Headlines & Editorials
The latest news coverage on identity governance trends and technologies.
Forrester: Trust No One When It Comes to IT Security
According to a recent Forrester Research report, information security professionals must make security ubiquitous throughout the network, not just at the perimeter.
Network World | September 15, 2010
The Coming Inevitable Security Breach
There's general agreement that the nature of the security threats facing IT organizations has substantially changed as computing has evolved. So it's little wonder that a survey of 388 IT security professionals from Fortune 1000 companies finds that IT organizations are pretty pessimistic about defending against security breaches. Most tend to think it's only a matter of time before something bad happens.
ITBusinessEdge | September 9, 2010
A Tale of Three Breach Reports
A trio of reports came out on data breaches … When boiled down to the basics, each of these reports says the same thing: Expect a data breach to happen to your organization. Don't be surprised when it does happen; be ready; and have an incident response plan in hand to mop up when the incident does occur.
Bank Info Security | July 30, 2010
Identity Management Projects Require Proper Planning
Many organizations are launching identity management projects, and avoiding common pitfalls means taking certain steps up front before deployment begins.
eWeek | June 30, 2010
Identity and Access Management Tops IT Agenda for 2010
Identity and access management (IAM) is high on the to-do list this year for nearly two thirds of companies in the UK, France and Germany, according to a recent poll of IT security decision-makers by Forrester Research. Nearly 60 per cent cited improved security as the primary driver for adopting IAM, with the remaining two fifths roughly evenly split between improved service delivery, regulatory compliance, cost reductions, and governance.
Computing UK | May 17, 2010
Data Breaches in U.S. Cost More
The average cost to an organization of a data breach in the United States is higher than in four other countries where data-breach costs were compared, specifically Australia, France, Germany and the United Kingdom, according to a recent Ponemon Institute report.
Network World | April 28, 2010
Security Mergers and Acquisitions Strategy: Questions You Need to Ask
Every security industry merger and acquisition announcement leaves a lot of midmarket companies wondering, "What does this mean to my business?" To help you ultimately decide whether to stick with an acquiring company or look elsewhere, it's important to understand the motives behind the acquisition strategy, review the product road map and evaluate the quality of service and support. This SearchSecurity.com article reviews some essential security mergers-and-acquisitions questions.
SearchSecurity.com | March 29, 2010
Losing Sleep Over Three Data Breaches in a Year
Never mind three strikes and you're out. How about three strikes and I've got to ask myself if I even want to be in one of your hotels in the first place. The question arises after a third reported incident in 12 months involving the Wyndham Hotels chain. Granted, even the most security-conscious of companies can be victimized by hackers, but when you've had to cop to a third data breach in less than a year you'll have to forgive prospective customers for looking elsewhere for shelter. Or to pay in cash.
Computerworld | March 4, 2010
Poor Governance at the Heart of Poor Data Security, Says ICO
Information security, particularly in central government, is undoubtedly improving, but several common problems remain, says the Information Commissioner's Office (ICO). A lack of awareness of information security is chief among them, deputy information commissioner David Smith told the first annual Human Factors in Information Security Conference in London. Failure to put existing security policies into effect is another common failing, said Smith, showing that people remain one of the biggest challenges to getting information security right.
ComputerWeekly.com | February 23, 2010
How Identity Governance Solves the Compliance Challenges Left by Provisioning Technology
The identity management landscape is changing. The need for stronger auditing controls is giving rise to identity governance tools that are supplanting ID provisioning solutions as the centralized management layer for identity.
Network World | February 11, 2010
PCI Compliance: What It Is and Why It Matters (Q&A)
If you own a bank account or use credit cards, chances are you've heard the term "PCI compliant." But you probably don't know what it means. The term is heard more and more frequently these days as data breaches at merchants like TJX, parent of TJMaxx, and payment processors Heartland Payment Systems and RBS WorldPay land millions of card records in the hands of hackers. CNET asked Bob Russo, general manager of the PCI Security Standards Council, to explain what is being done to keep criminals from accessing consumer payment card data.
