Browse archive

Latest news

Experts highlight top data breach vulnerabilities

Review: Logging and Log Management

Commission wants to minimize U.S. IP theft economic impact

NYPD detective accused of hiring email hackers

Why BYOx is the next big concern of CISOs

Free tool repairs critical Windows configuration vulnerabilities

Guantanamo cuts off Wi-Fi access due to OpGTMO

IT pros focus on cloud security, not hype

Blue Coat to acquire Solera Networks

APT1 is back, attacks many of the initial U.S. corporate targets

Aurora attackers were looking for Google's surveillance database

U.S. DOJ accuses journalist of espionage

Find TrueCrypt and BitLocker encrypted containers and images

The CSO perspective on healthcare security and compliance

Hacking charge stations for electric cars

Countering Cyber Terrorism

by Tim Dunn - Identity Management Business Unit at BMC Software - Monday, 20 March 2006.

So what is the solution? To effectively combat the very real threat of cyber terrorism in the business community, each and every organization needs to adopt a centralised, best practice approach to the way identities and access privileges are managed. In other words, the proactive, real-time monitoring of every aspect of user authentication. It represents good governance. For example, when a new finance employee joins the organisation, they should be denied access privileges to both the creation and payment of invoices. There should be an enforcement policy in place which means they need to seek approval prior to this privilege being accepted.

There are a number of steps to consider (on the assumption complacency has been put to one side!). First of all, the CIO or other senior executive in the organisation must ask themselves some very straightforward questions: who are our users? What do they have access to? Who approves this access? And what do they do with their access right? If they have all the answers to these questions, they’re in great shape—and one of the few organisations that can claim to be totally secure.

If, on the other hand, there are more questions than answers to these questions—the senior executive must urgently be tasked with implementing a best practice identity and access management strategy. This can be achieved in three stages. First, to standardise administration of users, authoritative sources of identity information are identified and connected to the access management, user management and provisioning processes. In stage two, policy-based automation of approval processes and user self-service for requesting password changes, access privileges, and directory information updates enhance the user experience and enforce security policy. And, in stage three, monitoring actual user behaviour in the context of security policy and business controls is efficient and consistent when based on a set of automated, integrated identity management processes.

The fundamental fact remains that the risk of passwords being compromised is becoming greater and greater, because it's becoming easier to download tools that will crack them. And industry is not doing enough to tackle the issue. The centralised management of identities and access privileges enables the policy-based management of enterprise identities and their corresponding access privileges, and it strengthens the organisation’s ability to establish, monitor, and validate access policies. Start now—before it’s too late.