Access Control — Features

Who's Who in Role Management?

The role management software vendor community is relatively young, and as such, Burton Group says there is no clear market leader. Vendors can be categorized into two segments: general purpose solutions and embedded solutions.

Mary Brandel | 09 Sep | Read more

Role management software: Making it work for you

Role management software enables the creation and lifecycle management of enterprise job roles, according to Forrester Research. It does this by discovering and logically grouping application-level, fine-grained authorizations and entitlements into enterprise job roles, which can then be assigned to people by rule-based provisioning or request-approval workflows.

Mary Brandel | 09 Sep | Read more

Security and the generational divide

The generation gap. It's a term that has been used for decades to describe the differences between people in various age groups. Corporations are constantly considering what makes different generations tick when it comes to recruiting and retaining employees. But security experts say companies also need to examine age-based perspectives and habits when it comes to risk assessment and policies.

Joan Goodchild | 11 Aug | Read more

12 ways to visualize network security

Remember the old M&M analogy - security is like an M&M candy, hard shell on the outside, soft on the inside. In other words, put up firewalls, built a strong perimeter and you're good to go. Of course, nobody believes that M&M-type security is sufficient in today's world of insider threats, data leakage, mobile workers, thumb drives and sophisticated malware. So, what's the new metaphor? We asked around and came up with a number of interesting and useful ways to think about enterprise security.

Network World staff | 15 Jul | Read more

Four signs your security program's gone too far

When risk is present it calls for treatment, and security is a never-ending process... right? Yes, but as a security professional, it's easy to become focused on the hard problems (download PDF) of security -- falling into the arms race for more, more, more security controls -- and lose sight of the impact of the controls themselves.

Jon Espenschied | 25 Jun | Read more

Five free pen-testing tools

Security assessment and deep testing don't require a big budget. Some of most effective security tools are free, and are commonly used by professional consultants, private industry and government security practitioners. Here are a few to start with.

Jon Espenschied | 28 May | Read more

Six hours to hack the FBI (and other pen-testing adventures)

It takes a lot to shock Chris Goggans; he's been a pen (penetration) tester since 1991, getting paid to break into a wide variety of networks. But he says nothing was as egregious as security lapses in both infrastructure design and patch management at a civilian government agency -- holes that let him hack his way through to a major FBI crime database within a mere six hours.

Sandra Gittlen | 28 May | Read more