Since writing The Identity Catechism a few months back, I’ve had a number of requests for advice or suggestions on how to measure the maturity of an enterprise identity program. In an effort to help, I’ve put together the Identity Maturity Calculator as sort of a guide to provide some insight as to where you may…
In 1998, the US passed The Digital Millennium Copyright Act (DMCA) in an effort to enact several of the requirements of World Intellectual Property Organization (WIPO). DMCA makes it a crime to publicize technologies which are developed to bypass measures that control access to copyrighted works. DMCA also makes it a criminal act to subvert…
The evolution is underway. Our infrastructures are borderless, our critical data is cloud based, and our users work from anyplace on the globe – or 36,000 feet above it. Our legacy controls are as outdated as the conceptual hardened perimeter and our users are still human; and will still succumb to the (not so) well…
Recently, while attending a conference in DC, I was part of a discussion around the new NIST Digital Identity Guidelines (SP 800-63) and how “…it turned the password world upside down”. Soon we were discussing the studies that were cited, and the logic behind the new recommendations, and how this would help CISO’s “look like…
Diversity di·ver·si·ty | \də-ˈvər-sə-tē, dī-\ Definition of diversity 1 : the condition of having or being composed of differing elements : the inclusion of different types of people (such as people of different races or cultures) in a group or organization» programs intended to promote diversity in schools 2 : an instance of being composed…
The Internet of Things is here.. By now, you’re probably well aware of the fate recently befallen on the Brian Krebs site KrebsOnSecurity.com. A Distributed Denial of Service (DDoS) attack in excess of 620/Gbps caused such a strain on one of the world’s largest DDoS protection services, that Krebs asked that his site fundamentally be…
When Security Metrics Miss The Point
After countless years of presenting to boards, executives, and colleagues, I’ve found that I’ve developed almost a split-personality when I’m asked about what metrics to track.