS TOPIC DIRECTORY SERVICES from SearchSecurity.com Product Review: Symark PowerADvantage 1.5 FEATURE - Symark's Symark PowerADvantage allows Unix hosts to become member servers of an AD forest and leverage AD's centralized user management and authentication capabilities. Product review: Identity Engines' Ignition Server FEATURE - Identity Engines' Ignition Server manages access controls across disparate directory services platforms (Active Directory, LDAP, eDirectory) by consolidating them into a single user store. What courses can improve fundamental knowledge of infrastructure systems (Active Directory, LDAP, etc.)? EXPERT RESPONSE - When looking to brush up on knowledge of systems such as Active Directory, Exchange, LDAP and more, there are many educational opportunities, but which offer the most benefit? In this IAM expert response, learn how to choose ... VIEW ALL IN THIS TOPIC WEB ACCESS CONTROL from SearchSecurity.com IBM USB banking device stops keyloggers, malware NEWS - A new USB stick, developed by IBM researchers, sets up a secure banking connection bypassing computer software and drivers. Creating a secure login page EXPERT RESPONSE - How can you ensure your login page won't be vulnerable to SQL injection and other attacks? Application security expert Paul Holm explains how you can use SSL and encryption to fend off hackers. Sun launches open source OpenSSO for identity management ARTICLE - Sun integrates access management, federation and secure Web services in its new OpenSSO Enterprise VIEW ALL IN THIS TOPIC PASSWORD CRACKING from SearchSecurity.com ID and password authentication: Keeping data safe with management and policies TIP - Learn how to improve authentication and avoid password hacking with management policies that enforce password expiration, length and complexity requirements. IBM USB banking device stops keyloggers, malware NEWS - A new USB stick, developed by IBM researchers, sets up a secure banking connection bypassing computer software and drivers. Is encryption only as good as an organization's password management and access control policies? EXPERT RESPONSE - Is data encryption helpful if a system's root or admin account is hacked? Learn more about this identity and access managment dilemma. VIEW ALL IN THIS TOPIC DATA SECURITY BREACH LAWS AND NOTIFICATION from SearchSecurity.com Cybersecurity expert sees PCI DSS problems ahead for retailers Q A INTERVIEW - Some systems will have to be replaced over the next several years costing big-box retailers millions of dollars to become compliant with PCI DSS. PCI is about eliminating data, not securing it, former QSA says ARTICLE - Former QSA turned Forrester analyst John Kindervag calls PCI a "communicable disease." Anything introduced to the network is in PCI scope if credit card systems aren't segmented. Data breach discovery, disclosure outpaces 2007 ARTICLE - More data breaches have been reported so far this year than in all of 2007, according to a report released by a nonprofit group that works to prevent fraud. VIEW ALL IN THIS TOPIC PASSWORD MANAGEMENT from SearchSecurity.com ID and password authentication: Keeping data safe with management and policies TIP - Learn how to improve authentication and avoid password hacking with management policies that enforce password expiration, length and complexity requirements. New Sun product illustrates identity management trend ARTICLE - Sun's Identity Compliance Manager gives enterprises a starting point for more complex ID management projects, says analyst. Sun launches open source OpenSSO for identity management ARTICLE - Sun integrates access management, federation and secure Web services in its new OpenSSO Enterprise VIEW ALL IN THIS TOPIC FFIEC from SearchSecurity.com Interview: FDIC director explains FFIEC standard FEATURE - Michael L. Jackson, associate director of the FDIC, helped develop FFIEC, which aims to make online banking safer by forcing financial institutions to assess the risks in their environments and implement controls such as ... IT security pros face challenge during economic crisis Q A INTERVIEW - In this Q&A, Steven Katz, a former CISO at Citigroup Inc., JP Morgan Chase & Co., and Merrill Lynch & Co., Inc., explains the role of IT security durring mergers and acquisitions. Understanding multifactor authentication features in IAM suites TIP - In this tip, IAM luminary Joel Dubin explains why multifactor authentication is worth the effort and how to make it work well with IAM suites. VIEW ALL IN THIS TOPIC PASSWORD POLICY from SearchSecurity.com Do strong passwords make it safer to conduct banking on an open connection? EXPERT RESPONSE - Password strength actually has little to do with the security of your computer on a DSL