CNET | February 8, 2010
Gaining Some Access Control Maturity
There's a general lack of maturity these days in most companies when it comes to managing data. The lack of a set of formal data governance policies is usually at the heart of most security breaches, which inevitably leads to business executives looking for an IT scapegoat. But while IT people are responsible for managing the systems that hold the data, it's up to the business to put real polices in place to govern data. To that end, Kelly Bissell, a principal with the IT consulting firm Deloitte & Touche, says companies need to evaluate their data governance processes along an access control maturity model.
ITBusinessEdge | February 2, 2010
The Intersection of Business Intelligence and Identity Management: Identity Governance
The emergence of identity governance allows organizations to transform technical identity data from across the enterprise into business-friendly information that can be used to drive governance and compliance initiatives. This centralized visibility gives executive and business users the "intelligence" they need to define and enforce business policy, audit and report on the effectiveness of internal controls, and more effectively manage risk.
ITBusinessEdge | January 27, 2010
Data Breach Costs Top $200 Per Customer Record
The cost of a data breach increased last year to $204 per compromised customer record, according to the Ponemon Institute's annual study. The average total cost of a data breach rose from $6.65 million in 2008 to $6.75 million in 2009. Ponemon Institute based its estimates on data from 45 companies that publicly acknowledged a breach of sensitive customer data last year and were willing to discuss it.
Network World | January 25, 2010
Half a Million Pound Penalty Introduced for Personal Data Security Breaches by ICO
A £500,000 penalty has been introduced by the Information Commissioner's Office (ICO) for personal data security breaches. As revealed by SC Magazine last year, there are plans to increase the punishing powers of the ICO and an announcement revealed that it will be able to order organisations to pay up to £500,000 as a penalty for serious breaches of the Data Protection Act.
SC Magazine | January 13, 2010
Heartland Breach Shows Why Compliance is Not Enough
Nearly a year after Heartland Payment Systems Inc. disclosed what turned out to be the biggest breach involving payment card data, the incident remains a potent example of how compliance with industry standards is no guarantee of security.
Computerworld | January 6, 2010
"Layoffs Prompt Insider Threat Fears, Cybersecurity Survey Finds"
Results from a new survey suggest IT professionals must be constantly vigilant in watching for employee reprisals against company systems, thanks to the uncertain economy and, in some cases, multiple rounds of layoffs.
SearchSecurity.com | Nov 11, 2009
"Federal Data-protection Law Inches Forward"
A sweeping new bill that would implement a national standard for data protection and breach notification got a boost of support today from the Senate Judiciary Committee. The committee approved the Personal Data Privacy and Security Act of 2009 (S.1490) by a vote of 15-5. The bill is now headed to the full Senate for consideration. If it becomes law, the bill, which was introduced by Sen. Patrick Leahy (D-Vt.), would require companies and government agencies to follow specific rules for protecting sensitive and personally identifiable data.
Computerworld | Nov 5, 2009
"Why CIOs Need to Get Real About Identity and Access Management in 2010"
Economic, demographic and technology forces are not only reshaping how businesses must deal with identity and access management but also ushering in a new crop of identity service providers, according to Bob Blakley, director of research of the privacy and security group at Midvale, Utah-based Burton Group Inc. Indeed, Burton predicts 2009 and 2010 will prove to be "watershed years" in the identity and privacy market, as companies look beyond traditional IAM software to a network of service providers that can address their changing needs.
TechTarget | Oct 15, 2009
"Survey: Most Organizations Struggling to Secure Data"
Hampered with issues such as lack of CEO support and budgetary resources, organizations are struggling to secure sensitive data and the majority have experienced a breach, according to a survey released Wednesday by the Ponemon Institute. The survey of 517 U.S. and multinational IT security practitioners who are involved in their company's efforts to comply with the Payment Card Industry (PCI) Data Security Standard (DSS), found that 71 percent of respondents believe their organization does not view data security as a strategic initiative across the enterprise.
