White Papers
Compliance efforts and security concerns have
driven businesses to make substantial investments
in threat control. Too often, however, these
efforts pay far too little heed to the risks
posed by poorly controlled access to administrative
privilege in IT, which can have a hugely disproportionate
impact on the business.
High-privilege administrative accounts hold
the keys to gain access to the most sensitive
IT processes and proprietary data—yet this level
of access is far too often based on little more
than trust alone. In this whitepaper, Enterprise
Management Associates (EMA) examines this critical
issue in IT security administration in light
of the Symark approach to helping businesses
move from a trust-based system to a secure,
auditable process in order to provide a higher
standard of control and better support for regulatory
compliance.
Using PowerBroker to implement role-based access
control allows an organization to efficiently
deploy key security and compliance requirements
not always found in operating system (OS) RBAC
implementations, including separation of duties
and audit trails.
This white paper explores insider attacks and
insider risk, and shows how to control them
by controlling and monitoring access. The paper
describes the more common vulnerabilities exploited
by insider attacks and a method for assessing
insider risk.
This document explains how Symark PowerBroker
supports the Payment Card Industry Data Security
Standard (PCI DSS) by limiting and tracking
authorization to execute commands and programs
that access servers and applications storing
and using proprietary cardholder. Symark PowerBroker
provides an auditable process that controls,
monitors and records that access.
This paper, written by SANS Organization analysts,
compares and contrasts the differences in features
and functionality between Symark PowerBroker
version 4.0 and the open source access control
product sudo.
This document discusses the use of PowerBroker
software to address some of the security and
audit problems inherent in native UNIX and Linux
operating systems.
Secure incoming telnet and rlogin sessions and
all outgoing user-initiated Internet activities.
This document addresses how an organization
can use Symark’s PowerBroker® and PowerPassword-UME®
identity and access management solutions (IAM)
for UNIX/Linux access security to meet and demonstrate
compliance with Sarbanes-Oxley (SOX) Sec 404
requirements for effectiveness of internal controls
for financial reporting requirements.
This guide offers tips on avoiding costly password
incidents and formulating new access control
policies. Data can be compromised by trusted
users who intentionally – or accidentally –
harm a system through sabotage or theft of proprietary
information. This guide aims to assist System
Administrators and security managers in establishing
controls and policies that protect the enterprise
from these threats.
This white paper explains why the design of
UNIX and Linux systems prevents them from passing
today's security and compliance audits, and
how Symark PowerBroker can bring these systems
into compliance with multiple mandates such
as PCI DSS (the Payment Card Industry Data Security
Standard), the Sarbanes-Oxley Act (SOX), the
Health Insurance Portability and Accountability
Act (HIPAA), and the Gramm-Leach Bliley Act
(GLBA).
This paper explains how Symark PowerBroker supports
compliance with the Gramm-Leach-Bliley Financial
Services Modernization Act of 1999 (GLBA), protecting
consumers' non-public personal information (NPI)
on UNIX and Linux systems.
Bring your UNIX/Linux systems into compliance
with FDA Regulation 21 CFR Part II requirements.
This document addresses the use of Symark’s
PowerPassword, User Management Edition (UME)
and PowerBroker security software to meet HIPAA
requirements for stringent technical security
controls over patient data.
This document addresses the use of Symark PowerPassword®,
User Management Edition, Symark PowerBroker®,
and Symark PowerKeeper® to meet the requirements
of NIST Special Publication 800-53 for UNIX
and Linux systems.
This white paper explains the specialized security
PowerBroker and PowerPassword provide for UNIX/Linux
systems, and includes calculators that compute
payback, ROI, and automation savings at different
levels of investment for each product.
Safely delegate administrative privileges (including
ROOT) and implement secure logins and strong
passwords.
Symark solutions support FFIEC IS Control requirements.
High-privilege administrative accounts hold
the keys to gain access to the most sensitive
IT processes and proprietary data—yet this level
of access is far too often based on little more
than trust alone. In this whitepaper, Enterprise
Management Associates (EMA) examines this critical
issue in IT security administration in light
of the Symark approach to helping businesses
move from a trust-based system to a secure,
auditable process in order to provide a higher
standard of control and better support for regulatory
compliance.
High-privilege administrative accounts hold
the keys to gain access to the most sensitive
IT processes and proprietary data—yet this level
of access is far too often based on little more
than trust alone. In this whitepaper, Enterprise
Management Associates (EMA) examines this critical
issue in IT security administration in light
of the Symark approach to helping businesses
move from a trust-based system to a secure,
auditable process in order to provide a higher
standard of control and better support for regulatory
compliance.
