Access Control

Access Control news, information, and how-to advice

Tablet with lock showing secure encryption

Enhancing API security: dynamic authorization to protect sensitive data

APIs that handle sensitive data pose security and data access control threats, require advanced security solutions. API Gateways effectively manage the authentication of the user and provide service orchestration capabilities. But if...

06 authentication

How to protect your email account from Equifax hackers in 5 minutes

Use two-step verification to protect your email accounts from the Equifax hackers.

business meeting 146783744

Using identity to protect the mobile perimeter

It’s the biggest threat surface and best enforcement point for enterprise security

abandoned ship

Abandoned mobile apps, domain names raise information security risks

When app creators abandon domains for bigger, better deals, what happens to all the app-specific data?

solar eclipse

When identity data eclipses digital identity

Digital identity needs to be redefined as verified identity data. Identity data, using the right tools, can be used to carry out online jobs on behalf of the real me. But the right technology, aka personal data stores, need to be in...

containers port ship boat

Top 5 container mistakes that cause security problems

As enterprises increase their adoption of containers, they are also increasing the number of security mistakes they make with the technology.

europe data privacy rules primary2

Hacking the GDPR

Using anonymization and pseudonymization to reduce the overhead of GDPR compliance.


Cylance blamed for DirectDefense’s ‘botnet’ disclosure

Twenty-four hours after Carbon Black responded to a report from DirectDefense that their Cb Response product was leaking customer information (it doesn't), one company executive is pointing the finger at Cylance as the source of the...


Pentest firm calls Carbon Black "world’s largest pay-for-play data exfiltration botnet"

On Wednesday, DirectDefense, Inc. disclosed that they've discovered hundreds of thousands of files from Carbon Black customers. The discovery is said to pose a significant risk to Carbon Black's clients, because of the company's...

coal power station

Engineering firm exposes SCIF plans and power vulnerability reports

Chris Vickery, director of cyber risk research at UpGuard, Inc., says that a misconfigured Rsync server maintained by Power Quality Engineering, Inc. (PQE) exposed client information pertaining to critical infrastructure for the City...

encryption security lock 100052900 large

What's the ROI on attribute-based access control?

Despite the predicted growth of attribute-based access control (ABAC), misconceptions about it leave decision makers concerned about ROI

sort filter sift flour separate bake

The road to APIness in customer identity

Ditching the identity platform for a universal identity API approach. Using API recipes to build the identity ecosystem moving away from the static platform designs, to a world where identity and data components truly come together...

career roadmap sysadmin

'Jump boxes' and SAWs improve security, if you set them up right

The concept of a traditional “jump box”, a secure computer that all admins first connect to before launching any administrative task or use as an origination point to connect to other servers, has morphed into an even more...

Anonymized identity

The thorny issue of verifying humans

Customer identity access management and how verification of users is not working. A look at the concept of levels of assurance (LOA) as an integer based system that needs a rethink. How probability based identity is the way forward....

python snake programming language

Insider wreaks havoc on company—after he resigns

Over the course of several weeks, a former Navarro Security employee used off-the-shelf tools to destroy files, compromise email and redirect the company's web traffic to a competitor.

Game of Thrones

Banking's 'Valar Morghulis' moment

HBO's smash hit series features two-factor authentication in a way that should resonate for the young professionals most banks want to attract to their online services.

04 insider threat

How to spot and prevent insider threats

Are departing employees taking data with them? Here’s what you need to know about detecting insider threats and better protecting your enterprise network and proprietary information.

Met museum puts new technologies on display

Night at the information security museum

Museum physical security incidents provide an excellent learning mechanism for information security teams. With that, I’d like to look at three major museum incidents and provide a lesson learned from each for information security...

behavior facial expressions emotions

You can steal my identity, but not my behavior

The compromise and misuse of identity is at the core of modern threats and data breaches. This has been documented for years and continues to escalate. As a result, we are rapidly approaching the end of life for password-based...

coal power station

New report examines the weaknesses of industrial environments

A new report from FireEye examines the attack surfaces shared by a number of industrial enterprise operations, including electric utilities, petroleum companies, and manufacturing organizations. The six weaknesses outlined by FireEye...

Load More