SEARCH RESULTS
 
Showing 1-10 of 176 records
 
Expand article

On trial - role of the CISO

2008-04-26 16:32:46 by Stuart King in Stuart King's Security and Risk Management Blog
 
...role of the hapless and rather impotent CISO working for an overbearing CIO. There was a serious point to the exercise though - those barristers were playing for real and the legal terminology was all correct. The sentences handed out to the CIO and CEO, who were found guilty under section 450 of the companies act of destroying documents,...
 
Tags: role, ciso, role focuses, role encompasses, impotent ciso, security, information security, mock trial, view
 
 
 
 
Expand article

RBAC Standard Rationale: Comments on "A Critique of the ANSI Standard on Role-Based Access Control"

2008-01-07 09:15:52 by Editor in IEEE Security and Privacy
 
As the authors of the original proposal for the role-based access control (RBAC) standard and developers of the models from which it derives, the authors respond here to Ninghui Li, Ji-Won Byun, and Elisa Bertino's critique, which also appears in this issue. This is an opportune time in the revision cycle to introduce proposals for changes to...
 
Tags: standard, access control, authors respond, authors, revision cycle, critique, rbac, introduce proposals, ji-won byun
 
 
 
 
Expand article

Making role management work for the enterprise

2008-09-17 00:00:00 by HASH0x8b49324 in Network World on Security
 
Many IT security professionals still regard role-based access and identity management as hopelessly complex because the predominantly manual approach used to review and manage roles is not scalable and the dynamic nature of roles themselves often get out of sync with reality
 
Tags: roles, predominantly manual approach, manage roles, security professionals, dynamic nature, hopelessly complex, identity management, regard, sync
 
 
 
 
Expand article

Sun acquires Vauu

2007-11-14 08:25:51 by Andras Cser in Security & Risk Management
 
...role management software. As a result, it appears that the role management acquisition storm is starting. With BridgeStream acquired by Oracle and now Vaau by Sun, enterprise role maintenance is finally coming of age and will be part of Sun's Identity Management portfolio. Vauu's large number clients will continue to demand vendor agnostic...
 
Tags: sun, rbacx alive non-sun, rbacx, enterprise role maintenance, receive acquisition offers, iam suite vendors, role management portfolio, identity management portfolio, compliance requirements
 
 
 
 
Expand article

Who should do your security audits? Or, how do you organize the security department?

2008-02-07 22:25:32 by Steve Riley in Steve Riley on Security
 
...role of the auditing function -- to measure compliance. If we all agree that policies are good, then we should all agree that checking up on ourselves is also good So, then, who should conduct the audits? For comparison, let's examine a typical software development department. Here at Microsoft, such departments are composed of four...
 
Tags: information, information assets, information security, alignment folk, security alignment folk, information security department, alignment, security department, security
 
 
 
 
Expand article

WCF Security Guidance from P&P

2008-04-04 06:09:00 by Keith Brown in Security Briefs
 
...Role Provider with Username Authentication in WCF from Windows Forms How To - Use SQL Role Provider with Windows Authentication in WCF from Windows Forms How To - Use Username Authentication with the SQL Membership Provider and Message Security in WCF from Windows Forms How To - Use WsHttpBinding with Windows Authentication and Message...
 
Tags: wcf, wcf security, authentication, username authentication, windows forms, host wcf, windows authentication, message security, sql role provider
 
 
 
 
Expand article

WCF Security Guidance from P&P

2008-04-04 12:09:00 by keith-brown in Security Briefs
 
...Role Provider with Username Authentication in WCF from Windows Forms How To - Use SQL Role Provider with Windows Authentication in WCF from Windows Forms How To - Use Username Authentication with the SQL Membership Provider and Message Security in WCF from Windows Forms How To - Use WsHttpBinding with Windows Authentication and Message...
 
Tags: wcf, wcf security, authentication, username authentication, windows forms, host wcf, windows authentication, message security, sql role provider
 
 
 
 
Expand article

WCF Security Guidance from P&P

2008-04-04 12:09:00 by keith-brown in Security Briefs
 
...Role Provider with Username Authentication in WCF from Windows Forms How To - Use SQL Role Provider with Windows Authentication in WCF from Windows Forms How To - Use Username Authentication with the SQL Membership Provider and Message Security in WCF from Windows Forms How To - Use WsHttpBinding with Windows Authentication and Message...
 
Tags: wcf, wcf security, authentication, username authentication, windows forms, host wcf, windows authentication, message security, sql role provider
 
 
 
 
Expand article

Walking with the SDL Part 2

2008-07-21 16:56:00 by sdl in The Security Development Lifecycle
 
...role-specific security practices. Before I jump into the details, I want to encourage you to also read Shawn Hernans very good post about SDL training that highlights some of the ways to make security training effective The general security principles should explain why security is important, how you define security requirements, the process...
 
Tags: define security requirements, security requirements, requirements, security, security development lifecycle, development lifecycle, security pulse, perform security analysis, principles