NYCDOE Division of Instructional and Information Technology Oren Hamami Chief Information Security Officer New York City Department of Education.

Slides:



Advertisements
Similar presentations
Pennsylvania Banner Users Group 2008 Fall Conference Campus Identity Management in a Banner World.
Advertisements

Agenda 2 factor authentication Smart cards Virtual smart cards FIM CM
Microsoft Identity Solutions
RBAC and Usage Control System Security. Role Based Access Control Enterprises organise employees in different roles RBAC maps roles to access rights After.
U.S. Department of Agriculture eGovernment Program February 2004 eAuthentication Integration Status eGovernment Program.
Dorian Grid Identity Management and Federation Dialogue Workshop II Edinburgh, Scotland February 9-10, 2006 Stephen Langella Department.
Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 5 Database Application Security Models.
Information Technology Current Work in System Architecture November 2003 Tom Board Director, NUIT Information Systems Architecture.
Identity and Access Management IAM A Preview. 2 Goal To design and implement an identity and access management (IAM) middleware infrastructure that –
Chapter 5 Database Application Security Models
Identity Management, what does it solve By Gautham Mudra.
Identity and Access Management
Data and Applications Security Developments and Directions Dr. Bhavani Thuraisingham The University of Texas at Dallas Single-Sign On and Federated Identity.
#CONVERGE2014 Session 1304 Managing Telecom Directories in a Distributed or Multi-Vendor Environment David Raanan Starfish Associates.
© 2008 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. HP Automates Infrastructure Outsourcing.
Secure Your Risk. Increase Your Bottom Line.™ Leda McNair Database Administrator Coppin State University Brian Vinacco Director.
Identity and Access Management Business Ready Security Solutions.
Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
Energy Ecosystem Overview David Miller Chief Security Officer.
Authorization Scenarios with Signet RL “Bob” Morgan University of Washington Internet2 Member Meeting, September 2004.
Collaborating with the Quality Code Christopher J Cox Head of Collaborative Partnerships, Nottingham Trent University.
Network Security Policy Anna Nash MBA 737. Agenda Overview Goals Components Success Factors Common Barriers Importance Questions.
Office of Information Technology Balancing Technology and Privacy – the Directory Conundrum January 2007 Copyright Barbara Hope and Lori Kasamatsu 2007.
©2010 Prentice Hall Business Publishing, Auditing 13/e, Arens/Elder/Beasley Internal and Governmental Financial Auditing and Operational Auditing.
U.S. Department of Agriculture eGovernment Program July 23, 2003 eAuthentication Initiative Agency Responsibilities and Funding Discussion eGovernment.
Database Application Security Models Database Application Security Models 1.
Case Study: DirXML Implementation at Waste Management Rick Wagner Systems Engineer Novell, Inc.
GatorLink Password Management Policy March 31, 2004.
Cloud Use Cases, Required Standards, and Roadmaps Excerpts From Cloud Computing Use Cases White Paper
Identity Management 20/01/2005 Abhai Chaudhary. Facts Today, many organizations routinely create and manage user identities and access privileges in 25.
…. PrePlanPrepareMigratePost Pre- Deployment PlanPrepareMigrate Post- Deployment First Mailbox.
March 2014 Basic Content Management Tuffolo Group Perspective TUFFOLO.
Presented by: Presented by: Tim Cameron CommIT Project Manager, Internet 2 CommIT Project Update.
© M S GIS & Mapping Implementing GIS © M S GIS & Mapping Training and Information A Successful Project A Case Study - The Geo Pres Project To Finish a.
1 The World Bank Internet Services Program Rajan Bhardvaj
Empowering people-centric IT Unified device management Access and information protection Desktop Virtualization Hybrid Identity.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
Information Technology Current Work in System Architecture January 2004 Tom Board Director, NUIT Information Systems Architecture.
Get identities to the cloud Mix on-premises and cloud identity for improved PC, mobile, and web productivity Cloud identities help you run your business.
Networked Systems Survivability CERT ® Coordination Center Software Engineering Institute Carnegie Mellon University Pittsburgh, PA © 2002 Carnegie.
Module 9 User Profiles and Social Networking. Module Overview Configuring User Profiles Implementing SharePoint 2010 Social Networking Features.
Connect. Communicate. Collaborate Deploying Authorization Mechanisms for Federated Services in the eduroam architecture (DAMe)* Antonio F. Gómez-Skarmeta.
Oracle HFM Implementation Boot Camp
University of Washington Collaboration: Identity and Access Management Lori Stevens University of Washington October 2007.
Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.
Identity Management, Federating Identities, and Federations November 21, 2006 Kevin Morooney Jeff Kuhns Renee Shuey.
The UW-Madison IAM Experience Building our Dream Home Presented by Steve Devoti, Senior IT Architect © 2007 Board of Regents of the University of Wisconsin.
Introducing Novell ® Identity Manager 4 Insert Presenter's Name (16pt) Insert Presenter's Title (14pt) Insert Company/ (14pt)
Managing Office 365 Identities and Requirements Question Answer
The Four Pillars of Identity: A Solution for Online Success Tom Shinder Principle Writer and Knowledge Engineer, SCD iX Solutions Group Microsoft Corporation.
© Arbela Technologies Accounts Payable + Procurement & Sourcing Workflows.
Information Technology  © 2001 The Trustees of Boston College   Slide 1 Call to Action! Bernard W. Gleason JA-SIG uPortal Conference Vancouver, British.
Stop Those Prying Eyes Getting to Your Data
Azure Active Directory - Business 2 Consumer
Data and Applications Security Developments and Directions
SaaS Application Deep Dive
Power BI Security Best Practices
Description of Revision
How does a Requirements Package Vary from Project to Project?
Enterprise Single Sign-On
CYB 100 Teaching Effectively-- snaptutorial.com
Ebusiness Infrastructure Platform
[Work Order #] [ARB Date]
ACS Deployment Scenarios
Presentation transcript:

