HNS MAIN FEED
Thursday, 18:48 EDT
- Android wallpaper app stealing user data and sending it to China
- Black Hat USA 2010: A recession proof conference?
- Apple improves App Store security
- ATMs hacked and spitting up money at Black Hat
- Trojan masquerades as iPhone jailbreaking software
- Authentication management platform for any and every authentication factor
- Google has two times more malware than Bing, Yahoo! and Twitter combined
- New assurance mark of software application security
- Sourcefire's open source framework for deep threat inspection
- 100 million Facebook pages published on torrent site
- Cell-phone call interception demonstration at Defcon might not be a sure thing
- Critical ToolTalk Database Server Parser vulnerability discovered
An IT Manager’s Guide to Provisioning and Identity Management
Provisioning is the job of ensuring that, at all times during their career with an employer, staff have all of the necessary access privileges, equipment and other IT resources that they need in order to do their job. Managing this accurately and efficiently within budget and on time can be extremely difficult. Thankfully, software solutions are available which can help greatly.
Companies often like to describe their employees as the organisation’s greatest asset. But many companies fail to realize just how much of an asset their staff really are, because they fail to adequately control the property that is entrusted to employees. Property which, all too often, gets lost or misappropriated during the employee’s time with the company and which is frequently not accounted for when the staff member leaves the company or changes jobs.
Picture the all-too-common scene. You appoint a new marketing manager. He’ll need a password for the central network and for external internet access through the firewall. He’ll also need a VPN password to access the system from home, and permissions for various internal databases, external subscription-based research sites and up-to-date stock price systems, and the main intranet. He’ll need a laptop and a desktop PC, and a collection of software. He’ll probably be entitled to a car too, and possibly membership of the corporate gym or sports club. Then there’s his PDA and mobile phone, USB memory stick, and perhaps a calling card so he can use foreign payphones to call home. Not to mention a key to his office and perhaps another for the front door of the building, and the code number for the alarm.
Arranging all of these items is known as provisioning. Getting everything in place for a new staff member is difficult enough, but even trickier is keeping track of those assets once they have been granted, and revoking when someone leaves the company or changes their role. Which is why many companies simply don’t bother, and therefore rarely find out that an asset is being misused or is simply lost until it’s too late.
Types of Misuse
Misuse of corporate assets takes many forms. All are irritating, some are merely inconvenient, yet a few can be seriously dangerous to the survival of the company or its reputation.
Among those in the merely inconvenient class might be a former employee entering his previous place of work at lunch time and obtaining cheap food because someone forgot to relieve him of his card when he left the job. A more dangerous action might be someone who obtains access to his previous employer’s computer system because the personnel department neglected to realize that he had 2 different accounts and only one of them was disabled upon his resignation. Or perhaps an employee who, on leaving, handed back his keys to the front door of the building but failed to remind the company that he also had a key to the warehouse round the corner.
1 | 2 | 3 | 4 | Next page >>
- A closer look at Panda Cloud Antivirus Free Edition
- Q&A: Strong authentication
- Secure by design
- Q&A: Sandbox for Adobe Reader
- Can you trust a product that doesn't have the right certification?
