Into the Breach – Audio Series – Chapter 12 (Final Thoughts: Courage to Act)
Welcome to the continuation of the Into the Breach: Protect Your Business by Managing People, Information and Risk audio series. (Click this link) to learn more about this how this book solves...
View ArticleMemo from users: educate, but don’t embarrass us
The moment we judge someone, we forfeit the ability to help. Seems like a lot of what is being promulgated in so-called “security awareness†today is nothing short of berating people with a list of...
View ArticleWhy people are not the problem in security and where to look (hint: grab a...
Do not put your faith in what statistics say until you have carefully considered what they do not say. ~William W. Watt Over the last few years, we have been presented a series of reports, complete...
View ArticleWhy the definition of security awareness matters
Your paradigm is so intrinsic to your mental process that you are hardly aware of its existence, until you try to communicate with someone with a different paradigm. ~ Donella Meadows Considering the...
View ArticleIdentity Management Series – Vacancy Management and Hierarchies Part 1:...
So far in this series on identity management, the focus has been on activities and cleanups for data that is ultimately handled by identity manager. Now we shift the lens to focus on an element of role...
View ArticleVacancy Management and Hierarchies Part 2: Line Management Hierarchy
In this month’s Introduction, three hierarchies were introduced. We continue the series discussing the first of those: line management. The line management hierarchy is the most common of the...
View ArticleVacancy Management and Hierarchies Part 3: Data/Access Ownership
How often has a customer sat waiting on an access request, only to discover that it was delayed because the approver left the company and there was no replacement? This is an all-too-common scenario,...
View ArticleVacancy Management and Hierarchies Part 4: Cost Center Ownership
I once talked to a finance manager and asked her why her group couldn’t produce an accurate list of cost center owners. Her response was simple, “I would love to have an updated list, but no one ever...
View ArticleVacancy Management and Hierarchies Part 5: Wrapping Up
This month we focused on vacancy management, shifting from the functions of identity manager to role manager. Vacancy management is difficult to control manually – in many cases an approval or...
View ArticleWhat a shopping carts reveals about security awareness
Tokens, Shopping Carts and Security Awareness What can grocery-shopping carts teach us about building security awareness that works to influence behavior change? Turns out perhaps more than imagined....
View ArticleIdentity Management Series – Workflows Part 1: Introduction
We started developing workflows in last month’s activity to manage vacancies. Relatively speaking, vacancy management workflows are comparatively simple and provide business-relevant quick-wins,...
View ArticleIdentity Management Series – Workflows Part 2: Provisioning and Deprovisioning
In this month’s Introduction, three workflow sets were introduced: Provisioning and deprovisioning (which I abbreviate as de/provisioning) Non-employee management User or access recertification This...
View ArticleIdentity Management Series – Workflows Part 3: Non-Employee Management
In the previous segment, we worked through the de/provisioning workflows. These are foundational to the non-employee management workflows in that a key objective of the non-employee management...
View ArticleIdentity Management Series – Workflows Part 4: User/access recertification
In the previous segment, we worked through the non-employee management workflows. These are a special-case of user recertification and relatively less complex, making them a good place to start. Having...
View ArticleIdentity Management Series – Workflows Part 5: Wrapping Up
This month, we focused on one of the key functionalities of identity management – workflows. Specifically, Provisioning and deprovisioning (which I abbreviate as de/provisioning) Non-employee...
View ArticleIdentity Management Series – Termination and Transfer Gotchas Part 1:...
In the previous series, we started prepping for the key workflows that make an IAM implementation worth the cost and effort. Implementing workflows effectively is critical to achieving the desired...
View ArticleIdentity Management Series – Termination and Transfer Gotchas Part 2:...
In the first segment, we looked at one extreme of transfers – a job change entailing a move between HR systems. In this segment, we’ll look at the other extreme of transfers – a job change that...
View ArticleIdentity Management Series – Termination and Transfer Gotchas Part 3:...
In the previous segments, we focused on special-case transfers that may be hard to recognize. At the macro level, when a user transfers between HR systems, a legitimate transfer can be mistaken for a...
View Article7 Sources of Data Breaches You’ll Never Hear About: Your Phone
Smart phones are now portable computers which just happen to make calls. Licensed from Stock Exchange. This post is the first in a series about preventable data breaches. Most Americans have received a...
View Article7 Sources of Data Breaches You’ll Never Hear About: Your Browser
Your Stored Passwords: Not exactly secured. Licensed from Stock Exchange. This post is the second in a series about data breaches you can prevent. We’ve already covered Phones and Personal Computing...
View Article