11.2.2017 - Initiating Steps On The Path To GDPR Compliance

If you are reading this you have heard of the General Data Protection Regulation (GDPR) and are concerned whether it applies to you. Since it applies to all European Union citizens, no matter where they are located in the world, it is very likely that it does. The question of enforceability, especially if you don’t have an EU presence, is a different issue. But most multi-national companies are following the requirements down to their supply chain, so if you are not compliant, you may find business opportunities drying up. The first step to compliance is to understand your data. You need to do an exercise called data mapping. Data mapping for GDPR is not the same as matching up database schemes. It is more like a data inventory and it is a fundamental requirement for your privacy compliance strategy. How can you protect something if you don’t know that you have it? In data mapping, you act as a journalist, analyzing your data flows, and answering the five W’s of reporting; Who, What, Where, When, and Why. Data mapping can benefit your business in other ways too, such as identifying key data sources, eliminating duplicate data stores, and consolidating data to provide for a smarter use. The healthcare industry went through similar efforts fifteen years ago with the advent of HIPAA. ...

10.3.2017 - Protecting Critical Infrastructure from Cyber Threats

As a society, we depend on the internet more than ever. All of the systems that enable us to function today, from electricity and transportation to banking, rely on digital infrastructure to function. It is absolutely crucial that we protect our critical infrastructure from cyber threats. Without adequate security, malicious hackers could cause traffic accidents, hijack phone calls and even interfere with the water supply. While the idea of hackers completely taking over our way of life is a frightening one, the good news is that there are very gifted people on the other side consistently developing ways to thwart these cybercriminals. What are some of the state-of-the-art ways to safeguard our critical infrastructure from these dangers? For risk managers who are in charge of protecting these systems, preparation is key. Networks must have redundancies so that if systems are crashed by hackers, isolated backups can jump into their place. Systems must be resilient enough to spot threats in real-time, alert the system manager and take immediate self-protective action. The best way we know to currently protect infrastructure is to make sure these redundancy and resiliency measures are in place and to test and revise them frequently. Hackers are constantly attempting different and more effective ways of invading these systems. Elements of a comprehensive safety plan include: ...

09.4.2017 - Cybersecurity Threats Your Employees Should Know About

Cybersecurity is a bigger concern than ever before, both for corporations and individuals. Hackers have a wide variety of tools at their disposal to help them access private data that belongs to your company or clients. It’s important to be aware of the major areas of susceptibility in order to safeguard the vital information that exists in your company’s network and it’s important to make sure your employees are aware as well. Here are breach points you and your employees should watch out for: ...

09.1.2017 - Top 5 Road-Blocks Migrating To A Cloud Identity and SSO Solution

In discussions with our customers and prospects, almost all of them share common road-blocks that prevent many organizations from fully embracing a cloud identity management/SSO solution.  Here we will address 5 of the more common road-blocks and how Optimal IdM has helped clients meet and exceed their security, regulatory, and enterprise architecture needs. ...

05.31.2017 - Using IAM Tools To Cut The Costs of a Data Breach

What is the cost of a data breach? In the case of Yahoo! CEO Marissa Meyer, who accepted the consequences of the 2013/2014 Yahoo data breach in 2016, the answer was at least $2 million, the amount of the annual bonus she lost because of the breach. She also gave up her annual equity grant for 2017, which could have been worth millions more. However, it probably cost Yahoo!, its partners and its users a lot more than that. What happened and what could have been done to prevent these types of breaches? The data breach in question actually refers to two major data breaches, one in 2013 and one in 2014, affecting an estimated 1 billion plus Yahoo! users and resulting in more than 40 class-action lawsuits from Yahoo! customers. Not only did the attackers hack hundreds of millions of user accounts for their information, but they also created bogus cookies in 2015 and 2016 to allow access to more than 30 million accounts without a password. Experts investigating noted that Yahoo! information security had knowledge of the attacks around the time they were happening, but failed to act appropriately. The company’s general counsel, Ron Bell, resigned without severance in the wake of this situation. ...

Tags

  • The database in which all of your organization’s sensitive identity data is stored.
  • A digital ledger in which digital transactions are recorded chronologically and publicly.
  • Securely managing customer identity and profile data, and controlling customer access to applications and services.
  • The means of linking a person's electronic identity and attributes, stored across multiple distinct identity management systems.
  • A legal framework that sets guidelines for the collection and processing of personal information of individuals within the EU.
  • The policy-based centralized orchestration of user identity management and access control.
  • An authentication infrastructure that is built, hosted and managed by a third-party service provider.
  • A security system that requires more than one method of authentication from independent categories of credentials to verify the user's identity for a login or other transaction.
  • A global provider of innovative and affordable identity access management solutions. 
  • Managing and auditing account and data access by privileged users.
  • Tools and technologies for controlling user access to critical information within an organization.
  • An authentication process that allows a user to access multiple applications with one set of login credentials.