Access Control includes authentication, authorization and audit. It also includes additional measures such as physical devices, including biometric scans and metal locks, hidden paths, digital signatures, encryption, social barriers, and monitoring by humans and automated systems. Authorization may be implemented using role based access control, access control lists or a policy language such as XACML.
Information technology (IT) security is indispensable to an organization's ability to conduct business and achieve its objectives. Security requirements affect almost every business process and system, and successful security measures help protect a business’ brand value, stakeholder confidence, risk management strategies, and compliance status. Requirements vary among industries, geographies, and regions, but the need to protect privacy, retain important data, and facilitate e-discovery are common to all. This paper provides an overview of the regulatory landscape and identifies steps to take for defining a flexible compliance strategy. Download Now
With one new infected webpage discovered every 4.5 seconds, there is no longer any such thing as a "trusted website". As the internet becomes an increasingly mission-critical tool, new media such as blogs and social networking sites are a necessary part of business. This paper describes today's new web threats, highlights the need for a positive security model to replace yesterday's access-blocking approach, and describes the three pillars of protection organizations need to safeguard their systems and resources. Download Now
Learn about the financial institution safeguards included in the Gramm-Leach-Bliley Act (GLBA) and how your organization can institute an orderly set of compliance steps using an automated configuration audit and control solution. Download Now
Since the adoption of SOX, much has been learned about IT compliance. Discover how to make SOX efforts more effective in "Sustaining Sox Compliance." Download Now
This white paper explores insider attacks and insider risk, and shows how to control them by controlling and monitoring access. The paper describes the more common vulnerabilities exploited by insider attacks and a method for assessing insider risk. Download Now
Looking for a network security solution? Whether you've already adopted NAC for your enterprise or are researching options, download this helpful survey presented by IDC about NAC benefits and vendor overviews. Download Now
Learn how delegating administrative privileges can aid in improving administrative productivity, system availability and security, while satisfying the demands of auditors. Read this new white paper from NetIQ today. Download Now
Learn how to meet regulatory requirements for system change and user activity monitoring with NetIQ Change Guardian for Windows, without the need for performance-hindering native auditing.
While 802.1X has a growing presence, it's still immature and may not provide all the policy enforcement features commonly required in most organizations. This white paper focuses on the 802.1X standard for authentication and access control and how it compares to the Nevis approach for LAN security.
Companies are yearning for a solution to guard their network from security risks such as external or untrusted users, and unmanaged endpoints on their internal LAN. NAC technology works well, but a strategic solution is required to fully address the problem of the dissolving network perimeter.
Learn why organizations need to limit IT administrator power to ensure operational integrity and assure compliance and how to implement robust change control processes and tools with this white paper. Download Now
When the U.S. Congress passed the Health Insurance Portability and Accountability Act (HIPAA) of 1996, among the law's many provisions was the establishment of formal regulations designed to protect the confidentiality and security of patient information. In addition to mandating new policies and procedures, the HIPAA security regulations require mechanisms for controlling access to patient data on healthcare providers' information technology (IT) systems. Download Now
More than ever, SMBs need to focus on security as part of their IT infrastructure, building around it rather than considering it as an afterthought. This has become even more critical over the past few years as many businesses have unwittingly lost their customers’ personal data due to security breaches, and as states and countries have responded by enacting laws to force the businesses to implement additional levels of protection. Download Now
High-privilege administrative accounts hold the keys to the most sensitive IT functions and resources - yet this level of access is far too often based on little more than trust alone. Enterprise Management Associates (EMA) examines this critical issue in IT security administration to help businesses move from a trust-based system to a secure, auditable process. Download Now
Drawing the line between employee web usage and company policy is challenging for IT Managers. Download this whitepaper to help make informed decisions about your own web monitoring requirements FREE Whitepaper (PDF/40KB)
Organizations today are focused on controlling access to and protecting their structured data, i.e. information held within their databases. This only represents approximately 10% of their data security risk, the remaining 90% being Unstructured Data. Unstructured Data, single files, stored in insurmountable quantities within the organization, is growing exponentially and the onus is on the Business to have visibility and control of its Access, Usage and Storage. Download Now
At the end of an academic year, many thousands of students may permanently leave a school or university system. Once these users graduate, discontinue their education, or perhaps simply move away, IT administrators are left with a huge number of accounts that must be marked as inactive and then dealt with according to system policies. Download Now
Password practices that improve security are by their nature burdensome to the user, resulting in passwords difficult to remember which are often changed about the same time they have finally become memorized. Yet password security remains a cornerstone of system security: as much as 80% of security breaches take place not through arcane hacking and virus attacks, but through system infiltration facilitated by use of a password. Download Now
Windows’ newest technology, the User Account Control, found in the Vista operating system has been erroneously called an additional level of security by many computer security professionals. Instead, in the hope to reduce the incidence of malware, unauthorized software installation, and unintentional system changes the User Account Control separates standard user tasks from requiring administrator level password access.
Applying structured data management principles to a firm’s content is a means to derive business advantage from unstructured corporate content. This ESG report highlights the key business and technology objectives of archiving stakeholders across the organization as well as the requirements for delivering a content archiving strategy and infrastructure. Download Now
2008 brings with it new challenges and issues that network and systems administrators should be aware of, particularly vulnerabilities brought on by users. This white paper examines the top concerns which network security professionals should be prepared to face in 2008, and how they can be mitigated. Download Now
Identity and Access Management (IAM) is a core element of any sound security program. But IAM is also difficult to implement because it touches virtually every end user, numerous business processes as well as every IT application and infrastructure component. As such, successful projects require input and cooperation from many internal groups, an effort that can be difficult to organize. Download Now
For those charged with selecting all or part of their organization’s identity and access management (IAM) solution, making the right decision may seem daunting. A comprehensive solution has many intertwined elements. New technologies and new threats are continually introduced. The information you’re faced with is complex. This document provides a concise and comprehensive guide to helping you determine what’s most important in selecting an IAM solution. Download Now
The role that the IT professional plays in Identity and Access Management (IAM) continues to move forward at a rapid rate, and IAM has become a key tool in the organization’s security and risk management efforts. Read this paper and find out if your organization is realizing the potential of a fully evolved IAM solution. Download Now
