Key Considerations for Privileged Access ManagementA CISO Details Best Practices and Lessons Learned
Recent hacking incidents, including one targeting Twitter, are raising awareness of the importance of privileged access management, says David Boda, group head of information security for Camelot Group, operator of the U.K. National Lottery.
"Before tackling privileged access in an organization ... you first need to have solid foundations with good identity and access management," Boda says in an interview with Information Security Media Group. He also recommends implementing segregation of duties and using automated credential rotation or privileged session screen recording.
In the interview (see audio link below photo), Boda discusses;
- How to thwart breaches involving privileged access credentials;
- To what extent organizations should be monitoring privileged administrators;
- Strategies for reducing "technical debt."
Boda, who has 15 years of cybersecurity experience, is group head of information security for U.K.-based Camelot Group, where he's responsible for all aspects of information security, including the U.K. National Lottery operation. Previously, he served as head of cybersecurity at the U.K. Foreign & Commonwealth Office.