During ISSA 2017, Ulrich Lang, CEO/Founder ObjectSecurity will present: Make Access Control Great Again!
Infrastructure Access control means many things to many people. The least common denominator is user logins and roles. However, there is a lot (!) more to access control than that. Unfortunately access control is among the most ill understood, least developed aspects of Cybersecurity. At the same time controlling access to IT resources it is the core underpinning of cybersecurity.
Over the years both scientists and marketeers came up with a myriad of concepts, acronyms and terms to describe different kinds of aspects of access control. Acronyms incl. MAC vs DAC, IBAC/AuthNBAC, RBAC, ABAC, PBAC, ZBAC/AuthZBAC, NAC/AppAC/OSAC/VMAC, HistBAC, NGAC, RAdAC, HBAC, CBAC, GraphBAC, BPMBAC, and many more. In addition, terms such as entitlement management, authorization management, micro segmentation, nano segmentation, VLANs, isolation, separation, adaptive/ dynamic authorization etc. are used by vendors to describe their products.
On top of that, vendors talk about security automation/orchestration, security policy automation. Because this terminology soup keeps changing, it leaves security professionals mostly confused. Ulrich Lang’s presentation will cut through the fog and provide clarity about the reasons/benefits/challenges of the various access control concepts.
Ulrich will peel off the marketing layer and categorize concepts according to pertinent characteristics such as granularity, assurance/verifiability, adoption, enforceability, manageability etc. The audience will learn that once the acronyms and terms are peeled off, there are numerous underlying concepts that are critically important for security professionals to protect their organizations (incl. IIoT/IoE).