1. Build an Identity Security Services Plan
Secure your weakest links: your users.
Info-Tech's products and services combine actionable insight and relevant advice with ready-to-use tools and templates that cover the full spectrum of IT concerns.© Info-Tech Research Group

2. Info-Tech Research Group Helps IT Professionals To:
Quickly get up to speed with new technologies
Make the right technology purchasing decisions – fast
Deliver critical IT projects, on time and within budget
Manage business expectations
Justify IT spending and prove the value of IT
Train IT staff and effectively manage an IT department
Sign up for free trial membership to get practical
solutions for your IT challenges
“Info-Tech helps me to be proactive instead of reactive – a cardinal rule in a stable and leading edge IT environment.
- ARCS Commercial Mortgage Co., LP
Toll Free:

3. Introduction
Organizations are too busy looking outwards for threats, neglecting to address the key internal threats that their users’ identities can pose.
This Research Is Designed For:
This Research Will Help You:
Organizations with an upcoming audit that have not reviewed their user groups in over a year.
Organizations that have experienced data theft due to a disgruntled former employee.
Applications or infrastructure managers dealing with manual provisioning/deprovisioning processes that take too long and disrupt employee productivity.
IT departments faced with a high volume of help desk tickets due to provisioning/deprovisioning, password administration, etc.
Identify your users and what they can access.
Determine whether their levels of access are appropriate.
Identify ways to optimize your current identity management processes.
Identify gaps in your identity management strategy.
Create a roadmap of the top 10 controls you can implement to address these gaps.
Decrease your overall help desk ticket volume and spend.

4. Executive Summary Know your users Know their access
You cannot begin to manage your users until you know who they are.
Make the process manageable by working in segments.
Choose your top five applications/systems and work through those first to address the most critical areas.
Establishing a process you can re-execute that allows you to understand who your users are will make this time-consuming process easier to complete each year.
Know their access
It’s likely you are not fully aware if all your users have the appropriate levels of access for their particular roles – creating serious risk.
Now-defunct accounts, users with too much access, and other access-related issues can create increased help desk costs and headaches in the future.
Optimize and improve your identity management processes to cut costs
Your organization will have some identity management processes in place – the key is to optimize those processes before looking at new spend.
Automating the provisioning/deprovisioning process, and looking into self-service for password changes will dramatically cut down on help desk ticket costs and time spent on fighting these fires.

5. Blueprint Table of Contents
Outputs
Make the Case
Why you should care.
The cost of not caring.
How Identity Security fits into your overall security portfolio.
Track metrics to save money and streamline.
Costs of not initiating identity mgmt. and metrics
Module 1: Identify users & what they can access
Identify your user groups in your top 5 apps/systems.
Identify owner in each app/system.
Determine the sensitivity of data in each app/system.
Prioritize which app/system to audit first based on overall sensitivity level.
List of your critical apps and their critical user groups to audit first.
Module 2: Prepare to audit user access appropriateness
Prepare to audit user access using User Access Appropriateness Audit Checklist.
Initiate audit – focusing on top priority apps/systems.
Continue manually auditing high-priority applications and systems (Repeat steps 2 and 3 for all apps/systems – high-priority or not).
Communicate changes to end users.
User Access Appropriateness Audit Checklist.
Module 3: Identify current identity management practices
Identify technologies, policies, processes currently in place with the IAM Controls Analysis Tool
Perform gap analysis with the IAM Controls Analysis Tool
Optimize what you have
IAM Controls Analysis Tool.
Module 4: Create implementation roadmap
Identify your top 10 controls to apply to your identity mgmt. strategy with the IAM Controls Analysis Tool.
Understand what each user group requires in terms of identity mgmt. controls.
Develop an Identity and Access Management Policy.
IAM Controls Analysis Tool – Top 10 Controls List, Identity and Access Management Policy.

6. You should care about your users because it can cost you if you don’t
Identity management is not just a backlog project to dig up whenever an audit is looming. It’s critical to your overall security plan.
It’s easy to think of identity management as just being concerned with your Active Directory, your internal users, and making sure Jim in accounting stops leaving vital passwords everywhere on Post-It notes. These are still essential components, but identity management is also about your privileged users, your remote users, and your external users.
The less time you spend properly managing and maintaining these accounts, the more open you are to attacks:
A 2012 Deloitte-NASCIO study encouraged organizations to put an emphasis on user education because the number one cause of security breaches is user error.
In 80 cases, actual malicious attacks committed by internal employees (who had been at the organization for under 32 months) resulted in a monetary impact of about $282,750 (Insider Threat Study)
In 2009, a Data Breach Investigations Report by Verizon Business RISK showed that one-third of data breaches were due to “trusted business partners” like contractors or vendors – external users.