SC Magazine | Sept 23, 2009
"Centralizing Governance, Risk Management and Compliance"
It seems like an inordinate amount of time is spent assessing potential risks these days rather than working on things that add actual value to the business. One of the reasons for this is that a lot of companies have not adopted a centralized approach to managing governance, risk management and compliance (GRC). Instead, they take on each individual GRC task separately, even though that task may be redundant because it was already dealt with when the organization complied with some previous requirement.
ITBusinessEdge | Sept 22, 2009
"Biggest Breaches of 2009"
There have been 356 data breaches so far in 2009, according to the Identity Theft Resource Center (ITRC). And 46 of those breaches have involved financial institutions - up from 34 at this same time last year.
BankInfoSecurity | Aug 28, 2009
"External Attacks Start With Unintentional Mistakes, Survey Finds"
The four walls around a company's data servers are continuing to erode as end users are finding it increasingly easier to use Web-based tools and bring their work home and on the road. The latest survey finds that companies are more concerned than ever about unintentional employee errors that can lead to data leakage. The IDC survey, which is of 400 high-level managers in the United States, the United Kingdom, France and Germany, was sponsored by EMC's RSA security division. It found that 52% characterized their incidents arising from insider threats as predominantly accidental. The problem is on the rise as a result of companies using contractors and third-party partners to do business.
SearchSecurity.com | Aug 25, 2009
"Quick Wins in Identity Management"
In order to get projects approved during this economic downturn, many IT directors have to demonstrate an almost immediate return on investment. The good news is that there are some pockets of low hanging fruit in identity management that have a very immediate ROI. But keep in mind the old wisdom of "think big -- start small -- grow big". Ideally your quick wins should lead to a broader, transformative strategy to deliver more value.
Computerworld | Aug 12, 2009
"CEOs Underestimate Security Risks, Survey Finds"
Compared to other key corporate executives, CEOs appear to underestimate the IT security risks faced by their own organizations, according to a survey of C-level executives released today by the Ponemon Institute.
Computerworld | July 15, 2009
"The Problems and Benefits of Identity and Access Management"
Identity and access management (IAM) is arguably the broadest issue in IT security. There are few other single concepts that impact as widely on so many areas as that of managing identity in an enterprise business context. From enabling employees to access the internal resources they need to fulfil business aims, through companies outsourcing functionality and hardware to consumers seeking to bank, trade or buy goods remotely, all are dependent on secure, reliable identity and access management.
SC Magazine | June 30, 2009
"Developing a GRC Strategic Plan"
Governance, Risk, and Compliance can be confusing to understand in their individual capacities - bring them together as GRC and it can be even more confounding. GRC is more than a catchy acronym used by technology providers and consultants to market their solutions - it is a philosophy of business.
Corporate Integrity Blog | June 1, 2009
"Best Practices: How to Implement and Maintain Enterprise User Roles"
Enterprise role management is key in efficiently managing user access rights and enforcing access policies such as segregation of duties. Roles help companies group coarse- and fine-grained access rights (like access to and functionality within a financial accounts application) into groups, called enterprise roles.
SearchSecurity.com | May 12, 2009
"In-house Fraud Cases Surge"
Fraud committed against companies by their own employees has surged this year, new data suggest, providing fresh evidence that the recession is fuelling a rise in crime.
Financial Times | May 10, 2009
"Can You No Longer Avoid Closely Monitoring Employees?"
The insider threat has always existed, but in an era of economic upheaval and uncertainty, the problem is only magnified. That point came across in a recent Ponemon Institute survey of 945 individuals who were laid off, fired or quit their jobs during the last year, with 59% admitting to stealing company data and 67% using their former company's confidential information to leverage a new job.
