The zero trust maturity model is a Cybersecurity and Infrastructure Security Agency (CISA) initiative to help achieve a modern approach of zero trust through the implementation of five pillars with cross-cutting capabilities. The five pillars of zero-trust security are identity, device, network, application and workload and data.

Who’s responsible for regulating technological change in a democracy?

Have you ever thought about how and why passwords are cracked? This article introduces password cracking, focusing on common strategies and tools used by security professionals and malicious users. We also discuss the composition of secure passwords, and why certain approaches are more effective than others. Cracking passwords can be done very easily in certain situations. The time taken and likelihood to successfully crack a password often depends on the password strength.

While trust plays an important role in access management, not all types of trust are created equal. When it comes to access management, there are two types of trust to pay close attention to, implicit trust and explicit trust. Let’s go over what these types of trust are in access management and how they differentiate from one another.

The security concept known as “Privilege Creep” occurs when an individual accumulates access rights over time, retaining entry to systems and data beyond the completion of a specific task or the need for such access. This gradual accumulation of unnecessary privileges within an organization not only complicates the management of access rights but also magnifies the potential for security breaches, data theft and misuse of information.

Privileged Access Management (PAM) protects an organization’s most critical systems and accounts from unauthorized access, making it important to have a good PAM strategy in place. Some of the best practices to develop a good PAM strategy include implementing least privilege access, monitoring privileged accounts, adopting password security best practices, requiring multi-factor authentication and auditing privileges regularly.

This is the third in a series of four posts about shadow IT, including how and why teams use unapproved apps and devices, and approaches for securely managing it. For a complete overview of the topics discussed in this series, download Managing the unmanageable: How shadow IT exists across every team – and how to wrangle it.