http://cloud-compliance.web5.hubspot.com RSS feed for Identity and Access Assessment (IdAA) Resources 60 http://docs.google.com/fileview?id=0ByKj0QGxVTJ2MWEyMzAwMGMtYTgwYS00MzEyLWI5OWItOTNjYzI2ZTgzOTQz&hl=en http://docs.google.com/fileview?id=0ByKj0QGxVTJ2MWEyMzAwMGMtYTgwYS00MzEyLWI5OWItOTNjYzI2ZTgzOTQz&hl=en 2010-01-03T22:08:04.0770000Z This white paper discusses Identity and Access Assessment (IdAA) solutions, which improve the efficacy of access controls and entitlement management systems, and reduce the cost of achieving compliance. (IdAA) access control entitlements excessive access rights Identity and Access Assessment Sun, 03 Jan 2010 16:08:04 GMT http://www.amazon.com/Cloud-Security-Privacy-Enterprise-Perspective/dp/0596802765/ref=sr_1_1?ie=UTF8&s=books&qid=1257620387&sr=1-1 http://www.amazon.com/Cloud-Security-Privacy-Enterprise-Perspective/dp/0596802765/ref=sr_1_1?ie=UTF8&s=books&qid=1257620387&sr=1-1 2009-11-07T19:03:36.0300000Z Tim Mather, Subra Kumaraswarmy, and Shahed Latif provide a thoughtful analysis of cloud-related swecurity and privacy issues. compliance risk management security Sat, 07 Nov 2009 13:03:36 GMT http://mba.tuck.dartmouth.edu/digital/Research/ResearchProjects/DataFinancial.pdf http://mba.tuck.dartmouth.edu/digital/Research/ResearchProjects/DataFinancial.pdf 2009-10-06T01:10:36.7530000Z Excerpt from the study: "The frequent shifting of staff may result in information users collecting system entitlements over time if the system access is not actively managed, resulting in a toxic combination of privileges." Mon, 05 Oct 2009 20:10:36 GMT http://www.gartner.com/DisplayDocument?ref=g_search&id=1158212 http://www.gartner.com/DisplayDocument?ref=g_search&id=1158212 2009-10-06T01:08:20.8470000Z Gartner states that SIEM + IAM = user activity monitoring, and that user activity monitoring is important for both threat management and compliance management. But isn't there a better way? Mon, 05 Oct 2009 20:08:20 GMT http://searchsecurity.techtarget.com/magazineFeature/0,296894,sid14_gci1365957_mem1,00.html http://searchsecurity.techtarget.com/magazineFeature/0,296894,sid14_gci1365957_mem1,00.html 2009-10-06T01:05:24.3100000Z Article in which Bruce Schneier, the Chief Security Technology Officer of BT and a highly regarded security guru, states "In the end, a perfect access control system just isn’t possible; organizations are simply too chaotic for it to work." Mon, 05 Oct 2009 20:05:24 GMT http://www.amazon.com/Security-Metrics-Replacing-Uncertainty-Doubt/dp/0321349989 http://www.amazon.com/Security-Metrics-Replacing-Uncertainty-Doubt/dp/0321349989 2009-10-06T01:01:45.4000000Z Book by Andrew Jaquith, a Forrester analyst, describes the value of good metric and benchmarks. He states "Today’s information security battleground is all about entitlements—who’s got them, whether they were granted properly, and how to enforce them." Mon, 05 Oct 2009 20:01:45 GMT http://www.rsa.com/solutions/business/insider_risk/wp/10388_219105.pdf http://www.rsa.com/solutions/business/insider_risk/wp/10388_219105.pdf 2009-10-06T00:58:08.0830000Z Survey of over 400 respondents in the U.S. and Europe reports that out of date and/or excessive privilege and access control rights for users are viewed as having the most financial impact on organizations. Mon, 05 Oct 2009 19:58:08 GMT http://www.deloitte.com/dtt/cda/doc/content/dtt_gfsi_GlobalSecuritySurvey_20070901.pdf http://www.deloitte.com/dtt/cda/doc/content/dtt_gfsi_GlobalSecuritySurvey_20070901.pdf 2009-10-06T00:54:33.6570000Z Global security survey, includes top audit findings for 2007 Mon, 05 Oct 2009 19:54:33 GMT http://www.deloitte.com/assets/Dcom-Shared%20Assets/Documents/dtt_fsi_GlobalSecuritySurvey_0901.pdf http://www.deloitte.com/assets/Dcom-Shared%20Assets/Documents/dtt_fsi_GlobalSecuritySurvey_0901.pdf 2009-10-06T00:53:05.2470000Z Global security survey, includes top audit findings for 2008 Mon, 05 Oct 2009 19:53:05 GMT