Blog Posts Tagged with "Authorization"


Is Your “Father’s IAM” Putting You at Risk?

October 13, 2017 Added by:Jackson Shaw

Identity and access management (IAM) is all about ensuring that the right people have the right access to the right resources and that you can prove that all the access is right.

Comments  (0)


Managing Insider Threats in Today's Digital Age

April 05, 2016 Added by:Steve Durbin

Most research on the insider threat focuses on malicious behavior. However, insider negligence and insider accidents comprise a greater and growing proportion of information security incidents. Chief Information Security Officers (CISOs) who limit their thinking to malicious insiders may be gravely miscalculating the risk.

Comments  (0)


Call Centers and PCI Compliance

June 28, 2012 Added by:PCI Guru

In a call center environment where operators are taking orders over the phone and accepting credit/debit cards for payment, until the card transaction is either approved or declined, we are talking pre-authorization data. Only cardholder data after authorization or decline is covered by the PCI DSS...

Comments  (2)


Securing User Credentials On Mobile Devices

November 13, 2011 Added by:Steven Fox, CISSP, QSA

Your mobile device is an interface into systems that can store potentially sensitive information about you, your company or your employer. Given its ease of use and portability, one would expect to find unique, strong credentials to guard against unauthorized access to these resources...

Comments  (0)


IBM AS400 (I-Series) Key Controls for User Accounts

November 09, 2011 Added by:Kevin Somppi

It is impossible to prove that a platform or program has no bugs; however, if you take the time to reasonably test and find the obvious vulnerabilities, and challenge the access which your user community has been granted, you stand a better chance of not being compromised...

Comments  (1)


WikiLeaks Lessons for IT Security

January 03, 2011 Added by:Eli Talmor

Obviously Data Loss Prevention policies need to be implemented on endpoint workstations across the Globe: Every document needs to be classified (i.e. encrypted) at generation. The document encrypted should be also “fingerprinted” to prevent distribution in “un-encrypted” form...

Comments  (0)


Are You Protected From Zeus?

December 31, 2010 Added by:Robert Siciliano

Zeus is designed to steal bank account login credentials. It has traditionally targeted PCs, but has now been updated to attack cell phones as well, with one version of the malware intercepting SMS confirmations sent by banks to customers, and defeating the fund transfer authorization codes...

Comments  (0)