Managing Passwords, Securely

I recently wrote about the desire, by many, to see the death of passwords.  All negatives considered, if passwords go away, it won’t be because people don’t like them but because they lose their efficacy and cost proposition (they’re effectively free, transportable, satisfy the “something you know” criteria, and they’re easy to replace).

Triange InfoSec Conference 2016

The Raleigh ISSA is hosting the annual Triangle InfoSecCon this Friday, Oct 21.  The event has a lot of content for the day and is a great investment in an infosec profession for those looking to learn and those who want to capture some conference hours before the end of the year.

The Death of Passwords

Password Management

 

Good enough.

It’s not a concept most people associate with information security people or the approach to information security but it is something we in information security desire.  We don’t want to overburden ourselves with unnecessary work or even management of controls.

Policy Framework

All Rights Reserved, Royalty-free license through Fotolia.com

 

A businesses need a policy framework to state its values, expectations and requirements in a meaningful way.

The policy framework depends on an organization’s structure to enforce ownership of these statements appropriately.  Policy frameworks aid in understanding the enterprise by setting the ownership of policies, their associated and supporting documents and by creating a structure where these statements can be found.

Cigital’s Agile Security Manifesto

All Rights Reserved, Royalty-free license purchased through Fotolia.com

I tend to operate in accordance with the four principles of Cigital‘s recent Agile Security Manifesto.

[su_pullquote align=”right” class=””]NOTE: I cannot state whether I’ve employed Cigital professionally but I have had interaction with them in my career.[/su_pullquote]