Legislation: A Good First Step to Cybersecurity Leadership
President & CEO
A year can make a big difference in technology – and in politics. A
year ago, the federal government was failing badly at establishing a
leadership position in cybersecurity. Interim cybersecurity czar
Melissa Hathaway had resigned amid delays to appoint a full-time
federal director. The politicians were thinking about anything but the
defense of our nation’s computing infrastructure. And the attacks kept
Fortunately, things for the good guys have improved. We’ve got a
veteran in Howard Schmidt firmly established in the federal
cybersecurity leadership role. And, more importantly, the legislators
are working hard to give him and other security leaders within the
government enough authority, tools and cash to actually make a
difference in the fight for digital ground.
I’ve long been an advocate of establishing cybersecurity laws that have
teeth and authority to prevent and deter attacks to our infrastructure.
I believe that the drafts that we’re seeing of Senator Joe Lieberman’s Protecting Cyberspace as a National Asset Act of 2010 are
a good first effort from legislators in order to do that.
The law provides guidance and authority to establish a cabinet level
position in cybersecurity with authority, staff and budget to carry out
important security initiatives. And it also provides considerable
prescriptive guidance in the way the government deals with known
infected computers that are perpetuating attacks against national
I especially find the first point extremely refreshing. The fact that
at the executive level we are going to provide accountability for both
success and failure of different federal agencies in regard to whether
or not they achieve security is encouraging. The bill is quite specific
– when agencies don't achieve security requirements, their leaders are
subject to loss of bonuses and loss of incentive pay.
Read the rest of “Legislation
a good first step to cybersecurity leadership” in SC Magazine.
do you think? Email
me at: firstname.lastname@example.org.
Tip of the Month
Securing Application Credentials
Enterprise Random Password Manager continuously secures embedded
passwords in web application tiers, packaged software programs,
line-of-business applications, custom programs and more – automatically
changing embedded passwords according to rules that you define for
complexity and change frequency, and synchronizing all changes across
interdependent tiers to prevent lockouts and service disruptions. Learn
| Customer Snapshot:
Carnegie Mellon University
is a global research university with more than 11,000 students, 84,000
alumni, and 4,000 faculty and staff.
Situation: The IT staff required a way to automatically update
and securely store privileged account passwords to help protect data.
Solution: Enterprise Random Password Manager (ERPM) was deployed
to the enterprise and operational in less than one day.
Result: Local accounts are now updated with unique passwords on
a routine basis and all sensitive privileged passwords are securely
stored in a vault.
took less than one day from the time that we started the installation
until we changed all of the privileged passwords on our machines. It
was that simple. ERPM satisfied our purchase criteria on day one. Now
we’re in the value-add stage."
- Joe Corey, Windows Services Team Lead, Carnegie
Mellon IT Group
to read the detailed case study.
New in Identity Week
commentary on our Identity
Week blog this month includes:
is CyberSecurity Awareness Month. October 2010 is the seventh
annual CyberSecurity Awareness Month, a campaign to remind Americans of
a shared responsibility to protect the nation’s cyber networks and
for Destruction. Last weekend the Washington Post published an
analysis showing how the notorious Stuxnet worm could become the model
for a cyber attack on US infrastructure...
PUM, and IAM Explained. As the Identity Management market continues
to evolve we’ve noticed growing confusion regarding the differences
between Privileged Identity Management (PIM) , Privileged User
Management (PUM), and numerous other terms...
Events / Press /
- Lieberman Software Grows Worldwide Sales
Through Expanded Global Partner Program.
In addition to Aquion, other recent additions to Lieberman Software’s
international partner program include NetBR and Secure1 Technology in
Brazil, Nanjgel Solutions in Dubai, Magix Integration in South Africa,
INSERTO AG in Switzerland, PRIOLAN and IBV Informatik GmbH in Germany
and GE Multitech in the United Arab Emirates.
The Impact of Evolving Cybersecurity Threats. Philip
Lieberman talks about his experiences as an advisor on the
Lieberman-Collins cybersecurity bill and the next steps in this
legislative process, cybersecurity threats to the utilities industry,
the problems associated with a shortage of domestic IT security
professionals, and his extensive experience helping secure data in
government agencies, military organizations, and private industry.
insider threat? Sys admin gone rogue. Network World. The
Lieberman password-manager software is sometimes referred to as a type
of "firecall" tool that gives top IT managers a way to approve accounts
for elevated rights of domain temporarily. It requires multiple
individuals with manager status to approve any elevation of account.
Could Drive Mobile Two-Factor Authentication Model. Dark Reading. "How many
people are going to want to take an SMS message every time they want to
log into their e-mail?" says Phil Lieberman, founder of Lieberman
Software. "It's impractical for e-mail, which is something you're
accessing all day long. And any security that is inconvenient will
generally not be used and discarded.