Home → Magazine Archive → January 2015 (Vol. 58, No. 1) → Internal Access Controls → Abstract

Internal Access Controls

By Geetanjali Sampemane

Communications of the ACM, Vol. 58 No. 1, Pages 62-65

[article image]

back to top 

Every day seems to bring news of another dramatic and high-profile security incident, whether it is the discovery of longstanding vulnerabilities in widely used software such as OpenSSL or Bash, or celebrity photographs stolen and publicized. There seems to be an infinite supply of zero-day vulnerabilities and powerful state-sponsored attackers. In the face of such threats, is it even worth trying to protect your systems and data? What can systems security designers and administrators do?

While these threats are very real, they are not the biggest ones faced by most organizations. Most organizations do not face targeted attacks from hostile governments or criminals intent on stealing users' data; their systems are more likely to be unavailable because of ill-timed software updates or misconfiguration.2,34


No entries found