Disclaimer: The opinions of the columnists are their own and not necessarily those of their employer.

Tag Archives: IAM

Campaign Lessons Learned—Part 3: Authenticity, Authority and Access

– From the cybersecurity professionals’ point of view, identity and access management (IAM) is really all a matter of authenticity, authorization and access permissions. Similarly, if the origin of a news item or blog or comment can be traced to a provably authoritative source, then it is more…

Data Masking: Good … Information Masking: Very Bad

– As we learn more and more about the huge data breach of the U.S. Office of Personnel Management (OPM), two aspects are grabbing everyone’s attention. One is the weakness of the security measures implemented by OPM and its contractors; the other is that senior management of OPM and purportedly…

Aircraft Safety … And Security

– There was once a time when aircraft crashes appeared to be due mostly to mechanical failures or malfunctioning aircraft control systems. Yes, some incidents were caused by terrorists, and there were some accidents due to “human error,” but a goodly number of those also had system and/or…

Confirmation of NSA IAM Deficiencies

– I read an article by Neil McAllister in The Register of August 30, 2013 confirming many of the suppositions that I made in my July 1, 2013 BlogInfoSec column “NSA: IAM … What IAM?” The article “NSA: NOBODY could stop Snowden—he was a SYSADMIN: Virtually unfettered access blew…

NSA: IAM … What IAM?

– Update: It has been several weeks since the Snowden leaks and, at time of writing, his every move, real and virtual, is being tracked by the media. While Snowden having access to top-secret information was mentioned briefly, as noted in this column, it wasn’t until weeks after the leaks (and…