TODAS AS PUBLICAÇÕES
- Classificar por:
- Data ▲
- Título
- Curtir
- Comentários
- Visualizações
Welcome to the Security and Risk Management Blog
Welcome to the Security and Risk Management blog. This
blog is one of several within the Service Management Connect community,
and its purpose is to provide readers with ideas and perspectives about
the security and risk management solution directly from the
technical experts. Follow this blog, and you can get tips, tricks, and
perspectives on several security and risk management topics, including: Installation Integration Performance Customization Technical tips and tricks More... If you have specific topics for which you would like... [More]
Marcações: welcome blog overview |
Practical approach to Role Management
These days “role
management” or “identity and access governance” has taken the limelight for
anything related to Identity and Access Management projects. IT organizations are eager to understand
what these technologies provide, and want to ensure that these functions are covered
in any of their identity management project bids. Role management is really only a portion of
Identity and Access Governance, but its underlying benefits are clear and
compelling: better handling over access assignment growing demands,
facilitating... [More]
Marcações: modeling access identity and governance mining management security role |
Tivoli Access Manager for Single Sign-On support resources
I'm thrilled to find the all the documentation and support resources for the Tivoli Access Manager for Single Sign-On product on their Tivoli Doc Central page: http://www.ibm.com/developerworks/wikis/display/tivolidoccentral/Tivoli+Access+Manager+for+Enterprise+Single+Sign-On Kudos to the Tivoli Access Manager for Single Sign-On team for providing this all-in-one resource.
Marcações: doc-central |
Facebook IPO and OAuth
The Facebook IPO stumble has rekindled the usual hand-wringing about Facebook’s long term viability in light of the many failed social networking services in the past. But Facebook’s role as an identity service provider using the OAuth standard give it hope of overcoming the Facebook IPO stumble and staying in business when the Next Big Thing comes along and steals away the end users’ attention from their Facebook news feed. [Read this post.]
Marcações: security facebook oauth |
Flame malware and Leaky Abstraction
The Flame malware was over-hyped. But it’s a good exercise in
threat modeling. In my model, the attacker’s strategy is “leaky
abstraction.” [Read this post.]
Marcações: flame security security-intelligence threat-modeling |
Mitt Romney Email Hack Shames Hotmail
Gawker is reporting the Mitt Romney Email Hack story. Once again a public email service is embarrassed by a gaping hole in its security which is widely known and easily fixed. What you can do to protect yourself and simple low cost alternative’s to the so-called “security questions.”
Marcações: email mitt_romney hotmail security |
CloudFlare Hack and More Password Reset Woes
The CloudFlare hack is interesting not because of the damage that was done, but because of the multiple authentication system failures that were exploited to make it happen. It also sheds some light on the Achilles’ Heel of web-based services, the password reset procedure. http://www.itsecurityzone.com/cloudflare-hack/
Marcações: password-reset cloudflare security |
The LinkedIn Password Hack and Risk Transfer
In the aftermath of the LinkedIn password hack, much of the discussion has focused on secondary security issues like password hash algorithms and salting. But the root cause security issue and how to mitigate its risk are being overlooked. http://goo.gl/fi57K
Marcações: linkedin risk-management security |
Medical Data Flight Recorder Requirements?
The FDA’s Office of Science and Engineering Laboratories referenced work in its FY 2011 report to collect requirements for medical data flight recorders in medical devices. Isn’t there a large mature in dustry in event management that can be applied to this? [Read this post.]
Marcações: security siem |
Announcing the Secure Password Reset Campaign
Announcing the Secure Password Reset Campaign to end unsafe password reset procedures on web applications. [Read this post.]
Marcações: hacktivism security identity management pwdreset |
IBM EMEA Tivoli and Security Technical Conference
Gain Visibility, Control and Automation across your organization and infrastructure boundaries. Are you looking to increase your personal skills in the Service Management arena? Are a responsible for a team of Tivoli professionals who need to delve deeper into the products? Would you or your team benefit from learning deep technical skills from real experts in their fields? Then the EMEA Tivoli & Security Technical Conference 2012 is just what you need! Click here to learn more! One of the many business benefits of... [More]
Marcações: conference europe emea education |
Article 29 Data Protection Working Party on Cloud: Buyer Beware
The European Commission’s Article 29 Data Protection Working Party has issued a lengthy paper codifying the principle of “buyer beware” in its approach to cloud service providers in member states. [Read this post.]
Marcações: privacy security european-union |
Adding Social Media to your Product Support Toolkit
The Internet is changing the face of product support. It is an
undeniable fact that the manner in which we attempt to resolve problems,
be they complex software applications or finding the closest Italian
restaurant, is entirely different than 10, 5, or even 2 years ago. In
all facets of our daily lives, how we search for answers to even the
simplest of problems have been forever changed through online technology
and capabilities. The Internet permeates all aspects of our lives; how
many readers of this blog post do not understand... [More]
Marcações: social support business |
Amazon and Apple Account Hack: A Trifecta of Security Flaws
The
recent Amazon / Apple account hack shows three examples of the same
type of fundamental security flaw: using personal information as a
credential. [Read this post.]
Marcações: strong-authentication amazon pwdreset apple security authentication |
Privilege Escalation at the Low End
“All
or nothing” authentication for low end privilege escalation hampers
end-user adoption due to the inconvenience associated with
authentication. [Read this post.]
Marcações: authentication security mobile |