NYCDOE Division of Instructional and Information Technology Oren Hamami Chief Information Security Officer New York City Department of Education

NYCDOE Division of Instructional and Information Technology Agenda  General Approach  Detailed Analysis  Example: Provisioning  Special Cases  Next Steps New York City Department of Education | Division of Instructional and Information Technology | November, 20092

NYCDOE Division of Instructional and Information Technology New York City Department of Education | Division of Instructional and Information Technology | November, General Approach: The Matrix The single most important step in creating the roadmap is defining, and getting agreement on, the scope: What types of users will be served by this program? With what services will these users be provided? The answers to each of these questions are then arranged to form a matrix, with columns representing user types and rows identifying services.

NYCDOE Division of Instructional and Information Technology General Approach: The Users 4New York City Department of Education | Division of Instructional and Information Technology | November, 2009 Columns in the NYCDOE Matrix: EmployeesPartnersStudentsParentsSchool Apps Web Services

NYCDOE Division of Instructional and Information Technology General Approach: The Services 5New York City Department of Education | Division of Instructional and Information Technology | November, 2009 Rows in the NYCDOE Matrix: Provisioning – Users Provisioning – Entitlements Provisioning – Self-Service Authentication – Single Source Authentication – Externalized Authentication – Single Sign-On Authorization – Web Apps Authorization – Web Services

NYCDOE Division of Instructional and Information Technology Detailed Analysis: The Cells 6New York City Department of Education | Division of Instructional and Information Technology | November, 2009 For each cell in the matrix, the following components were identified: Solution and product or prospective vendors Maturity (from 0 to 5, 0 being not decided and 5 enterprise deployment) Projects depending on the solution Timeframes driven by these projects Potential obstacles to implementation

NYCDOE Division of Instructional and Information Technology Example: Provisioning 7New York City Department of Education | Division of Instructional and Information Technology | November, 2009 EmployeesPartnersStudentsParents Provisioning - Users Solution: Autoprovisioning Product: IBM Tivoli Identity Manager Maturity: 4 Projects: All Timeframe: Now Obstacles: All employee accounts are created through this process, though several areas for optimization have been identified. Solution: Autoprovisioning Product: IBM Tivoli Identity Manager Maturity: 3 Projects: SESIS Timeframe: May 2010 Obstacles: Partners need to be added into a system of record before they can be provisioned. Solution: Autoprovisioning Product: IBM Tivoli Identity Manager Maturity: 1 Projects: Student Timeframe: Sept 2010 Obstacles: Licenses would need to be purchased. The only student provisioning being done right now is manual. Solution: Autoprovisioning Product: IBM Tivoli Identity Manager Maturity: 1 Projects: Parent Timeframe: Sept 2010 Obstacles: Licenses would need to be purchased. The only parent provisioning being done right now is manual.

NYCDOE Division of Instructional and Information Technology Example: Provisioning 8New York City Department of Education | Division of Instructional and Information Technology | November, 2009 EmployeesPartnersStudentsParents Provisioning - Entitlements Solution: Role-Based Access Control Product: IBM Tivoli Identity Manager Maturity: 2 Projects: SESIS Timeframe: May 2010 Obstacles: Requires thorough business analysis of entitlement assignment process and approval workflows. Solution: Role-Based Access Control Product: IBM Tivoli Identity Manager Maturity: 2 Projects: SESIS Timeframe: May 2010 Obstacles: Partners role assignment is subject to the same business analysis requirements as employees, in addition to lacking systems of record. Solution: Role-Based Access Control Product: IBM Tivoli Identity Manager Maturity: 1 Projects: Student Timeframe: Sept 2010 Obstacles: Licenses would need to be purchased. Scalability might become a factor depending on number of roles. Policy decisions needed on what entitlements students get and who can assign them. Solution: None Product: N/A Maturity: N/A Projects: None Timeframe: N/A Obstacles: Parents typically have only one role, and entitlement provisioning is expected to occur as part of user provisioning.

NYCDOE Division of Instructional and Information Technology Special Cases 9New York City Department of Education | Division of Instructional and Information Technology | November, 2009 The scenarios fall within the context of identity and access management but, because they focus on applications, do not necessary fit the same access model that can be applied to individual users. School-Based Applications Constrained by scale Public user directory (Higher Education model) Virtual directory Web Services Separate category of technology Publication to the internet Authentication (SAML) Authorization (XACML) Transactional security (signing, encryption)

NYCDOE Division of Instructional and Information Technology Next Steps 10New York City Department of Education | Division of Instructional and Information Technology | November, 2009 Select solutions and products to complete matrix Gain agreement on and approval for complete matrix Break each solution into components to be phased Develop phased timeline based on project dependencies Identify funding requirements and sources Obtain funding and resources where necessary Implement! Remember that the roadmap is a living document! Be prepared to revise it as phases complete and requirements evolve.

NYCDOE Division of Instructional and Information Technology Oren Hamami Chief Information Security Officer New York City Department of Education Questions & Roundtable Discussion

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.