© 2014 The MITRE Corporation. All rights Reserved. Roger Westman Principal Information Security Engineer September 29, 2014 Authorization.

Slides:



Advertisements
Similar presentations
Connected Health Framework
Advertisements

Rational Unified Process®
Institute for Cyber Security
ONS Research Data Access Strategy AGENDA Background and context Confidentiality The Strategy.
Building an Operational Enterprise Architecture and Service Oriented Architecture Best Practices Presented by: Ajay Budhraja Copyright 2006 Ajay Budhraja,
Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch
Systems Engineering in a System of Systems Context
© 2010 The MITRE Corporation. All rights reserved. SWIM Architecture Alternatives Duncan Thomson 6 May 2010 The contents of this material reflect the views.
1 For System Administrators INFORMATION INFORMATION SYSTEM SECURITY INFORMATION INFORMATION SYSTEM SECURITY.
© 2009 The MITRE Corporation. All rights Reserved. April 28, 2009 MITRE Public Release Statement Case Number Norman F. Brickman, Roger.
© Siemens AG 2001 Software & Systems Architectures - Mobile Computing Proposed Research Topics Cooperation between Siemens and UCB March 27, 2001 Visit.
Chapter 6 Database Design
Analysis Stage (Phase I) The goal: understanding the customer's requirements for a software system. n involves technical staff working with customers n.
MSIS 110: Introduction to Computers; Instructor: S. Mathiyalakan1 Systems Design, Implementation, Maintenance, and Review Chapter 13.
Fit for Purpose Governance in the NHS A National Inquiry “The effective spread of innovation is determined more by inter-personal and inter-organisational.
Document Number Here © 2006 The MITRE Corporation. All rights reserved. Holds and Diversions June 22, 2004.
© 2007 The MITRE Corporation. All rights reserved Approved for Public Release; Distribution Unlimited Potential New Ideas from Complexity Science.
1 SOFTWARE QUALITY ASSURANCE Basic Principles. 2 Requirements System Design Detailed Design Implementation Installation & Testing Maintenance SW Quality:
ITIL as a Standard for Service Process Management Tavipark Sreesurichan.
© 2014 The MITRE Corporation. All rights reserved. SEDC 2014 April 4, 2014 Nadya Subowo Towards Agile Systems Engineering for the National Airspace System.
Overview & Definitions for Downloadable Credentials 1 S GPP2 TSG-S WG1 Source: Sprint, US Cellular, Motorola Mobility, Qualcomm Contact(s):
ISO 9001:2015 Revision overview - General users
What is Business Analysis Planning & Monitoring?
RUP Fundamentals - Instructor Notes
Chapter 1 Software and Software Engineering. A Quick Quiz 1. What percentage of large projects have excess schedule pressure? 25% 50% 75% 100% 2. What.
Business Systems Development SDLC and introduction to the Microsoft Solutions Framework Team and Process Models.
The Challenge of IT-Business Alignment
BUSINESS PLUG-IN B15 Project Management.
Week 4 Lecture Part 3 of 3 Database Design Samuel ConnSamuel Conn, Faculty Suggestions for using the Lecture Slides.
Requirements Engineering CSE-305 Requirements Engineering Process Tasks Lecture-5.
Principles of Information Systems, Sixth Edition Systems Design, Implementation, Maintenance, and Review Chapter 13.
Certification and Accreditation CS Phase-1: Definition Atif Sultanuddin Raja Chawat Raja Chawat.
IAM REFERENCE ARCHITECTURE BRICKS EMBEDED ARCHITECTS COMMUNITY OF PRACTICE MARCH 5, 2015.
What is a Business Analyst? A Business Analyst is someone who works as a liaison among stakeholders in order to elicit, analyze, communicate and validate.
DEV234 Project Management For.NET Developers Marc Gusmano Director of Emerging Technologies The Information Management Group.
The Infrastructure Optimization Journey Kamel Abu Ayash Microsoft Corporation.
Principles of Information Systems, Sixth Edition Systems Design, Implementation, Maintenance, and Review Chapter 13.
Supporting further and higher education The Akenti Authorisation System Alan Robiette, JISC Development Group.
PRJ505 Communications Management. Communication Management Processes: –Planning –Information Distribution –Performance Reporting –Stakeholder Management.
Search Engine Optimization © HiTech Institute. All rights reserved. Slide 1 What is Solution Assessment & Validation?
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
Proposed Solution for Device Binding 3GPP2 TSG-S WG4 S Source: Qualcomm Incorporated Contact(s): Anand Palanigounder,
Project Management – a facilitated discussion Craig Johnson IS Business Systems Analyst Connexus Energy / Information Systems.
McGraw-Hill/Irwin ©2008 The McGraw-Hill Companies, All Rights Reserved INFORMATION SECURITY SECTION 4.2.
GOOD PRACTICES IN TECHNICAL COOPERATION FOR STATISTICS Paris 21 Meeting Paris, France, June 2000.
Approved for Public Release; Distribution Unlimited © 2006 The MITRE Corporation. All Rights Reserved. The SMS Table Kent V. Hollinger December.
Implementation: Results from the Using Your Regional ITS Architecture Peer Exchange Network Workshop Mac Lister FHWA Resource Center ITS America Annual.
McGraw-Hill/Irwin Copyright © 2013 by The McGraw-Hill Companies, Inc. All rights reserved. Business Plug-In B15 Project Management.
Principles of Information Systems, Sixth Edition 1 Systems Design, Implementation, Maintenance, and Review Chapter 13.
OASIS Cloud Authorization TC (CloudAuthZ) Rakesh Radhakrishnan, TC Member.
Name Project Management Symposium June 8 – 9, 2015 Slide 1 Susan Hostetter, Reed Livergood, Amy Squires, and James Treat 2015 Project Management Symposium.
June California Investor Owned Utilities (IOU) HAN vision statement development 15 June 2007.
The CSO’s IT Strategy and the GSBPM IT Directors Group October 2010 Joe Treacy Central Statistics Office Ireland.
John Weigelt, MEng, PEng, CISSP, CISM National Technology Officer Microsoft Canada November 2005 Fighting Fraud Through Data Governance.
Software Development Process CS 360 Lecture 3. Software Process The software process is a structured set of activities required to develop a software.
Business Intelligence Pathway Method 5 th Meeting Course Name: Business Intelligence Year: 2009.
System Design, Implementation and Review
Office 365 FastTrack Planning Engagement Kickoff
CIM Modeling for E&U - (Short Version)
Information Security Professionals
The Disciplined Agile Framework
Perspectives on the Term Service
Chapter 6 Database Design
Software Engineering (CSI 321)
The Disciplined Agile Framework
Project Charter I want to design a project
Applied Software Project Management
Are you measuring what really counts?
Getting Started with Team Foundation Service
The Disciplined Agile Toolkit
Presentation transcript:

