Archive

Posts Tagged ‘IDC’

True or False: 70% of security incidents are due to insider threats?

November 10th, 2009 8 comments

security_new_schoolActually, the whole thread was originated with a message at discuss@securitymetrics.org “Request for ideas” by Dimitrios Stergiou. Dimitrios likes to have some recommendations for his master program. By a sudden idea, I dropped him a message to recommend him to work on this true or false problem at security metrics.

It’s true or false: 70% of security incidents are due to insider threats?
I just read one book, “The New School of Information Security”, by Adam Shostack, Andrew Stewart, Addison-Wesley, 2008, where I found one interesting argument by the authors. The authors doubt the statement that 70% of security incidents are due to insider threats. You know, many consultants and books, articles regard this statement as one basic hypothesis at security. What’s your idea about it?

Completely a surprise, I found Adam, Andew, Dan and many experts jumped in to this discussion thereafter. A lot of fresh ideas emerged at discussion threads. In order to get more experts into this topic, I submitted a discussion at SecurityMetrics group, LinkedIn.

This RSA/IDC report has some information related to this topic – Insider Risk Management: A Framework Approach to Internal Security(Thanks to Hammud).  It is a good reference. In summary it told us two things that: Read more…

Categories: -English-, Architect, Cloud, Security Tags: , , ,

[Chinese]漫谈IAM、AAA、AAAA

May 16th, 2006 1 comment

或许A在网络信息安全这个领域中有点神秘色彩,也有些特殊地位。Authentication, Authorization, Account, Accounting, Audit, Availability, Accountability, Administration, 很多A,每个A都在A的名义下定义了不同的功能。

最早Cisco路由器配置中的AAA Newmodel,其中的AAA是指:Authentication, Authorization, and Accounting. 功能很明确,先作用户认证,然后授权他可以在设备上面进行什么样的操作,最后,进行记帐。对,这里的Accounting,就是记帐,不是帐号。它帮助运营单位对网络流量和操作进行记帐。

IDC中AAA的分类,定义了AAA,这里的AAA与Cisco网络设备配置中的AAA有所不同,区别点在于第三个A,IDC的AAA的第三个A是指 Administration, 其实含义基本上是除了Authentication认证,Authorization授权,以及Anti-virus反病毒、Firewall防火墙、 IDS入侵检测系统(在2000年以前,似乎IDS和扫描器都在这第三个A中,后来IDS单独分类统计)。现在IDC重新定义了AAA,将其分成了两个区域,第一是IAM(Identity and Access Management),第二是SVM(Security Vulnerability Management)。参考下面的示意图,IAM中增加一个新内容,就是目录管理,SVM中也增加一点新内容,就是漏洞管理。漏洞扫描产品(scanners)本来也是属于IDC AAA中最后一个安全管理的内容,后来与IDS成为一个分支 ID&A,现在漏洞管理的名义下重新回到SVM下面。当然了,今天的漏洞管理在内涵上大大超出了原来的单纯的漏洞扫描。

而AAAA则是国内领先运营商在AAA/IAM基础上结合国内的实践提出的模型,它的全称应该是: Account, Authentication, Authorization, Audit,也反映了中国安全业界对于安全管理的思索和创新。

Categories: -Chinese-, Security Tags: , , , , , ,