Stories about: Logical

Wealth management firm AMP has rejected established auditing and security frameworks for a procedure list hand-drawn by its own head of security.

When risk is present it calls for treatment, and security is a never-ending process... right? Yes, but as a security professional, it's easy to become focused on the hard problems (download PDF) of security -- falling into the arms race for more, more, more security controls -- and lose sight of the impact of the controls themselves.

When companies decide to combine logical and physical security, one of the first challenges they face is finding a leader who has been exposed to both information security and physical security. Someone has to be put in place to create change. Who is this person? What is his skill set? Where can she be found? Does he or she actually exist?

Many people fear them, but most hackers are no more than simple point and click operators (the basic script kiddie) that are incapable of anything but using tools created by others.

BMC Australia has won a deal with explosives, chemicals and paint making giant Orica to provide automated employee identity management to accelerate the productivity of new employees.

The rapid consolidation in the anti-data leakage market in the past year is enough to make an IT manager's head spin: This segment of the security sector ballooned to include dozens of start-ups, then even more quickly dwindled down to a few independent companies as larger vendors cherry-picked smaller ones to add data leakage to their own product portfolios.

Faced with looming regulations such as the Health Insurance Portability and Accountability Act and the Sarbanes-Oxley Act, Craig Shumard, chief information security officer for healthcare provider Cigna, knew he needed better tools for role-based access control.

As long as IT managers encrypt data using only one vendor's products, the keys used to decrypt that data can be relatively easy to manage. But it will likely become much more complicated as more vendors build encryption into more and different types of storage devices, each with their own key management system, and as users need to move encrypted data among devices for disaster recovery, legal discovery or simply everyday business communications.

The Federation for Identity and Cross-Credentialing Systems (FiXs) -- a little-known group of non-profits, government contractors, commercial entities, and government agencies -- has recently unveiled a first-of-its-kind global infrastructure to support distributed, integrated identity management and cross-credentialing across organizations. The implementation combines several existing security technologies along with a set of trusted models, policies, and operating rules to insure the accurate identity of personnel accessing physical sites or logical systems.

Question: We have contractors perform a number of critical services, such as managing our IBM blade servers. These staff have to be on the LAN, and they're long-time contractors, so trust levels run pretty high, but I know they shouldn't be able to go everywhere on the LAN. How can I limit their access while still letting them do their jobs, and most important, not making them feel like I don't trust them?

Security convergence -- integrating building- and IT-access systems --- is supposed to make life easier for everyone: IT, building security staff and employees coming into the office each day.