Skip to main content

ICAM and Zero Trust

Zero Trust remains one of the key buzzwords in cybersecurity, and virtually every article, briefing, or marketing slick about zero trust talks about the importance of implementing multi-factor authentication (MFA). Single factor passwords have been asserted to be “broken” for years, with documented proof that attackers are able to successfully hack passwords regardless of complexity, length, and change frequency.

Continue reading

What is Cybersecurity?

The world relies on technology more than ever before. As a result, digital data creation has surged. Today, businesses and governments store a great deal of that data on computers and transmit it across networks to other computers. Devices and their underlying systems have vulnerabilities that, when exploited, undermine the health and objectives of an organization. 

Continue reading

Trust and Federation

Federation has worked well on social media – users link their accounts together and use a single username and password to access. Federation has also worked for government employees - their Personal Identity Verification (PIV) cards are accepted for many cross-agency uses. But even after significant investment of federation to support citizen interactions with the government, federated citizen credentials are still out of reach.        

Continue reading

Identity

NIST Special Publication 800-63B Digital Identity Guidelines

NIST Special Publication 800-63B Digital Identity Guidelines, Authentication and Lifecycle Management includes choices of authenticators that may be used at various Authenticator Assurance Levels (AALs) for use by the US Federal Government.  Authenticators are used to authenticate a user to a resource’s access control mechanism.  Examples of authenticators include credit cards with chips, US Federal Government Personal Identity Verification (PIV) cards and DoD Common Access Cards (CACs). 

Continue reading

Computer Motherboard

The Return of ROCA

The Return of Coppersmith’s Attack (ROCA) is a recently discovered vulnerability in a cryptographic library used in some Infineon Technologies AG chips. It enables an attacker to practicably determine an RSA private key given an RSA public key. Quantum computers, while still in their infancy, will one day be capable of finding private keys like those used in RSA and other asymmetric cryptographic algorithms.

Continue reading

Computer Information

Why is ICAM So Important?

Today, information is being produced by and shared with billions of people and machines and around the world. Much of this environment is filled with information that owners are willing to share with others. But much proprietary and private information is not being so freely shared – and for good reason.

Continue reading

Secret Link