One of the key problems for enterprise (and governments) today is that it is difficult to figure out and manage security requirements. Once these so-called “enterprise security policies” are figured out, it is even harder to technically implement them so they actually protect today’s complex, interconnected IT landscapes. There is a large gap between how human security professionals think about security policies, and how technical systems implement them. This is especially true for access control policies, which lie at the heart of cybersecurity.
This whitepaper discusses the top 10 things you need to know about how to damage-control both hacker pivots and insider leaks both in enterprise IT and the internet of things. To frame the discussion, the whitepaper first explains how hackers typically enter their target organization and then move laterally (“pivot”) on to valuable assets. It then explains how most organizations are overwhelmed, understaffed and/or underfunded when it comes to cybersecurity.