background preloader

数据安全

Facebook Twitter

Security information management. Security information management (SIM) is an industry term in related to information security referring to the collection of data (typically log files) into a central repository for trend analysis.[1] SIM products generally comprise of software agents running on the computer systems that are to be monitored, which then send the log information to a centralized server acting as a "security console".

Security information management

The console typically displays reports, charts, and graphs of that information, often in real time. Some software agents can incorporate local filters, to reduce and manipulate the data that they send to the server, although typically from a forensic point of view you would collect all audit and accounting logs to ensure you can recreate a security incident. The security console is monitored by a human being, who reviews the consolidated information, and takes action in response to any alerts issued.[2][3] Notable solutions in the SIM/SEM marketplace[5][6][7][edit] References[edit] See also[edit]

Single sign-on. Single sign-on (SSO) is a property of access control of multiple related, but independent software systems.

Single sign-on

With this property a user logs in once and gains access to all systems without being prompted to log in again at each of them. Conversely, single sign-off is the property whereby a single action of signing out terminates access to multiple software systems. As different applications and resources support different authentication mechanisms, single sign-on must internally translate and store credentials for the different mechanisms, from the credential used for initial authentication. Benefits[edit] Benefits of using single sign-on include: Reducing password fatigue from different user name and password combinationsReducing time spent re-entering passwords for the same identityReducing IT costs due to lower number of IT help desk calls about passwordsIncreases security of third party accounts because long and complicated passwords can be set without needing to remember them.

Data Leakage Worldwide: Common Risks and Mistakes Employees Make. Executive Summary To understand the challenge that increasingly distributed and mobile businesses face in protecting sensitive information, Cisco commissioned third-party market research firm InsightExpress to conduct a study with employees and IT professionals around the world.

Data Leakage Worldwide: Common Risks and Mistakes Employees Make

As part of the study, surveys were conducted in 10 countries that Cisco selected because of the differences in their social and business cultures. In each country, 100 end users and 100 IT professionals were surveyed, producing a total of 2000 respondents. The research discovered that despite the security policies, procedures, and tools currently in place, employees around the world are engaging in risky behaviors that put corporate and personal data at risk. CASBs gaining momentum at RSA Conference 2016. SAN FRANCISCO -- The buzz around cloud access security brokers at RSA Conference 2016 has been so high that even top vendors with no cloud access security brokers (CASB) offering were talking up the space.

CASBs gaining momentum at RSA Conference 2016

A year after breaking out at RSA Conference 2015, cloud access security brokers have returned to dominate much of the cloud security conversation at this year's event. In addition to keynotes and panels featuring executives from leading CASBs such as Skyhigh Networks, Bitglass and Netskope, vendors such as Intel and Trend Micro also talked up the CASB market. Raj Samani, vice president and CTO of Intel Security EMEA, said during a panel discussion on cloud computing threats that CASBs address many of the security issues facing cloud and also provide a clear economic benefit for enterprises by allowing them to securely adopt low-cost cloud services. "I'm a really big fan of CASBs for a number of reasons," Samini said. CASB: Cloud security's bright spot Rob Wright asks: Comparing the best data loss prevention products. The best data loss prevention products offer vital protective measures to prevent an organization's sensitive information from being compromised and exposed.

Comparing the best data loss prevention products

While there are DLP products that offer a comprehensive soup-to-nuts suite to protecting data at rest, in motion or in use, at the other end of the product spectrum are DLP products that offer a more specialized form of data protection, such when DLP is integrated into other security products or when it is designed for specific applications, such as email or Web security. All of the products covered in this article are considered excellent choices for taking DLP measures. In it, we examine DLP offerings from Bluecoat, CodeGreen, Computer Associates, Intel Security (McAfee), Proofpoint, RSA, Symantec, Trend Micro, Trustwave and Websense to identify the best data loss prevention products for your organization. Comprehensive DLP suites When comparing these suites, keep in mind that scalability will vary.

CA Technologies DLP.