NetworkWorld | April 27, 2009
"Governance, risk management and compliance: Putting it together"
Governance, risk management and compliance (GRC) planning is still a new concept, but already it has gotten a bit of a bad rap. Mainly, it's been called too vague and, now, frequently gets overused by vendors hocking their wares – whether these solutions directly are related to GRC or not.
SC Magazine | March 5, 2009
"Government Security News: Responses to Risky Realities in Government IT"
You might not recognize the names Joseph Thomas Colon or Claude Carpenter off the top of your head, but there were people at the FBI and the IRS who knew them before both men allegedly broke into government IT systems between 2001 and 2004. The people who knew the two men best probably also knew when they crossed the line from average employee/contractor to potential security risk. Owing largely to the two agencies' inability to protect critical systems and data adequately from their own internal staff, they became victims of a severe security breach and sabotage.
Government Security News | February 24, 2009
"Deloitte: Firms Lack Confidence They Can Deter Internal Attacks"
Human error is the leading cause for IT system breaches, and most corporate security officials do not feel confident they can protect their organizations from internal cyberattacks, according to Deloitte Touche Tohmatsu's annual survey. In all, the survey, released Wednesday, found that the global recession is putting information at great risk for these companies.
SC Magazine | February 05, 2009
"Data Breaches Cost More Than Money"
A study by the Ponemon Institute found the average cost of data breaches - from detection to notification to lost business – is rising. The No. 1 cost to companies is lost business, which now accounts for 69 percent of total costs.
eWeek | February 2, 2009
"Shell fingers IT contractor in theft of employee data"
Oil company says outside IT worker used info from database to file fake unemployment claims.
Computerworld | October 10, 2008
"Data Breaches Reach Record High"
First, the bad news: data breaches continue unabated at U.S. corporations, governments and universities, already surpassing last year's record 446 breaches, according to the ITRC (Identity Theft Resource Center). Through the end of September, the total number of data breaches recorded by the ITRC was 516, averaging 57 breaches a month.
eWeek | October 7, 2008
"How secure is secure enough?"
If there is a Holy Grail in the information security industry, it surely is the answer to the question, "How secure is secure enough?" It's a question that many security managers have either avoided answering altogether or tried to quickly sidestep by throwing a fistful of mainly pointless operational metrics at anyone who cared to ask.
Computerworld | July 28, 2008
"Why are security pros dealing with compliance?"
The dawn of the age of IT compliance has had any number of consequences for IT staffs in general, and security teams specifically. Now, instead of simply worrying about whether the network is running properly and the good guys can get in and the bad guys can't, security specialists have to consider how every modification, deployment and installation they make might affect the company's compliance with PCI DSS, Sarbanes-Oxley or HIPAA.
SearchSecurity.com | July 17, 2008
"Rotting at the Core"
Forget Ukrainian hackers. A bigger threat to your company's data security may be sitting in one of its cubicles. In the first half of 2008, the fraction of data breach incidents caused by employees stealing information more than doubled compared to last year, according to a report released Monday by the Identity Theft Resource Center.
Forbes.com | June 30, 2008
"2008 Security Survey: We're Spending More, But Data's No Safer Than Last Year"
In the face of growing demand to target security investments based on risk management principles – a domain foreign to many CIOs and infosec practitioners – there's wisdom to be garnered from our peers.
InformationWeek | June 28, 2008
"GRC and IAM – You can't separate it"
Today it is not necessary to buy the IAM and the GRC products from the same vendor, especially because the GRC solutions are in their early stage. And due to the fact that IAM tools always will focus more on the IT level whilst GRC focuses on the business level I'm not sure whether they shall be really integrated. But one thing is sure: You will need both levels of tools to fully support the business requirements which are driving IAM today.
Kuppinger Cole's Blog | June 6, 2008
For more articles, visit the Headlines & Editorials Archive »
