Privilege escalation.

Show Notes

You can’t do zero trust without Identity and Access Management (IAM). You can’t limit access by a need to know parameter unless you have a system of systems that can describe all the people and devices and code, what those things are authorized to connect to and even modify, and then a way to enforce the policy. Identity Governance and Administration (IGA) is the internal group of IT, security, and business leaders who define the policy. Privileged Identity Management (PIM) is the system that dynamically manages all the identities. Privileged Access Management (PAM) is the system that enforces the rules created by the IGA against the identities in the PIM.

For a complete reading list and even more information, check out Rick’s more detailed essay on the topic.

HOST(S):

Rick Howard is the CSO of N2K and the Chief Analyst, and Senior Fellow at the N2K Cyber, formerly CyberWire. His past lives include CSO at Palo Alto Networks, CISO at TASC, the GM at Verisign/iDefense, the Counterpane SOC Director, and the Commander of the Army's Computer Emergency Response Team (CERT). Rick served 25 years in the Army, taught computer science at West Point, edited two books and just published his own book, "Cybersecurity First Principles: A Reboot of Strategy and Tactics" and he is regularly joined at the N2K Cyber's Hash Table by a collection of industry experts.

Schedule: Mondays (in season)

Credits: Edited by John Petrik and executive produced by Peter Kilpe. Our theme song is by Blue Dot Sessions, remixed by the insanely talented Elliott Peltzman, who also does the show's mixing, sound, and original score

Creator: CyberWire, Inc.