Developing a single account username convention that meets all your organization's requirements and will work for both current and future users? Well, that's easier said than done—much easier said than done.
Is your organization using more than one account username conventions for your different systems and applications? If so, your organization isn’t alone. Since there is no one-size-fits-all naming convention, creating a single, enterprise-wide account username convention is easier said than done. However, using the right methodology, it is not only possible to create an enterprise-wide account username convention, but one that is an optimal fit for your organization.
Another year, another Verizon Data Breach Investigations Report (DBIR), another depressing look into the state of global cybersecurity preparedness.
The term shadow IT conjures up images of a malevolent, invisible force that poses a threat to security policies. Sounds scary, right? While shadow IT does have the ability to create a bottleneck, it tends to occur in the most benign of situations.
At this stage in your efforts toward modernizing your company’s information security program, it’s time to move beyond education and dialogue into more concrete action. By following these seven steps, you can pave the way toward a more secure future for your organization.
In the first installment of our series on security and the CEO, we discussed the dangerous disconnect between the rosy view of security held by the C-suite and the much grimmer reality seen in the trenches of IT. Today, we’re going to talk about the consequences of executive overconfidence in your information security program.
When organizations start or plan to start a new IAM initiative, one of the first steps they take is some form of requirements gathering. The idea is that the requirements represent the functional and nonfunctional (IAM) needs of an organization. Then, typically through some form of procurement, the organization attempts find a solution/service/product(s) that best aligns with those requirements.
The goal of achieving compliance is to make sure that an organization is meeting minimum standards to protect sensitive data. In order to be compliant, a business needs only to meet the outlined requirements.
However, this does not mean that its systems and data are secure. Unfortunately, there are companies that treat compliance merely as a checkbox. Even when the minimum standards are met, data and accounts with elevated access are still vulnerable. Instead, achieving compliance should be viewed as the by-product of sound security practices. This starts with protecting the attacker’s most sought-after prize: privileged accounts with elevated access across the network.