7. Identity security is a vital pillar of your security house
Network and Asset Security Services deal with your data and devices, and where they travel.
They focus primarily on the perimeter, and on data flow internally as well as out of the organization – there is little focus on who is using that data.
That’s where Identity Security Services comes in. As part of a Defense-in-Depth strategy, an organization must protect its boundaries as much as possible and what data it allows out of its walls.
But it is essential to protect the warm bodies within those walls from attacks on their identities, and from themselves (employee negligence is a reality – remember Jim from accounting and his Post-Its).
Mega Trend
Mappings
Cloud, mobility, big data, consumerization/BYOX
Advanced Persistent Threat Protection
Security Analytics
Network Security Services
NGFW
IDPS
Net DLP
NAC
Etc.
Asset Security Services
Data
Endpoints
Apps
Identity Security Services
IdM
SSO
MFA
UP/DP
Etc.
Security Governance Services
Info. Risk Mgmt., InfoSec Compliance, Incident Response
Staffing, training, organization, policy. architecture

8. Also Available: Info-Tech’s Free Pilot Workshops
Book a workshop today!
An Info-Tech project accelerator workshop will help you to engage your stakeholders, gather important data, make key decisions, and generate a customized project road map Here’s how it works:
Enroll in a 2-5 day workshop for your project Send an to or call Ext Your account manager will contact you and quote you the cost of the workshop.
Book your workshop A Workshop Coordinator will contact you to book a workshop planning call with one of our Facilitators and arrange dates for your workshop. We can hold the workshop in Info-Tech’s world-class facility in Toronto or at your location.
Plan your workshop A Workshop Facilitator will contact you to go over the workshop outline and choose the contents that are appropriate to your situation.
Participate in your workshop Our experienced Workshop Facilitators will take your project team through your tailored slides and exercises and will summarize all the workshop outputs into a final report.
Also Available: Info-Tech’s Free Pilot Workshops
Some of our workshops are available at no charge. We offer newly introduced blueprints as free pilot workshops to our clients during a short testing period. Each workshop is:
Offered for free one time only.
Available to all clients after testing, for a very reasonable price.
For a current list of free pilot workshops, please contact or see the Upcoming Research page on our website.

9. Guided Implementation points in the Identity Security Services project
Book a Guided Implementation Today: Info-Tech is just a phone call away and can assist you with your project. Our expert Analysts can guide you to successful project completion.
Here are the suggested Guided Implementation points in the Identity Security Services project:
Section 1: Determine application sensitivity, and key user and data groups
Provide information (spreadsheets, etc.) about your top 5 applications with access information on the four user groups (remote, internal, privileged – internal, and external).
Identify critical user groups and prioritize.
Section 2: Prepare for user access appropriateness assessment
Using the prioritized list from GI-1, analysts will walk you through the User Access Appropriateness Assessment Checklist using one of your top data/systems. The analyst will discuss what you need to be aware of as you assess the access levels of your users.
This symbol signifies when you’ve reached a Guided Implementation point in your project.
To enroll, send an to or call and ask for the Guided Implementation Coordinator.

10. Guided Implementation points in the Identity Security Services project
Book a Guided Implementation Today: Info-Tech is just a phone call away and can assist you with your project. Our expert Analysts can guide you to successful project completion.
Here are the suggested Guided Implementation points in the Identity Security Services project:
Section 3: Assess current process and identify gaps
Using the IAM Controls Analysis Tool – work through your top applications/systems, and record current state information into the tool.
Section 4: Create identity management implementation roadmap
Once the top data systems current state information is recorded in the tool, analysts will walk the client through the resulting dashboard results, ending with the Prioritization Roadmap. The Roadmap will document the top 10 controls your organization needs to implemented based on your data.
This symbol signifies when you’ve reached a Guided Implementation point in your project.
To enroll, send an to or call and ask for the Guided Implementation Coordinator.

11. Module 1: Identify your users and what they can access
Identify user groups in your top five applications/systems.
Identify the owner in each application/system.
Prioritize which application/system to audit first in Module 2 based on overall sensitivity level.
Identify users & access
Prepare to audit user access
Identify current identity mgmt. practices
Create an implementation roadmap