© 2014 The MITRE Corporation. All rights Reserved. Roger Westman Principal Information Security Engineer September 29, 2014 Authorization in Action Approved for Public Release; Distribution Unlimited The views, opinions and/or findings contained in this presentation are those of The MITRE Corporation and should not be construed as an official Government position, policy, or decision, unless designated by other documentation.

© 2014 The MITRE Corporation. All rights Reserved. Purpose and Constraints ■Purpose –Provide lessons learned from our experience ■Constraints –This presentation reflects our operational experience –Your environment may have different or additional needs 2

© 2014 The MITRE Corporation. All rights Reserved. Evolution of Identity and Access Management (Our Viewpoint) 3

© 2014 The MITRE Corporation. All rights Reserved. High Level Logical Architecture 4

© 2014 The MITRE Corporation. All rights Reserved. Need Improved Technical Capabilities and Cultural Evolution ■Content Aware, Context Aware, and Risk Aware Decisions are intertwined ■Risk Adaptive Access Control (RAdAC) is a good starting point See NIST for more details ■A Key Challenge: Formal but agile organization governance for lifecycle management for business based and IT implemented decision logic –It’s an organizational governance challenge, more complex than the IT governance challenge –Example policy: Allow user U to access (i.e., view but not download or modify) ■If it is Data Y (but not Y1) from device A (but not A1) when the user is operating from environment B1 over network C (but not CX) when conditions 1 … N are satisfied ■Deny any user access even if above is true when in business operational mode M1 ■Allow access for user U7 even if above is false when in business operational mode M0, M2, … MN 5

© 2014 The MITRE Corporation. All rights Reserved. Best Practices ■Partner with your internal stakeholders –It is a team sport ■Know your –Stakeholders’ expectations and organizational culture –Set of business access control policies –Set of attributes/entitlements –Business and Technical dependencies –Normal, level of degradation, and fail safes modes of operation ■Standardize and harmonize where practical –Understanding, adopting, and/or developing the right standards and specifications –Loose coupling, high internal cohesion are key principles ■One size does not fit all ■Enjoy the journey because it never ends! 6

© 2014 The MITRE Corporation. All rights Reserved. Contact Information and Questions ■Roger Westman 7 ?

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.