NetIQ Secure Configuration Manager - White Papers
|
|
|
 |
Featured White Papers |
| Jun 15, 2011 |
Build Security Into Your Network’s DNA: The Zero Trust Network Architecture This report is a deep dive into a potential way in which you could use the concepts of the Zero Trust Model and conceivably implement them in a real-world environment. One of our goals with Zero Trust is to optimize the security architectures and technologies for future flexibility. As we move toward a data-centric world with shifting threats and perimeters, we look at new network designs that integrate connectivity, transport, and security around potentially toxic data. We call this “designing from the inside out.” If we begin to do all those things ogether we can have a much more strategic infrastructure. If we look at everything from a data-centric perspective, we can design networks from the inside out and make them more efficient, more elegant, simpler, and more cost-effective. |
| Jun 2, 2011 |
No More Chewy Centers: Introducing the Zero Trust Model of Information Security There’s an old saying in information security: “We want our network to be like an M&M, with a hard crunchy outside and a soft chewy center.” For a generation of information security professionals, this was the motto we grew up with. It was a motto based on trust and the assumption that malicious individuals wouldn’t get past the “hard crunchy outside.” In today’s new threat landscape, this is no longer an effective way of enforcing security. Once an attacker gets past the shell, he has access to all the resources in our network. We’ve built strong perimeters, but well-organized cybercriminals have recruited insiders and developed new attack methods that easily pierce our current security protections. To confront these new threats, information security professionals must eliminate the soft chewy center by making security ubiquitous throughout the network, not just at the perimeter. To help security professionals do this effectively, Forrester has developed a new model for information security, called Zero Trust. This report, the first in a series, will introduce the necessity and key concepts of the Zero Trust Model. |
| Apr 9, 2010 |
This white paper discusses the challenges of meeting PCI DSS compliance, as well as the ways in which organizations can leverage that work to provide better security, more easily meet future compliance requirements, and create operational efficiencies within their IT organization. |
| Apr 3, 2009 |
A Practical Approach to Automated Compliance Assessment and Remediation In this white paper we demonstrate how to manage necessary exceptions with a closed-loop and automated process; reduce the cost of these exceptions with automation; correlate security events with detected changes in configurations for improved security; and automate entitlement reporting review and approval. |
| Feb 12, 2009 |
Driving Down Security and Compliance Costs: Learning from the Federal Government This white paper will examine the FDCC standard, and how businesses and non-Federal government organizations can learn from the experience of implementing FDCC in order to reduce costs and improve efficiency. |
| Jul 2, 2008 |
This white paper will examine some of the opportunities, challenges, and solutions to accelerate security maturity and operational efficiencies, as well as the three most important considerations when defining these processes. |
| Apr 13, 2008 |
This paper discusses the challenges introduced to systems management as the result of VMware. In addition, it describes NetIQ’s approach to Operational VMware Management, an approach that addresses the hybrid physical / virtual environment. |
| Aug 6, 2007 |
NetIQ solutions can help you establish and ensure the requirements of PCI DSS v1.1 are met on a continuing basis. In this white paper you will learn more about the key challenges of PCI DSS v1.1 and how NetIQ Security Management, Configuration Control and Enterprise Administration solutions help you demonstrate PCI compliance. |
| Apr 5, 2007 |
What Healthcare Organizations Need to Know about HIPAA, Minors and Privacy Industry compliance expert Rebecca Herold discusses HIPAA’s specific requirements related to handling the protected health information (PHI) for minors and for the types of access that can be allowed to this information, even to parents and guardians. She also discusses the importance for organizations to know what is expected for compliance, document their decisions, and implement appropriate systems, applications, and procedures to support those decisions. |
| Apr 5, 2007 |
The Business Leader’s Primer for Incorporating Privacy and Security into the SDLC Process Industry compliance expert Rebecca Herold discusses the importance for business leaders throughout the enterprise to understand the system development life cycle (SDLC) and how decisions made can impact, negatively or positively, the entire business. Incorporating information security and privacy considerations and activities from the very start of the SDLC will not only result in more secure and compliant applications and systems but also help the business by being less expensive and more effective than trying to band-aid information security and privacy onto the final application or system. |
| Sept 11, 2006 |
When you entrust business partners with your company’s confidential data, you are placing all control of security measures for your organization’s data completely into their hands. That trust cannot be blind. Many recent security incidents have resulted from inadequate security practices within outsourced organizations handling another company’s customer or employee data. |
Apr 8, 2011 |
In this white paper, we will examine some of the challenges that modern organizations face in their efforts to develop and adapt a compliance program to solve today’s needs and support new requirements in the future. |
| Aug 22, 2008 |
In this white paper, we will discuss protecting critical hosts and their associated data by controlling and auditing system configurations, monitoring and managing user activity and controlling change. We will then discuss the next logical step, the integration and automation of these processes to enhance security of the critical data, improve incident response times and provide a consistent, repeatable and cost effective remediation process. |
| Mar 3, 2008 |
This whitepaper provides background and information on the Federal Desktop Core Configuration that was mandated by the Office of Management and Budget on March 22, 2007. It is intended for those individuals who are tasked with implementing the Federal Desktop Core Configuration or for those who are overseeing the implementation. |