network. Network expert Mike Chapple offers up the simple tips that will lock down your machines. ID and password authentication: Keeping data safe with management and policies TIP - Learn how to improve authentication and avoid password hacking with management policies that enforce password expiration, length and complexity requirements. New Sun product illustrates identity management trend ARTICLE - Sun's Identity Compliance Manager gives enterprises a starting point for more complex ID management projects, says analyst. VIEW ALL IN THIS TOPIC FISMA from SearchSecurity.com FISMA compliance made easier with OpenFISMA TIP - Scott Sidel examines the open source security tool OpenFISMA, a compliance tool that assists government agencies and their contractors in meeting FISMA's requirements. What criteria should I look for in a service provider to help my government agency comply with FISMA? EXPERT RESPONSE - In order to fully protect the agency's information, there must first be a security officer. Security managment expert Mike Rothman gives his advice on the FISMA compliance process. Learn from NIST: Best practices in security program management TIP - Security management expert Mike Rothman offers advice on how certain NIST guidelines can help an organization highlight problems within its enterprise security program. VIEW ALL IN THIS TOPIC GRAMM-LEACH-BLILEY ACT (GLBA) from SearchSecurity.com The road to compliance POLL - Many firms fail to conduct a risk analysis before addressing compliance issues. Has your firm conducted a risk analysis? Take our poll. IBM to boost security spending, push PCI DSS program ARTICLE - IBM plans to invest $1.5 billion on security research in 2008. The company is also using recent acquisitions to introduce a PCI DSS program. ISO 27001 could bridge the regulatory divide, expert says Q A INTERVIEW - Former Microsoft CISO Karen Worstell explains how ISO 27001 can help companies comply with a variety of regulations and standards. VIEW ALL IN THIS TOPIC BIOMETRICS from SearchSecurity.com Exploring authentication methods: How to develop secure systems LEARNING GUIDE - Discover authentication options and learn how to implement, maintain and secure methods of authentication, such as biometrics and smartcards to avoid breaches and protect data. What are some good pre-boot biometric user authentication tools or strategies? EXPERT RESPONSE - Thinking about implementing biometric fingerprint readers for authentication? Learn what to look for in user authentication tools and how to be sure they're compatible with the OS. To what exactly would a request for biometric data from an insurance provider pertain? EXPERT RESPONSE - Biometric data serves only to verify identity. Identity and expert management expert Joel Dubin explains what an insurance company might want with biometric data. VIEW ALL IN THIS TOPIC HIPAA from SearchSecurity.com Is a lack of employee privacy a HIPAA violation if the employee files Medicare claims? EXPERT RESPONSE - Insufficient employee privacy for those who handle Mericare and Medicaid claims can result in a HIPAA violation. Learn how to keep this data safe and keep your organization compliant. What's the best strategy to catch up on HIPAA compliance quickly? EXPERT RESPONSE - Learn how to build a good compliance program for HIPAA in order to protect patient information and avoid fines and penalties. Should health care software vendors have to comply with HIPAA? FEATURE - Software used in health care is rife with vulnerabilities. It's time vendors shape up. VIEW ALL IN THIS TOPIC TOKENS AND SMART CARDS from SearchSecurity.com Logical, physical security integration challenges FEATURE - Integrating physical and IT security can reap considerable benefits for an organization, including enhanced efficiency and compliance plus improved security. But convergence isn't easy. Challenges include bringing the ... Interview: CISO explains enterprise's access control policies FEATURE - Access control and authentication isn't as simple as setting up user IDs and passwords. Security token and smart card authentication TIP - Get advice on how to mitigate data theft from hackers with security token and smart card authentication technology, smart card readers and software. VIEW ALL IN THIS TOPIC PCI DATA SECURITY STANDARD from SearchSecurity.com PCI needs to address virtualization, experts say ARTICLE - The standard for protecting cardholder data doesn't account for virtualized servers, which some say opens the door to audit problems What are some best practices for handling a merger while getting our counterpart up to speed on PCI? EXPERT RESPONSE - Learn how to make sure you and your partner are compliant with PCI DSS while you prepare for the merger process.