This white paper explores insider attacks and
insider risk, and shows how to control them
by controlling and monitoring access. The paper
describes the more common vulnerabilities exploited
by insider attacks and a method for assessing
insider risk.
This paper discusses best practices for privileged
account access management and privileged password
management (PPM), and shows how Symark’s PowerKeeper
user access control appliance creates a "defense
in depth" across the IT portfolio.
This document shows how Symark PowerKeeper,
a secure, hardened appliance that automates
privileged password management, supports PCI
DSS compliance by securing and auditing access
to the privileged accounts, systems, and network
devices that comprise the cardholder data environment.
This document explains how Symark PowerKeeper,
a hardened appliance that provides secure storage
and access for administrative passwords and
encryption keys and certificates, can help organizations
comply with the HIPAA Final Security Rule.
This white paper shows how PowerKeeper's security
features support GLBA compliance in today's
climate of more stringent enforcement.
This white paper explores insider attacks and
insider risk, and shows how to control them
by controlling and monitoring access. The paper
describes the more common vulnerabilities exploited
by insider attacks and a method for assessing
insider risk.
This document addresses how an organization
can use Symark’s PowerBroker® and PowerPassword-UME®
identity and access management solutions (IAM)
for UNIX/Linux access security to meet and demonstrate
compliance with Sarbanes-Oxley (SOX) Sec 404
requirements for effectiveness of internal controls
for financial reporting requirements.
This guide offers tips on avoiding costly password
incidents and formulating new access control
policies. Data can be compromised by trusted
users who intentionally – or accidentally –
harm a system through sabotage or theft of proprietary
information. This guide aims to assist System
Administrators and security managers in establishing
controls and policies that protect the enterprise
from these threats.
Bring your UNIX/Linux systems into compliance
with FDA Regulation 21 CFR Part II requirements.
This document addresses the use of Symark’s
PowerPassword, User Management Edition (UME)
and PowerBroker security software to meet HIPAA
requirements for stringent technical security
controls over patient data.
This document addresses the use of Symark PowerPassword®,
User Management Edition, Symark PowerBroker®,
and Symark PowerKeeper® to meet the requirements
of NIST Special Publication 800-53 for UNIX
and Linux systems.
This white paper explains the specialized security
PowerBroker and PowerPassword provide for UNIX/Linux
systems, and includes calculators that compute
payback, ROI, and automation savings at different
levels of investment for each product.
Safely delegate administrative privileges (including
ROOT) and implement secure logins and strong
passwords.
Symark solutions support FFIEC IS Control requirements.
This white paper explains PowerBroker functionality
by showing how the product addresses the NISPOM
security categories developed by the Defense
Security Service (DSS), which has industrial
security oversight and assistance responsibility
for the more than 11,000 cleared facilities
participating in the NISP.
This document describes how Symark PowerBroker®
and PowerPassword® support key requirements
specified in Army Regulation 25-2 for Information
Assurance (effective November 14, 2003).
This document describes Symark PowerPassword®
support for the BITS Master Security Checklist
(MSC).
This document describes Symark Software Support
for FIPS (Federal Information Processing Standards).
Symark's internal assessment of Common Criteria
compliance.
Symark solutions provide strong access control
to address key requirements defined in the Annex
for Section 9 Technical and Organizational Measures.
Strengthen internal controls and meet KonTraG
compliance.
This white paper addresses how IT organizations
at financial institutions can use Symark’s identity
and access management solutions (IAM) PowerBroker®,
and PowerPassword UME® to help bring their heterogeneous
UNIX / Linux environment into compliance with
the Basel II requirements.
This document addresses how an organization
can use Symark’s PowerBroker® and PowerPassword-UME®
identity and access management solutions (IAM)
for UNIX/Linux access security to meet and demonstrate
compliance with Sarbanes-Oxley (SOX) Sec 404
requirements for effectiveness of internal controls
for financial reporting requirements.
Securing UNIX/Linux Networks for Data Privacy
Protection Act Compliance with Symark PowerPassword®
and Symark PowerBroker®
HIPAA Security - HIPAA Compliance - SOX Audits - SOX Compliance Tool - SOX Section 404
"In my opinion, PowerBroker provides the
highest degree of controlled and audited superuser access in
the commercial marketplace today."
"Administrative passwords are the 'keys
to the kingdom', but securely and efficiently managing them
can be challenging." "PowerPassword plays to all of the strengths
of using passwords for security by removing all of the weaknesses." © 1985-2009 Symark International, Inc. All rights reserved.
Site MapContact UsPrivacy Policy/ California Privacy RightsHome
|
