Archive for 'Access Management' Category
Failure to deprovision former employees presents a real risk to businesses. An article review. When terminating an employee you probably make sure that they turn in keys, access cards, and any other physical access credentials, but how sure are you that their electronic credentials have been revoked? A new study being highlighted by CIO Insight […]
Dan has whittled all the noise to five resources a Small Business Owner should investigate (and utilize).
Bill Burr admits security advice actually created more vulnerable passwords. An article review. If you’ve ever angrily questioned some seemingly arbitrary rule when creating a new password, there is some vindication for you: the former government official whose password security suggestions became the basis for many organization’s own standards now says he regrets writing the […]
For the sake of user comfort, new draft document calls for an end to mandatory password changes, and other requirements. An article review. Long-time readers may remember Dan’s Password Manifesto, originally published in the Hoosier Banker Magazine in 2008, where he spoke out against the “conventional wisdom” requiring frequent password changes, advocating instead other mitigating factors […]
Better think twice . . . or spring for the enterprise edition . . . before you use Windows Hello as a “stronger” authentication method.
“Mal-Configured Secure E-Mail . . .” A new risk arises as Secure Messaging Enters the Late-Majority Adoption Phase! Another one of those Dan’s New Leaf Posts, meant to inspire thought about IT Governance . . . . So we’re auditing a bank and they send us files using their shiny new “Secure E-Mail System” and guess […]
Process Flow for Institutions . . . and why Dan loves the Cybersecurity Assessment Tool! Another one of those Dan’s New Leaf Posts, meant to inspire thought about IT Governance . . . . Real quick: What should you do to get started on understanding the new Cybersecurity Assessment Tool (and its impact on future […]
If we are going to allow users to “harden” their endpoints, we had better be providing more robust “awareness training” about the risks that come with new assets.
An interesting article that we do not entirely agree with.
For those of you who are wanting to come into lightening-speed compliance with Section 164.308(b)(1) of the HIPAA Security Ruling, start telling your vendors that they need to revise their agreements to include the following.