FAIRCON Showcases Quantitative Risk Analysis on the Cusp of Adoption
At FAIRCON 2018, keynote speakers described FAIR as a quantitative risk analysis “movement” to change the way industry measures and manages risk. Deep, ongoing frustration in business and government circles with the seeming inability of increased cybersecurity spending to stop… Continue reading
Explaining What We Do: What’s Your Cybersecurity Elevator Pitch?
The cybersecurity elevator pitch is a key communication tool, but security pros tend to struggle with it. For example:
My cousin’s son Ben is an enterprising real estate agent and golfer living on a beautiful New England island. Your CEO… Continue reading
Open FAIR Complements Risk Management Programs
Open Factor Analysis of Information Risk (Open FAIR) from the Open Group is the industry standard for quantitative risk assessment, and the first successful methodology of this kind. Open FAIR consists of a Risk Taxonomy Technical Standard … Continue reading
Active Directory Security Risk Factors and What to Do About Them (Part 2)
Active Directory security threats are increasing per part 1 of this post, and organizations must deploy an array of preventative, procedural, and detection controls to avoid becoming one of the next victims.
The AD protection matrix above depicts a… Continue reading
Active Directory Security Risk Factors and What to Do About Them (Part 1)
Active Directory security is a critical infrastructure issue for almost all large global organizations, including those using identity-as-a-service (IDaaS) solutions. IDaaS deployments frequently synchronize cloud-based directory accounts or passwords from the premise-based AD installation. Or, even if the IDaaS (e.g.,… Continue reading
IAM Funding Drivers Survey: Initial Results
Security Architects Partners is circulating an IAM Top 5 Funding Drivers Survey. Note that it is still open and you’re welcome to add your response. Our goal is to eventually get enough responses to be able to slice and dice… Continue reading
GDPR Unsubscribe Notice
This blog uses a service called Mailchimp to mail copies of new posts to persons that have previously subscribed to receive them. To be able to do this, Mailchimp stores a copy of the subscribers’ names and email addresses … Continue reading
FIDO2 Moves Forward with Passwordless Authentication
FIDO, Finally, Almost: Passwordless authentication is now becoming a possible dream, thanks to the ongoing standards work at the Fast Identity Online (FIDO) Alliance and the collaboration between competitors, such as Microsoft and Google.
Sources: RSA Conference 2018 (upper figure),… Continue reading
Microsoft Uplevels Data Protection With Azure Information Classification and Labeling Features
In our KuppingerCole report “Exploring the Microsoft Azure Information Protection Landscape” (subscription required) we describe Microsoft’s Azure Information Protection and it’s industry impact.
Azure Information Protection Summary
Clients’ data protection challenges span multiple technologies, including data leakage… Continue reading
Blockchain Security Concerns and Un-Concerns
Interest in blockchain has skyrocketed, with many believing the technology to be as transformational as the Internet itself. Blockchain’s promise boils down to two related propositions: first, that it can enable vast decentralized populations to collaborate and transact business; second,… Continue reading