Skip to content

What is it?

The information security discipline that establishes and manages the roles and access privileges of individual users, including humans and machines, within a computer network. Identity management is also known as identity and access management.

Why is it important?

Identity management enables companies to control who, how, when, and which users access information or digital assets. Identity management systems can enhance productivity in addition to protecting assets.

Why does a business professional need to know this?

Business professionals need to understand identity management because it is at the center of controlling access to digital assets. Access control requires you to authenticate the identity of people and computers. Identity management systems also help ensure that each user has only the privileges required for the job at hand and no more.

In today’s digital world, identity management is evolving. One important trend is federated identity management, which enables users to leverage the same user name and password across multiple networks. Single sign-on (SSO) is a similar capability that, again, allows users to use the same credentials across different systems.

In addition to interoperability across platforms and networks, there are schemes that leverage attributes of an individual’s identity other than user names and passwords. One example of such a scheme is biometrics, which refers to the use of human characteristics such as fingerprints for access control.

Successful identity management programs are clearly planned and aligned with the organization’s goals, and they weigh risks against potential business gains. After decades of planning, organizations are finally getting closer to having effective online identities that improve security.

References

About Evelyn de Souza

Photo of Evelyn de Souza

Evelyn de Souza is an advisor to privacy and data security startups and the Cloud Security Alliance. She consults with organizations across the technology spectrum.  Evelyn was recognized by CloudNOW as one of the Top 10 Women in Cloud and in 2015 as a Silicon Valley Business Journal Woman of Influence.

Term: Identity Management

Email: e_desouza@yahoo.com

Website: cloudtweaks.com/author/evelyn

Twitter: @e_desouza

LinkedIn: linkedin.com/in/evelynd

What is it?

A combination of two or more dissimilar authentication modes, called factors (possession, knowledge, inherence, location, or habit), that must be presented together as part of the process of authenticating the identity of a person or device requesting access.

Why is it important?

When properly implemented, multi-factor authentication (MFA) makes it harder for someone to impersonate an authorized user, giving you a higher level of confidence about the identity of a person or entity attempting to access your system.

Why does a business professional need to know this?

Many data breaches start with the theft of user credentials. At the 2017 Black Hat Conference, a survey question asked: Which of the following is most responsible for security breaches? The choices were: humans, not enough security software, unpatched software, or other. Eighty-five percent (85%) of the hackers surveyed said humans.(blackhat 2017)

When the same group was asked what was the strongest barrier to stealing credentials, sixty-eight percent (68%) said it was the combination of multi-factor authentication and data encryption.

Business professionals need to know about multi-factor authentication so they can adapt authentication to meet their needs while balancing expense with security.

Authentication factors include the following:

  • Physical things such as key cards
  • Biometric factors such as fingerprints/iris scans
  • Knowledge such as a password or PIN that the user knows

MFA happens when a combination of two or more of these methods is presented at the same time. What makes MFA more secure than single-factor authentication is that the odds of a hacker possessing two or more of the authentication factors at the same time are very low.

One factor alone is weak authentication. Cards can be cloned, passwords cracked, biometrics fooled, and smartphones stolen. The combination of two or more of the same factor (like two cards, two passwords, or two biometrics) is not true multi-factor authentication. While stronger than having only a single factor, combining two of the same factor is double single-factor authentication.

The first step to hacking into many networks is to bypass the logon authentication by stealing a legitimate user credential. Cybersecurity starts by first knowing who is knocking on the virtual front door. That knowing begins with multi-factor authentication.

References

About Dovell Bonnett

Photo of Dovell Bonnett

Dovell Bonnett has been creating computer security solutions for over 20 years. In 2005, he founded Access Smart to provide cyber-access control solutions to government and small-to-medium-sized businesses in areas such as healthcare. His premier product, Power LogOn, is a multi-factor authentication, enterprise password manager.

Dovell is a frequent speaker and consultant on the topic of passwords, cybersecurity, and multi-factor authentication. His most recent book is Making Passwords Secure: How to Fix the Weakest Link in Cybersecurity.

