At FAIRCON 2018, keynote speakers described FAIR as a quantitative risk analysis “movement” to change the way industry measures and manages risk. Deep, ongoing frustration in business and government circles with the seeming inability of increased cybersecurity spending to stop… Continue reading
The New Vulnerability and Risk Management (VRM) Paradigm: Holistic, Dynamic, Adaptive
The ability to perform effective Vulnerability Risk Management (VRM) is an important marker of IT security maturity. Why? Managing the flow of vulnerabilities in complex IT environments is a major challenge. So is recognizing, categorizing, and prioritizing IT security risks.… Continue reading
DIY Access Control Pitfalls Webinar Featuring Dan Beckett
DIY access control can be problematic. Dan Beckett will be co-presenting with Axiomatics’ Gerry Gebel on:
Hidden Pitfalls of Do-It-Yourself Access Control Development and How to Avoid Them
Wednesday, September 26, 11:00am PST | 1:00pm CST | 2:00pm EST
Register… Continue reading
Blockchain and Decentralized Identity Presentation for ISACA GWDC Chapter
Security Architects Partners’ Dan Blum will be speaking September 20, 8:30 AM, at the ISACA Greater Washington DC Chapter’s Cybersecurity and Risk Conference (Register). Here is the presentation abstract:
Blockchain Technology and Concepts of Decentralized Identity
Blockchains are… Continue reading
Explaining What We Do: What’s Your Cybersecurity Elevator Pitch?
The cybersecurity elevator pitch is a key communication tool, but security pros tend to struggle with it. For example:
My cousin’s son Ben is an enterprising real estate agent and golfer living on a beautiful New England island. Your CEO… Continue reading
Open FAIR Complements Risk Management Programs
Open Factor Analysis of Information Risk (Open FAIR) from the Open Group is the industry standard for quantitative risk assessment, and the first successful methodology of this kind. Open FAIR consists of a Risk Taxonomy Technical Standard … Continue reading
Active Directory Security Risk Factors and What to Do About Them (Part 2)
Active Directory security threats are increasing per part 1 of this post, and organizations must deploy an array of preventative, procedural, and detection controls to avoid becoming one of the next victims.
The AD protection matrix above depicts a… Continue reading
Active Directory Security Risk Factors and What to Do About Them (Part 1)
Active Directory security is a critical infrastructure issue for almost all large global organizations, including those using identity-as-a-service (IDaaS) solutions. IDaaS deployments frequently synchronize cloud-based directory accounts or passwords from the premise-based AD installation. Or, even if the IDaaS (e.g.,… Continue reading
Announcing New Partner, Webinar, and Going to IdentiVerse
In June doings for Security Architects Partners – it’s a busy month! We’re excited for Identiverse where I’ll be attending in my role of free lance KuppingerCole analyst. The figure below says it all; contact us if you’d like… Continue reading
IAM Funding Drivers Survey: Initial Results
Security Architects Partners is circulating an IAM Top 5 Funding Drivers Survey. Note that it is still open and you’re welcome to add your response. Our goal is to eventually get enough responses to be able to slice and dice… Continue reading