From: Advice for Enterprises in 2014: Protect Your Core Data
One of the most important data breaches in history was an inside job. The NSA trusted a contractor, now most purple have heard of Edward Snowden.
Thoughts from ADubiousDude, a risk management and technology professional
From: Advice for Enterprises in 2014: Protect Your Core Data
One of the most important data breaches in history was an inside job. The NSA trusted a contractor, now most purple have heard of Edward Snowden.
Password Managers and Post-It Notes
Annoying or funny vignette?
As a security professional at a Fortune 500 I can tell you that few security professionals in a mature enterprise want to spend the resource hours to police where you keep your passwords. It’s a wasted investment. I’d rather give you better options & make doing “the right thing” (more appropriately, “the more secure & effective process”) easier for all users.
Moral: incentivize the behaviors you want.
In the corporate world single sign on (#SSO) or federated identities are enabling capabilities we target but given the lack of commoditization in this industry pricing for these abilities can be prohibitive (see #Okta or #OneLogin). This functionality will reduce in price with age & competition. The capabilities delivered securely will always cost though as any worthwhile business enabler does.
For personal use I’m a fan of LastPass. You can set it up with a Yubikey from Yubico as well.
Security & Risk Mgmt as Partners
Don’t be an Ostrich, remediate issues | CSO Blogs
Good article. Here’s the best excerpt if you don’t want to read the whole article.
“For a security program to be successful there needs to be backing from senior management. They need to support their staff. Enable security with the ability to execute and provide a safe framework for the enterprise to operate within. Security needs to be seen (and act) as a partner within an IT organization instead of an adversary. When half measures and evasion are relied upon by IT groups rather than doing things right the first time everyone suffers at the whim of the law of unintended consequences. It is far simpler to fix the problem in most cases than the waste energy trying to avoid it.”