There are just as many ways to defend data as there are to attack it. When considering multi-factor authentication, single sign-on, firewalls, and various other controls, the options can be overwhelming. For security professionals (amongst others), the decisions on how to keep data and identities secure starts much earlier – choosing the correct standard to deploy to keep federated identity secure.
The primary objective of a theoretically sound password formulation policy is password diversity – we want our identity system to contain lots of different, hard to guess passwords.
There are several ways to achieve this but unfortunately most of the common approaches in use today, such as length requirements, complexity requirements, and change requirements, are far from helpful.
The CIA triad is a model designed to guide policies and procedures for information security within an organisation. Read on to find out more about the CIA triad and some of the common methods organisations implement to meet CIA requirements.
How does security in systems actually work? Well, security generally works on a principle called IAAA; Identification, Authentication, Authorisation, Accountability. Read on to find out what this principle looks like in the real world.
This week marks the 20th birthday of Windows 98 – like its predecessor it was a hybrid 16-bit and 32-bit operating system based on MS-DOS.
Windows Server 2012 is the sixth release of Windows Server and succeeds Windows Server 2008 R2. At the time of writing, Windows Server 2012 R2 is the latest server operating system released by Microsoft, with Windows Server 2016 currently being available as a technical preview.
A playtest involves playing through a game in order to find any bugs or design issues before the full release date. Playtesting involves various different stages and can be open or closed. In order to understand how playtesting can be useful, it is important to establish what makes a great playtester.
Forensic investigations normally take place within the framework of an incident and thus follow a common cycle of events. You suspect that an employee has found a way of intercepting emails from one of their colleagues. What would the incident lifecycle look like?