Security - Is a Penny Worth
Founder and CEO
When it comes to protecting
an organization’s critical digital assets, compliance cannot be a “some
of the time” process – it must be “all of the time”. Organizations
cannot simply aim to meet federal regulations such as SOX or PCI DSS
once a year. Potential security threats are constantly evolving;
meaning IT managers must be constantly monitoring their networks to
safeguard the company’s most sensitive data.
In order to properly secure an enterprise network, an organization must
limit access to its critical data only to those who require it, and
that access must be audited continuously. The process of continuous
auditing manages threats by testing non-stop for network
vulnerabilities and fixing problems immediately.
What exactly is continuous auditing, why is the process important for
certain types of organizations, and what are the potential threats
organizations may face when ignoring this approach?
Want more? Read Mr. Lieberman's article: "How GRC
Principles Measure Security and Accountability" here.
Tip of the Month
Manager Pro Suite has long been regarded as a leading Windows mass
management solution capable of modifying and reporting on numerous
configuration settings on any number of systems simultaneously.
A lesser known, but very valuable, attribute of the product is its use
of recently patented technology to prevent malicious software and other
unauthorized applications from executing on client systems. Find out
Avenue of the Stars
Angeles, CA 90067
has chosen Enterprise Random Password Manager (ERPM) to control access
to privileged accounts on servers, workstations, and network devices in
the University’s multi-platform environment. ERPM is being implemented
throughout the University's seven network sites as part of an overall
IT security and auditing strategy, and to assist with a new initiative
to centrally manage its system administration.
need to control and audit access to all of the privileged account
passwords in our network, and decided on Lieberman Software’s ERPM for
its automated account discovery capabilities, auditing features, and
productivity benefits,” said Jonathan Hughes, User Systems Manager at
the University of Westminster.
the solutions that we evaluated, ERPM is the only one that can
automatically discover every privileged account on our network,
providing real advantages over the less effective, less reliable manual
alternatives,” raved Jonathan Hughes.
The Result: With ERPM, IT staff at The University of
Westminster will no longer have to rely on tedious and inefficient
manual processes to manage privileged accounts. The staff will also be
able to gain secure, remote administrative access on demand for
conducting IT administration duties. And, ERPM’s centralized control of
all privileged accounts throughout the enterprise aligns with the
University’s initiative to restructure its IT service into a centrally
“While there were numerous factors in our decision to install ERPM
enterprise-wide at the University of Westminster, the implementation
was primarily driven by regulatory compliance and security demands,”
Hughes said. “The product’s access and control reporting will be
valuable to our annual security audit. And, while we've never
experienced a security breach, we are aware of the serious threat posed
by unsecured privileged accounts. ERPM mitigates this risk.”
Please click here
read the full story.
Launches / Podcasts
- CS Techcast: An
Information Technology Podcast for IT Pros. CS
Techcast 81: Finding the Holes in Privileged Accounts. This
week we are exploring privileged account management and how to reduce
the attack surface of that powerful access with Philip Lieberman,
President and CEO of Lieberman Software. His comments start at 00:11:35
and run through 00:28:00
Identity Management and Regulatory Compliance: How can privileged
identity management help organizations pass their security audits and
meet regulatory compliance? Find out in this podcast from RSA
/ Press / Events
Directory Q&A: Demand Rises
By Andres Cser,
Forrester, August 11, 2009
"To alleviate this
problem, you should combine the approaches of using
Microsoft's System Center Operations Manager and moving toward password
safes, which centrally hold, issue, change, and verify all sensitive
passwords to system administrators with appropriate privileges."