Term: Multi-factor Authentication

Email: Dovell@access-smart.com

Website: access-smart.com

Twitter: @AccessSmart

LinkedIn: linkedin.com/in/accesssmart

Facebook: facebook.com/AccessSmart

What is it?

A subset of cybersecurity that protects networked devices, such as smartphones and medical equipment, that are usually accessed by an individual user or group.

Why is it important?

Endpoints are a vulnerable point of entry for breaches. Because of the large number of connected devices available and the wide diversity of types, endpoints are difficult to manage and keep vulnerabilities patched.

...continue reading "Term of the Week: Endpoint Security"

What is it?

The implementation of policies, practices, and technology to enable positive identification of people, devices, and applications.

Why is it important?

Understanding authentication is critical for establishing a secure environment because you must reliably know the identity of the people, devices, and applications accessing your resources in order to properly govern access and permissions.

...continue reading "Term of the Week: Authentication"

What is it?

An attack that targets the buffer memory of a device or program by sending more data than the program can handle, thereby writing the extra data into a nearby memory location, which could allow an attacker to run a piece of malicious code.

Why is it important?

If software is not properly patched or designed with secure coding principles from the start, these types of malicious attacks can cause great harm by allowing programs or external parties to access protected nodes or information.

Why does a business professional need to know this?

A buffer overflow can be explained by the old adage that you can’t put 10 pounds of potatoes in a 5-pound bag. When too much data is written to a block, it can overwrite adjacent memory leading to data corruption. A program or device can crash or an attacker can insert malicious code into the overwritten memory and try to execute it.

Because buffer overflow attacks exploit weaknesses in the design of hardware or firmware, defending against such attacks must begin in the early design stages of product development. Because such attacks can potentially give attackers the ability to gain administrator privileges, damage databases, or steal data, mitigating the threat of buffer overflow attacks should have a high priority.

Correctly patching devices, including updating firmware on network equipment, is essential to protect against these types of attacks. When developing products, your best defense is to follow industry best practices for design, development, testing, and code review. Reviewing a program or website for security vulnerabilities before it is placed into production may take a few extra steps, but it will save money if it prevents your system from being exploited. An ounce of prevention is worth a gallon of protection.

A simple buffer overflow attack can take down a web page, a database server, a content management system, or a mail server. The recent Meltdown and Spectre vulnerabilities have shown that buffer overflow attacks have the potential to open up systems to devastating attacks(Claburn 2017)(Newman 2018). These vulnerabilities have been identified in processors manufactured by Intel, AMD, and ARM, which are in a considerable number of computers and devices, including phones, tablets, laptops, and servers.

References

About Shawn Connelly

Photo of Shawn Connelly

Shawn Connelly holds two master’s degrees, one in cybersecurity and information assurance and another in IT management. He holds his Certified Information Systems Security Professional (CISSP), Certified Chief Information Security Officer (CCISO), Certified Ethical Hacker (CEH), Computer Hacking Forensic Investigator (CHFI), Cisco Certified Network Professional (CCNP), VMware Certified Professional (VCP), VCP-NSX, and six Microsoft Certified Solutions Expert (MCSE) certifications. Shawn has worked for more than 20 years in IT, including the last five years as a director of security.

Term: Buffer Overflow Attack

Email: shawnconnelly1@gmail.com

Twitter: @VirtualizationG

LinkedIn: linkedin.com/in/virtualizationg

What is it?

A form of malware whose purpose is not to damage an environment, but rather to persist undetected and harvest data such as intellectual property or customer data.

Why is it important?

Advanced persistent threats are significant because they represent a different modus operandi for hackers, where persistence is key to the operation of the malware, and the objective is data theft.

Why does a business professional need to know this?

Advanced persistent threats (APT) are dangerous because they can remain undetected while harvesting critical customer or intellectual property data from the target organization. Depending on the type of data harvested, a company can suffer significant damage to its reputation and be exposed to serious legal consequences.

