Identity Management Blog

'Tis the season to be hacked, I guess. Twitter joined a bunch of other companies in revealing that it was the target of a sophisticated attack that may have exposed the information for about 250,000 users. While the data that was allegedly exposed, including encrypted/salted versions of passwords, was not as bad as in some other attacks recently, Twitter did take some proactive measures in resetting passwords (and letting the users know that they need to set a new one) and revoking session tokens. And in what is quickly becoming a sad industry pattern for websites that get hacked, it is now ...
Read More
A common approach by organizations on tight budgets has been to solve their Identity and Access needs with Active Directory (AD). While this approach has its advantages, it has many more disadvantages. AD has its place in almost any enterprise-computing environment, but as security and risk professionals, we must know where it belongs (and doesn’t belong) in an IAM strategy.
What is missing from most IAM roadmaps?
No blog about National Cyber Security Awareness Month would be complete without the obligatory link to the Department of Homeland Security’s (DHS) official website on the topic – after all, they started it 9 short years ago.