Saturday, December 21, 2002

Access Management SC Magazine, October 2002 Part One: Sound ROI with security benefits Do you always know who is accessing your company's systems? Illena Armstrong examines how you can guard your doors "All of the vulnerabilities that arise from poor administration, whether they relate to access management or appli cation management, generally create two categories of threats - external ­ vulnerabilities and internal vulnerabilities," he [Adrian Viego, CTO, Business Layers] says. "The external threats are easy to classify, but internal threats are significantly more serious. Beyond weak account credential policies, it is not uncommon that many companies issue their users significantly more privileges than they actually require to perform their duties."... As organizations increasingly expose their internal infrastructure to web, wireless and other access mechanisms, their ability to protect that infrastructure with a perimeter defense system declines significantly. "This blurring of internal and external users causes the access-management problem to grow exponentially," says Gabriel Waters, ­ director of security strategy with Novell. "For example, in the traditional model where they must[sigma] manage the number of users times the number of applications, the problem is relatively linear. However, they now face multiple access devices, times the types of users, times the number of applications, hence the exponential problem. Adding to this problem is the fact that many of these systems will have their own identity store/user database, their own policy around which users can access them and their own administrator."... Part Two: Authorizing your users Richard Mackey investigates whether secure and simple ways of authorizing users are currently feasible While knowing who is gaining access to your network is absolutely necessary, it is far from sufficient. Once authenticated, making sure that each user is only allowed access to the appropriate files, applications or services, is often the missing link. This is where authorization by consistently managing fine-grain ­ access to resources comes into play. 6:13:56 AM

News items on Digital Surveillance U.S. government denies plans for Net monitoring system. Homeland Security rep refutes report [source: InfoWorld: Top News] Going Electronic, Denver Reveals Long-Term Surveillance. Hailed widely as a major tool in the war against terrorism, police intelligence software has its pitfalls. By Ford Fessenden with Michael Moss. [source: New York Times: NYT HomePage] I've added some new items to my Irish Data Privacy Resources section -- some links to stories that show ways in which personal data stored in giant databases can be grossly abused, further background information, and a link to Privacy International/EPIC's annual privacy and human rights report (a BIG pdf) which includes a lengthy section on Ireland. [source: [ t e c h n o c u l t u r e ]] 4:21:37 AM

© Copyright 2006 Russ Savage. Last update: 5/8/06; 9:03:43 PM.