Identity Management

Who are you and what are you doing here?

Who are you and what are you doing here?

By

This month, we are tackling identity management, network access control (NAC) and data leak prevention (DLP).

Apple buys AuthenTec to beef up iPhone security

By

In a rare acquisition, Apple has acquired Melbourne, Fla.-based mobile and network security firm AuthenTec for $356 million.

On creating an IAM governance body

On creating an IAM governance body

Identity and access management programs are quite tricky to scale across an organization, but implementing a governance team can go a long way to effectively using the technology to meet compliance and manage user permissions.

Best Identity Management & Best Intrusion Detection/Prevention

By

Throughout the day, SC Magazine will be announcing the finalists from each of its 32 award categories, covering the Reader Trust, Professional and Excellence sections.

Mac OS X Lion flaw allows illicit password changes

By

An Apple operating system flaw could allow any user to obtain stored password hash data through an openly readable directory.

Facebook announces two-factor authentication

By

Facebook is rolling out two-factor authentication to fight against the possibility of unauthorized account access.

Wind power company disputes alleged SCADA hack

By

A major U.S. energy supplier has found no evidence of breach despite claims by a former employee that he hacked into the company's New Mexico wind turbine facility as revenge for being fired.

White House finalizes online identity strategy

By

The Obama administration released the final version of its National Strategy for Trusted Identities in Cyberspace, the goal of which is to create a so-called identity ecosystem where online transactions are more trustworthy.

Former Gucci insider charged with hacking network

By

A former network engineer at Gucci has been charged with hacking into the company's network, deleting data and shutting down servers and networks.

ETSI releases identity management specifications

By

The European Telecommunications Standards Institute (ETSI), a nonprofit that produces standards for information and communications technologies, has completed a set of identity management specifications which outline how users can safely gain authorized access to data and services. The free specifications, which are aimed at network operators, internet service providers and systems designers, address access control issues related to third-parties and cloud environments. The specifications were created by ETSI's identity and access management for networks and services group, whose members include Nokia Siemens Networks, Alcatel Lucent, the University of Patras in Greece, and the University of Murcia in Spain.

The domino effect of Gawker's poor password practices

The domino effect of Gawker's poor password practices

Poor authentication standards encourage bad passwords and enable the data breach at Gawker to harm security across the web.

CA continues cloud buying spree with $200 mil Arcot buy

CA continues cloud buying spree with $200 mil Arcot buy

By

Continuing its cloud computing buying spree, IT management software provider CA Technologies announced Monday that it plans to acquire authentication solutions provider Arcot for $200 million.

Leveraging identity analytics to achieve identity governance

Leveraging identity analytics to achieve identity governance

A successful identity governance strategy requires a combination of transparency, analytics, automation and risk mitigation.

Opinions mixed about White House's online identity plan

By

Critics of the White House's proposed national internet identity authentication plan, intended to improve online privacy and security, say the strategy may do just the opposite. Proponents, meanwhile, believe it represents a major step toward establishing online trust.

Why user provisioning matters

Why user provisioning matters

All it takes is a single employee or partner with improper access to bring an organization's network to its knees.

Security budgets stable or increasing at financial firms

By

Drivers such as compliance and insider threats are helping to keep information security budgets at financial institutions alive and well, according to a new study.

RSA Conference: Microsoft's Charney suggests quarantining botted PCs

By

Scott Charney, Microsoft's corporate vice president for trustworthy computing, addressed measures that can be taken to eliminate the widespread botnet scourge.

Security spending, DLP projects to increase

By

Information security budgets will get a boost at many organizations in 2010, according to a study released Tuesday by IT research company TheInfoPro. The study, based on interviews of 259 security decision makers at Fortune 1000 and mid-size organizations, found that 40 percent of enterprises are planning to increase their 2010 security budgets. Data leakage prevention topped the list of projects planned for 2010, followed by identity management and compliance initiatives. — AM

New Hampshire bill would ban biometrics in ID cards

By

A bill under consideration in the New Hampshire Legislature, which would prohibit any government agency or private entity from using biometrics in ID cards, is pitting privacy against security.

PGP buys Chosen Security for trusted ID management

By

PGP announced Tuesday that it has acquired TC TrustCenter and its U.S.-based parent, Chosen Security to extend its encryption capabilities to third-party applications and transactions. The deal enables PGP to now offer an "on-demand platform for managing trusted identities used for encryption, authentication and secure collaboration." The new division will be led by Rajiv Dholakia, the previous vice president of corporate development and strategy for PGP. Terms of the deal were not disclosed. — DK

House panel OKs law addressing cyberstandards

By

A draft bill approved Wednesday by a U.S. House subcommittee would require the National Institute of Standards and Technology to coordinate government in the development of cybersecurity standards, a move to make the creation process more streamlined.

Microsoft acknowledges Windows Live ID breach

By

Microsoft confirmed Monday that the credentials of thousands of Microsoft Windows Live ID accounts were posted online late last week.

Identity theft ring busted in New York

By

Using financial information purchased from crooked bank insiders, a ring of thieves stole millions of dollars.

Process over trust: Will we ever learn?

Process over trust: Will we ever learn?

To give businesses greater confidence in privilege management, we must define, implement, monitor and enforce processes for delegating administrative access.

FTC site helps meeting "Red Flags Rule"

By

The FTC has established a how-to guide for coping with new requirements aimed at deterring identity theft.

Insider data theft exacerbated by economic crisis

By

The majority of individuals laid off, fired or changing jobs in the last 12 months stole data from their former employer, according to a new survey from the Ponemon Institute and Symantec.

Annual study reveals cost of a data breach keeps climbing

By

The cost of a data breach rose to a new record in 2008, according to the fourth annual Ponemon Institute study.

NIST releases draft guidelines for data protection

By

NIST this month released draft recommendations that federal agencies -- and their contractors -- should follow to protect the confidentially of personally identifiable information.

CA makes DLP play with acquisition of Orchestria

By

CA is the latest heavy hitter to acquire a data-loss prevention provider.

FTC: Reduce data theft by regulating Social Security numbers

By

The Federal Trade Commission says limiting the use of Social Security numbers will help diminish occurrences of identity theft.

Sign up to our newsletters

RECENT COMMENTS

FOLLOW US