| Feb 25, 2008 |
This whitepaper describes the drivers for better IT security auditing, the problems with current approaches and how to leverage NetIQ Secure Configuration Manager to automate IT security audits on key distributed platforms. |
| Jan 28, 2008 |
This whitepaper describes an effective approach for IT compliance – NetIQ’s compliance and risk management methodology – and how to leverage NetIQ’s methodology and solutions to consistently achieve better results. |
| Aug 15, 2007 |
This document lists each PCI security audit requirement, followed by the appropriate NetIQ products and a brief description of how each product addresses that requirement. |
| May 23, 2007 |
Rebecca Herold speaks with Chris Pick, Vice President of Corporate Strategy, and Wayne Crane, CIO, from NetIQ about a wide range of compliance issues, and what—from their perspectives and based on their experiences—they believe businesses need to know about the whole concept of compliance. |
| Apr 5, 2007 |
Industry compliance expert Rebecca Herold reviews the history of legislation aimed at better protecting personal information, the challenges to passing such bills into law and the benefits and detriments of such laws. She also discusses the benefits of being proactive about preventing personal information breaches. |
| Apr 5, 2007 |
Industry compliance expert Rebecca Herold discusses the importance of establishing a formal Information Security Management System and looks at how BS7799-2 specifically outlines and details the implementation and documentation requirements for an ISMS. |
| Apr 5, 2007 |
Many laws and regulations exist throughout the world that require specific retention time periods and associated safeguards for a wide range of data types. Organizations need to be aware of these data retention requirements and plan to meet the compliance challenges. |
| Mar 15, 2007 |
Industry compliance expert Rebecca Herold and Christopher Grille provide a very helpful checklist addressing outsourcing and partnering security and privacy considerations. It details what you must know about your business partner’s information security and privacy program and discusses how you can demonstrate to regulators that you are in compliance when someone else possesses your data. |
| Mar 6, 2007 |
Using NetIQ Secure Configuration Manager for Unix Assessments NetIQ Secure Configuration Manager helps you protect your IT infrastructure and meet compliance requirements in the IT controls areas of entitlement reporting and segregation of duties. This holds across many different platforms, none more important than Unix and Linux. |
| Feb 13, 2007 |
NetIQ Secure Configuration Manager – Built for the Enterprise This document describes the architecture, features and other aspects of NetIQ NetIQ Secure Configuration Manager that ensure it is capable of supporting large scale enterprises (ones with tens of thousands of managed servers). |
| Jan 25, 2007 |
Significantly fewer United States-based organizations are pursuing formal ISMS certification than in many other countries. In this article, I share my discussions with 10 chief information security officers (CISOs) from U.S.-based organizations about whether they are going to pursue ISMS certification and why. I also share the feedback given to me from a U.S.-based ISMS certification preparer group. |
| Oct 20, 2006 |
The Business Need for Information Security and Privacy Education Authored by information security expert Rebecca Herold, this whitepaper can help you protect the confidentiality, availability, and integrity of sensitive data. Discover how to prevent mistakes and actions based upon lack of knowledge, prevent deliberate fraud and disruption, and determine the needs of different groups and target training accordingly. |
| Sept 11, 2006 |
Businesses must always be vigilant about data security, particularly in the global information-based economy. Businesses are dependent upon information technology (IT). The risks that are an inherent part of IT make it necessary for IT leaders and IT personnel to know the data protection laws and regulations more than ever before. It is with this knowledge that they can incorporate information security and privacy within all the IT processes, throughout the entire systems development life cycle (SDLC). |
| Aug 10, 2006 |
This white paper explores some of these privacy concerns and what is going on in the world with regard to protecting personal information. It will then go over the challenges that face organizations and what they need to do to protect the privacy of information wherever it is in the world as well as the appropriate actions organizations must take to meet legal and contractual requirements. |
| Jul 27, 2006 |
Do Compliance Requirements Help or Hurt Information Security Seven seasoned information security and privacy professionals to get their opinions about whether regulatory compliance requirements help or hurt information security initiatives. |
| Jan 16, 2006 |
This white paper takes a close look at the aspects of Unified Compliance that can be addressed with NetIQ solutions. With NetIQ, companies can implement and manage controls that make compliance programs sustainable and repeatable, while gaining visibility into sources of vulnerability and risk exposure. |
| Jan 1, 2006 |
This guide describes many of the greatest security challenges the largest NetIQ federal sector customers are addressing. |
| Dec 1, 2005 |
This white paper presents the Top 10 IT Compliance Reports that can help organizations address their compliance and risk management requirements, as well as how and where NetIQ’s Knowledge-Based Service Assurance solutions can aid in creating an automated infrastructure to repeatedly and easily create those reports. |
| Dec 14, 2004 |
From Project to Process: Policy-Based Vulnerability Management Battling a constant barrage of worms, viruses and attacks on enterprise systems, IT and security administrators are seeking more efficient and effective ways to protect information assets. Vulnerability management is a critical but very challenging discipline. Unfortunately, many organizations rely on ineffective reactive approaches, treating vulnerability management as distinct, infrequent projects and failing to establish meaningful metrics with which to manage it as a process. NetIQ supports a more holistic, policy-based vulnerability management approach. This white paper describes how NetIQ policy-based solutions establish a more effective, mature vulnerability management capability. |
