Tag: security policy

  • Elastic Permissions

    Over the past two years my colleagues and friends have heard me talk about Elastic Permissions, and at some point I started hearing other people mention the term (yay for planting the seeds through consistently using a new term…). So I figured – for the sake of clarity, let’s put this out there for posterity.…

  • Two Frameworks For Securing A Decentralized Enterprise

    This post was originally published on Forbes Many modern enterprises no longer operate in a highly centralized manner. Traditionally, cybersecurity in enterprise environments consisted of defining trust boundaries, placing controls over these boundaries, setting standards and policies for the safe and secure handling of data, enforcing said policies and scrutinizing any code/applications that were developed…

  • Basic is great

    Encouraged by the response to my last post (https://www.iamit.org/blog/2018/06/the-ian-amit-spectrum-of-pentesting-efficacy/ for those who missed it), and following up on a couple of recent Twitter/LinkedIn/WhatsApp conversations, I’d like to emphasize the importance of doing basic and simple work (in security, but it probably also applies to everything else). We are working in a weird industry. The industry…

  • the art of not thinking about elephants

    Approaching risk management should be done in the most holistic manner, this means that EVERY aspect of information flow should be taken into account. This article describes how a red-team test managed to exfiltrate data out of a closed/non-connected network using innovative thinking.

  • Identity crisis

    Here’s a common question I get asked a lot: “What technology should I use to secure my server/network/[some technology]?” The question is usually presented by someone who’s in charge of “Security” in an organization. Now, I wouldn’t have had a problem with this if this was a technician, or a pen-tester of sorts, but I…