Most APTs are delivered by social-engineering mechanisms, such as targeted campaigns or spear phishing against an organization. Once a system has been compromised, the APT seeks not only to persist, but to discover, proliferate, elevate privileges, and remain undetected.

The ultimate goal is to extract targeted information from the victim in a manner that is difficult to detect by ordinary detection and incident response methods, generally using encryption to blend in as ordinary HTTPS traffic.

An APT can persist for months or, in extreme cases, years without detection, sending data to its command and control structure only when a certain set of criteria are met.

APTs have evolved into more malicious types of malware, such as remote access trojans (RAT) and, potentially more devastating, various forms of ransomware. At the root of each of these advanced forms of APT you can still find the original elements of APT: increased levels of encryption for command and control, malware that is aware of sandboxes and other containment technologies, and better subversion techniques. These elements have made APTs the current method of choice for cybercriminals.

Business professionals should ensure that their cybersecurity specialists understand and employ the tactics, techniques, and procedures required to detect these exploits(Fireeye).

References

  • (Fireeye) Anatomy of Advanced Persistent Threats: FireEye. Promotional content from FireEye cybersecurity software company that describes advanced persistent threat (APT) attacks and contains a link to a video that illustrates how APTs work.

About Paul Brager, Jr.

Photo of Paul Brager, Jr.

Paul Brager, Jr., M.Sci, Certified Information Systems Security Professional (CISSP), Global Industrial Cyber Security Professional (GICSP), Certified Information Security Manager (CISM), has been a contributing member of the cybersecurity community for over 20 years, specializing in security architecture, industrial cybersecurity, and digital forensics and incident response. He has extensive experience in the oil and gas, manufacturing, chemical, and telecommunications sectors, having held various leadership roles throughout his career.

Term: Advanced Persistent Threat

Email: professorbrager@outlook.com

Website: hiddencyberfigures.com

Twitter: @ProfBrager

LinkedIn: linkedin.com/in/professorbrager

What is it?

A network of computers that have been infected by a malicious software program -- a bot -- which turns them into zombie machines that can be remotely controlled by an attacker without the zombie machine owner’s knowledge.

Why is it important?

Cyber criminals use botnets, which can contain from 100 to over 100,000 zombies, as free resources to execute attacks. A botnet can execute Distributed Denial of Service (DDoS) attacks, store illegal content, and send spam, viruses, phishing email, and spyware.

...continue reading "Term of the Week: Botnet"

What is it?

Malicious code that encrypts files on a computing device, enabling an attacker to demand a ransom from the legitimate owner to recover the encrypted data.

Why is it important?

Numerous high-profile ransomware cases – including the May 2017 WannaCry ransomware attack that struck at least 50 organizations(WannaCry 2017) – have occurred over the last several years, involving medical centers, police departments, and government organizations. These occurrences show the negative impact ransomware can have on an organization’s operations and finances.

...continue reading "Term of the Week: Ransomware"

What is it?

An exploit in which an attacker, typically using email, attempts to trick a computer user into opening web links, entering personal information into a web form or fake website, or taking an action that allows the attacker to obtain sensitive information. Spear phishing targets a specific individual or group of individuals using personal information.

Why is it important?

Phishing and spear phishing are the most common attack methods for attackers to gain an initial foothold into an organization or obtain sensitive data.

...continue reading "Term of the Week: Phishing"

What is it?

A part of the internet that is intentionally hidden from standard browsers. It is accessible only through specialized software with an appropriate configuration or authorization. The dark web -- sometimes called darknet -- provides anonymous access to the internet for people who want to keep information about themselves hidden from view. It also provides anonymous hosting.

Why is it important?

Although the dark web is primarily known to the general public as a place where illegal activity takes place, its original intent was to provide a private environment. Any business that has a need for anonymous browsing or anonymous communication may find the dark web useful. Business professionals also need to know about the dark web because it is used for illegal activities, including storage of stolen information.

...continue reading "Term of the Week: Dark Web"