Identity Management Requires Defense in Depth, Much Like Enterprise Security
I could not agree more with Scott Waddell's blog entry on depth of security. It’s only a matter of time before today super powered cyber criminals find ways to take advantage of the inherent weaknesses in even the best technologies, '2 factor' have been hacked, username and password is not enough... you can google for yourself the stories.
Today’s cyber criminals are so tech savvy and innovative that staying one step ahead of them isn’t always possible. So when it comes to network security, a good defense should be made up of several different layers. That way, even if a hacker is able to exploit vulnerability in one layer of the system, he may be stopped or slowed down by another. This strategy, known as defense in depth, essentially allows organizations to protect the integrity of their systems by slowing hackers down and buying security professionals the time they need to respond to a security breach once it has occurred. This mitigates the damage that malicious hackers can do, even if they are able to make it past initial barriers.
The same basic principle of creating a more comprehensive defense by layering tools and diversifying methods can be applied to fighting online fraud. To successfully combat online fraud, a fraud management system should include the layers of defence including multi-factor identity authentication.
I agree wholehearteldy with Scott that the best offensive against cyber crime today is a multi-layered defense.
http://blog.iovation.com/2010/02/19/fraud-management-requires-defense-in-depth/#more-1580
No comments:
Post a Comment