Featured

Contributor:
Russell Smith
October 26th, 2011

Assigning admin privileges on Domain Controllers

Active Directory (AD) is the core of a Windows Server network and consists of a database that stores usernames and passwords, plus several technologies that work together to provide security and management services to clients and servers. Domain controllers (DCs) are servers that host a copy of the AD database and run related services.

Continue Reading

What’s new in PCI 3.0?

Following the launch of PCI DSS 3.0 in January, I’ve been faced with questions from many businesses about changes they should implement within the next year to remain or become compliant with the updated mandate.

Continue Reading


Using least privilege to achieve compliance: The dual benefit

What do the guidelines of PCI DSS, FDCC, SOX and HIPAA have in common? These mandates, in addition to other commonly implemented regulations, either explicitly demand or at least suggest the use of least privilege security to effectively safeguard data. In terms of compliance, this methodology has a dual benefit – not only does it satisfy auditors, but it will also protect against security breaches that could result in destructive data loss.

Continue Reading


Don’t fall victim to Privilege Creep!

Don’t let privilege creep be the downfall of a project to secure your company’s IT systems.

What is Privilege Creep?

Despite the work Microsoft has done to make Windows easier to run with standard user access, some Windows features and legacy applications still require administrative privileges. When users experience an issue, the first step that the helpdesk often takes is to grant administrative privileges to check that the problem isn’t caused by a lack of access rights.

Even if the problem turns out not to be caused by standard user permissions, administrative privileges are often deliberately left in place so that the user doesn’t continue to call the helpdesk, or the privileges are simply forgotten and never removed. This phenomena of moving from standard user privileges to administrative rights is referred to by system administrators as privilege creep.

Continue Reading


New regulation for financial institutions calls for least privilege implementation

Singapore’s central bank, The Monetary Authority of Singapore (MAS), is preparing to issue new guidelines for IT technology risk management that will replace its previous Internet Banking Technology Risk Management (IBTRM) guidelines, last updated in June 2008. MAS acts on behalf of the government to regulate financial institutions operating in Singapore. What is even more interesting is that a large number of international banking organizations are using MAS as their compliance foundation for a risk management framework.

Continue Reading


Singapore puts privilege management on the map

An apparently small change in one authority could have important implications for financial services.

If you haven’t heard of the new Technology Risk Management (TRM) guidelines issued quietly by the Monetary Authority of Singapore (MAS), this is a good moment to ponder the way that apparently small regulatory changes in distant corners of the world can suddenly ripple across global IT security as if from nowhere.

Continue Reading