市場觀點

Achieving Auditable Compliance with NERC CIP Reliability Standards

Beginning in 2010, energy producers and distributors face a looming challenge – to become “auditably compliant” with the Critical Infrastructure Protection (CIP) standards by the July 1, 2010 deadline. Developed by NERC, an independent, not-for-profit organization whose mission is to ensure the reliability of the bulk power system in North […]

Market Pulse Survey: Divide Between Business and IT Persists

We recently conducted our third Market Pulse Survey, which focused on the key drivers of access certifications and how organizations ensure their access privileges align with business policy. According to the 150 respondents, including many readers of this blog, there is clear evidence business users involved in these processes don’t […]

U.S. Data Security Laws: Is There Another SOX in your Future?

A recent Forbes feature, “The Year of the Mega Breach,” caught my attention last week. It includes a slideshow of 2009’s largest security breaches, and concludes that this year alone, more personal information was exposed through data breaches than ever before. The article appeared amid news about a T-Mobile data […]

Counting Down to the New Model Audit Rule

In less than three months, the new Model Audit Rule (MAR) will go into effect. Beginning January 1st, many non-public insurers will for the first time be required to comply with more stringent regulatory provisions, and public insurers that are already subject to SOX will be subject to additional reporting […]

Tales from the Trenches: Identity Governance Best Practices

In SailPoint’s recent issue of NAVIGATE, Kevin shares identity governance best practices based on his discussions with SailPoint customers: It’s important to take a step back from your identity governance initiatives to make sure you’re addressing security and compliance challenges in tandem. It not only makes your approach more efficient, […]

A Guide to Getting Started with Identity Governance

While identity governance is beginning to get more mainstream attention, companies are still struggling to understand what features and functionality fall under the identity governance umbrella. In last week’s Computer Technology Review, Jackie contributed an article, “Gaining Visibility and Control with Identity Governance: A Guide to Getting Started,” in an […]

Mitigating the Risk of Privileged Users and Accounts

The security risk posed by insiders is growing in magnitude. What’s at stake? Brand reputation, customer and shareholder confidence, even market capitalization. Companies can address many aspects of this business risk through proactive monitoring and controls, but addressing the risk of privileged “super” users and privileged accounts has remained a […]

All’s Fair in Security?

I read an interesting piece in InfoWorld by Roger Grimes, “A Sweet Solution to the Insider Threat.” The premise of Grimes’ article is that companies should use computer decoys, or “honeypots,” to catch workers attempting to login to resources they have no business reason for accessing. Honeypots by their very […]

Getting Real about Transparency: What You Can’t See May Bite You

In SailPoint’s second Market Pulse Survey (announced yesterday), we asked Global 2000 companies about how they are managing IT risk given the economic downturn and resulting corporate churn. Not surprisingly, given the recessionary budgets and resource allocations these companies are facing, the survey showed that companies remain very exposed to […]

Steak Dinner for Your Data?

I’ve been at the RSA Conference all week, so I just noticed an intriguing news item from The Register on Monday. The article details survey results from an unnamed security vendor, concluding that one-third of workers are open to bribes for data theft. It’s beyond the scope of this blog […]