Cybersecurity Insurance Checklist - Meet Insurance Requirements with BeyondTrust PAM Download for Free

  • Partners
  • Support
  • Careers
  • English
    • Deutsch
    • français
    • español
    • 한국어
    • português
BeyondTrust
  • Products

    Privileged Password Management

    Discover, manage, audit, and monitor privileged accounts and credentials.

    • Password Safe
    • DevOps Secrets Safe
    • Privileged Access Discovery Application

    Endpoint Privilege Management

    Enforce least privilege across Windows, Mac, Linux, and Unix endpoints.

    • Windows and Mac
    • Unix and Linux
    • Active Directory Bridge

    Secure Remote Access

    Centrally manage remote access for service desks, vendors, and operators.

    • Remote Support
    • Privileged Remote Access
    • Privileged Access Discovery Application

    Cloud Security Management

    Automate the management of identities and assets across your multicloud footprint.

    • Cloud Privilege Broker

    BeyondInsight

    Experience the industry’s most innovative, comprehensive platform for privileged access management.

  • Solutions

    Use Cases

    • Cloud Security
    • Compliance
    • Cyber Insurance
    • Digital Transformation
    • Endpoint Security
    • Operational Technology
    • Ransomware
    • Service Desk Efficiency
    • Zero Trust

    Industry Applications

    • Financial Services
    • Government Agencies
    • Healthcare
    • Law Enforcement
    • Manufacturing
    • Schools & Universities

    Solutions

    The BeyondTrust Privileged Access Management portfolio is an integrated solution that provides visibility and control over all privileged accounts and users.

  • Resources

    Learn

    • Blog
    • Customer Stories
    • Competitor Comparisons
    • Datasheets
    • Demos
    • Glossary
    • Podcast
    • Whitepapers

    Attend

    • Events
    • Go Beyond
    • Training
    • Webinars

    Support

    • Changelog
    • Professional Services
    • Technical Documentation

    Universal Privilege Management

    Our innovative Universal Privilege Management approach secures every user, asset, and session across your entire enterprise.

  • Company
    • About
    • Leadership
    • Core Values
    • Partners
    • Careers
  • Watch Demo
  • Contact Sales

Enterprise Security and Risk Management

August 23, 2011

  • Blog
  • Archive
Searching the internet finds a plethora of definitions, services, products, solutions, and even training classes for Enterprise Security and Risk Management. The topic is so broad that almost every security vendor falls into this category. At the middle of almost all the definitions (excluding physical security theft) is the protection of an organizations most treasured resource: Information.

Corporate information can generally be divided into three categories:
  • Public: Accessible to everyone in the company. This is commonly displayed as an intranet bulletin board or even through Human Resources.
  • Sensitive: This data is sensitive to only the individuals, groups, and departments that need it. It is vast majority of data in an organization and is sensitive to the users that created it and need it for daily operations.
  • Confidential: This data contains everything from personal information, passwords, credit cards, and even company secrets (new products, employee salaries, etc.)
Confidential information is the most valuable to an organization and generally the target for an attack and extraction for illegal monetary gain. This information can come from a wide variety of computing resources as we move outward from the center of the diagram. Protecting servers and workstations is a mature discipline with plenty of tools and solutions to assess vulnerabilities, risk, and data. Other categories such as the proliferation smart phones and emergence of cloud computing represent untested security models for users, business transactions, and other physical devices that may interact with them. Attacks on these new technologies are currently challenging the traditional solutions for Enterprise Security and Risk Management. For example, my team and have been working with cloud providers and recently stood up some fresh images for a new project. After a few minutes of exposing the new image to the internet, it was infected. We did not even have a chance to load any management utilities or even perform a vulnerability assessment since the default image provided by the vendor had only service packs applied and did not contain any security updates since the last service pack was issued. From an enterprise security and risk management perspective, you would never stand up a new production server and make it available until it was fully patched, properly configured, and past quality assurance checks. So why would depending on a cloud resource be any different knowing that the vendor providing the image is not keeping it fully patched in the first please. Consider if you would let a rooted smart phone on your network as well. Both of these technologies have access to information, represent changes to the technology landscape, and can not be controlled with current documented and enforceable security procedures for enterprise security and risk management. The definition of enterprise security and risk management is incredibly diverse. As we introduce new technologies to increase efficiency, lower cost, make us competitive, and provide easier access to information, we potentially introduce new risks and attack vectors that can compromise our most confidential information. Current procedures and tools for these technologies are just emerging and will add another layer of security management to implement and manage. This does not need to be another vendor and with yet another solution. It can just be an expansion of the toolsets you have to meet current challenges or the introduction of one vendor to manage all of your unified vulnerability management needs. For more information on how eEye meets these needs, please click here. Our technology and solutions are addressing these emerging problems and can provide the relief and products your organization needs to safeguard your information.
Photograph of Morey J. Haber

Morey J. Haber, Chief Security Officer, BeyondTrust

Morey J. Haber is the Chief Security Officer at BeyondTrust. He has more than 25 years of IT industry experience and has authored three books: Privileged Attack Vectors, Asset Attack Vectors, and Identity Attack Vectors. He is a founding member of the industry group Transparency in Cyber, and in 2020 was elected to the Identity Defined Security Alliance (IDSA) Executive Advisory Board. Morey currently oversees BeyondTrust security and governance for corporate and cloud based solutions and regularly consults for global periodicals and media. He originally joined BeyondTrust in 2012 as a part of the eEye Digital Security acquisition where he served as a Product Owner and Solutions Engineer since 2004. Prior to eEye, he was Beta Development Manager for Computer Associates, Inc. He began his career as Reliability and Maintainability Engineer for a government contractor building flight and training simulators. He earned a Bachelor of Science degree in Electrical Engineering from the State University of New York at Stony Brook.

Stay Up To Date

Get the latest news, ideas, and tactics from BeyondTrust. You may unsubscribe at any time.

I agree to receive product related communications from BeyondTrust as detailed in the Privacy Policy, and I may manage my preferences or withdraw my consent at any time.

You May Also Be Interested In:

Whitepapers

Cybersecurity Insurance Checklist

Whitepapers

Microsoft Vulnerabilities Report 2021

Whitepapers

Privileged Access Management: PAM Checklist

Keep up with BeyondTrust

I agree to receive product related communications from BeyondTrust as detailed in the Privacy Policy, and I may manage my preferences or withdraw my consent at any time.

Customer Support
Contact Sales

Products

  • Endpoint Privilege Management
  • Password Management
  • Privileged Remote Access
  • DevOps Secrets Safe
  • Remote Support
  • Cloud Privilege Broker

Resources

  • Blog
  • Case Studies
  • Competitor Comparisons
  • Datasheets
  • Glossary
  • Podcast
  • Videos
  • Webcasts
  • Whitepapers

About

  • Company
  • Careers
  • Contact
  • Events
  • Leadership Team
  • Partner Program
  • Press
BeyondTrust Logo
  • Facebook
  • Twitter
  • LinkedIn
  • Privacy
  • Security
  • Manage Cookies
  • WEEE Compliance

Copyright © 1999 — 2022 BeyondTrust Corporation. All rights reserved. Other trademarks identified on this page are owned by their respective owners. BeyondTrust Corporation is not a chartered bank or trust company, or depository institution. It is not authorized to accept deposits or trust accounts and is not licensed or regulated by any state or federal banking authority.