Countering Cyber Terrorism
by Tim Dunn - Identity Management Business Unit at BMC Software - Monday, 20 March 2006.
There are a number of steps to consider (on the assumption complacency has been put to one side!). First of all, the CIO or other senior executive in the organisation must ask themselves some very straightforward questions: who are our users? What do they have access to? Who approves this access? And what do they do with their access right? If they have all the answers to these questions, they’re in great shape—and one of the few organisations that can claim to be totally secure.

If, on the other hand, there are more questions than answers to these questions—the senior executive must urgently be tasked with implementing a best practice identity and access management strategy. This can be achieved in three stages. First, to standardise administration of users, authoritative sources of identity information are identified and connected to the access management, user management and provisioning processes. In stage two, policy-based automation of approval processes and user self-service for requesting password changes, access privileges, and directory information updates enhance the user experience and enforce security policy. And, in stage three, monitoring actual user behaviour in the context of security policy and business controls is efficient and consistent when based on a set of automated, integrated identity management processes.

The fundamental fact remains that the risk of passwords being compromised is becoming greater and greater, because it's becoming easier to download tools that will crack them. And industry is not doing enough to tackle the issue. The centralised management of identities and access privileges enables the policy-based management of enterprise identities and their corresponding access privileges, and it strengthens the organisation’s ability to establish, monitor, and validate access policies. Start now—before it’s too late.

Spotlight

Fake "Online Ebola Alert Tool" delivers Trojan

Posted on 29 October 2014.  |  Cyber scammers continue to take advantage of the fear and apprehension surrounding the proliferation of the Ebola virus.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Thu, Oct 30th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //