We examine the remaining five challenges and how Active Directory provides a solution.
As more users need multiple identities to access the applications they need regularly, IT has its hands full maintaining security.
From the Sun/Oracle acquisition to radical changes in the server market, it's been a topsy-turvy year in IT. We take a look at the highlights.
Logs must do more than just record the facts
Where should an enterprise begin when undertaking a governance, risk, and compliance project, and how can IT avoid common project mistakes?
As awareness of SharePoint access control complexity grows, organizations are are focusing on security and compliance for their SharePoint deployments. We offer best practices to address these concerns.
Don’t overlook these seven steps you can take to complete your PCI compliance efforts.
Service-oriented IT processes and technologies will help managers bring the enterprise into line in 2008—perhaps not a moment too soon. We can't shake the feeling that something big and very bad is lurking 'round the corner. Grab a security blanket and carefully read on for the hopes and horrors of 2008.
While reacting to changes in the market, a health care services company has proactively tightened down security beyond HIPAA and aims for certification on the relatively tough ISO 27001 standard.
Learn the 10 best practices for access management collaboration.
Fines and fees are looming after the September 30 PCI compliance deadline. Still, less than half of merchants report full compliance with PCI security requirements, and encryption failures contribute to four out of five failed PCI audits. Why can't companies get encryption right? Here are five key steps for overcoming encryption hurdles.
If it seems that companies aren't learning anything from the front-page security mistakes of competitors, take heart: Consultants and security experts are. Based on their experience and observations, here are 10 security gaps the experts have observed over and over, along with advice for addressing them.
Records management, in the words of the related ISO 15489 standard, is the "creation, receipt, maintenance, use and disposition of records." An increasing number of regulations have driven companies to put their records management programs in order. Learn the top 10 best practices for ensuring the integrity of your records.
No single enterprise risk management framework is comprehensive enough to guide your company in meeting all of its compliance, governance, and risk management needs. Instead, you'll want to selectively combine standards by building around a central framework, such as COSO or AS/NZS 4360, and reinforcing it with one or more of these risk assessment standards.
Fact: Information systems are porous. Most companies will, despite their best efforts, allow some level of data exposure during the next year. Are you ready? Learn the tools and processes you need in place now to control data-breach damage, perform digital forensics, and gather the evidence required to recover and reduce risk.
Although the spotlight tends to shine on the poor grades federal agencies receive for their information security efforts, notable security successes in government are often overlooked.
In compliance, a focus on technical security can eclipse human factors. Particularly in IT compliance, a focus on technical security tends to eclipse human factors, with serious compliance implications. Good training programs need to be measured, controlled, and incorporate feedback loops so that the people responsible for the rulemaking getinput from the enforcers and (more importantly) from the employees who are subject to them.
Mobile data management: a risk vs. reward scenario for business. Mobile data management presents a classic risk vs. reward scenario for business. While mobile devices are all but essential for many aspects of business, the risk of lost or stolen data is significant. Learn how companies are controlling the risk around these proliferating devices by assessing critical areas of mobile data management.
Properly implemented, access controls only give employees access to the applications and databases they need to do their jobs. At many regulated organizations, such controls are too often manual, outdated, and largely ineffective. Here's how to overhaul your access control program.
Properly implemented, access controls only give employees access to the applications and databases they need to do their jobs. At many regulated organizations, such controls are too often manual, outdated, and largely ineffective. Here's how to overhaul your access control program.