Presentation is loading. Please wait.

Presentation is loading. Please wait.

Chapter 20 20-1 © 2012 Pearson Education, Inc. Publishing as Prentice Hall.

Published byPatrick Summers Modified over 9 years ago

Similar presentations

Presentation on theme: "Chapter 20 20-1 © 2012 Pearson Education, Inc. Publishing as Prentice Hall."— Presentation transcript:

1 Chapter 20 20-1 © 2012 Pearson Education, Inc. Publishing as Prentice Hall

2 It is about: Developing controls to prevent, detect, or correct harmful events. Developing steps to identify and authenticate users, as well as to authorize their access to types of information. 20-2

3 © 2012 Pearson Education, Inc. Publishing as Prentice Hall IDM is a key component for the safe and secure delivery of online information and services. 20-3

4 © 2012 Pearson Education, Inc. Publishing as Prentice Hall 20-4 Registration or identification It answers the question “Who are you?” (e.g., username) Authentication It answers the question “How do I know it’s you?” (e.g., passwords, biometrics, swipe card) Authorization It answers the question “What are you allowed to do or see?” and validate that the user has the right to access a specific resource

5 © 2012 Pearson Education, Inc. Publishing as Prentice Hall IDM Administration Information privacy Security Risk Regulatory compliance 20-5

6 © 2012 Pearson Education, Inc. Publishing as Prentice Hall IDM Administration Involves user (de)registration of IT systems and management of passwords. It determines the accessibility to types of systems and information. 20-6

7 © 2012 Pearson Education, Inc. Publishing as Prentice Hall Information Privacy Involves the organizational practices to assure protection of information. 20-7

8 © 2012 Pearson Education, Inc. Publishing as Prentice Hall Security Involves the organizational practices to assure protection of not only personal data but also of corporate intellectual property. However, it cannot prevent authorized users to use information inappropriately. 20-8

9 © 2012 Pearson Education, Inc. Publishing as Prentice Hall Risk IDM practices should be based on an assessment of the risk involved to both individuals and organizations. IDM needs should also be linked to the level of risk involved. 20-9

10 © 2012 Pearson Education, Inc. Publishing as Prentice Hall Regulatory compliance Organizations have legal responsibilities to identify and authenticate users of their data. Organizations are legally required to review key transactions done by employees. 20-10

11 © 2012 Pearson Education, Inc. Publishing as Prentice Hall Effective IDM in collaboration with security is the means to balance organizational risk and flexibility needs. Effective IDM helps businesses to make better decisions as they become more mobile, global, digital, and interconnected. 20-11

12 © 2012 Pearson Education, Inc. Publishing as Prentice Hall Business needs that require strong IDM 20-12 Support for a mobile and global workforce Speedier mergers and acquisitions Protection for massive amounts The ability to present a consolidate view of data Improved online customer service Increased collaboration Addressing complex external relationships

13 © 2012 Pearson Education, Inc. Publishing as Prentice Hall 20-13 Limited understanding of the business benefits of effective IDM No business benefits No funds available

14 © 2012 Pearson Education, Inc. Publishing as Prentice Hall 20-14 A fragmented governance between IT HR The business Legal departments

15 © 2012 Pearson Education, Inc. Publishing as Prentice Hall 20-15 Current IDM practices and processes are often manual. Security risks are increasing rapidly. The number and type of devices not provided by the organization and the number of remote users are increasing.

16 © 2012 Pearson Education, Inc. Publishing as Prentice Hall 20-16 Approach IDM holistically Focus on business value Adopt standards wherever possible Develop a roadmap Decouple IDM from applications, environments, and companies 1 23 45

17 © 2012 Pearson Education, Inc. Publishing as Prentice Hall 20-17 Approach IDM holistically IDM should be an integrated part of an organization’s overall security framework that consists on several layers.

18 © 2012 Pearson Education, Inc. Publishing as Prentice Hall 20-18 Compliance – demonstrate policy enforcement aligned to regulations, standards, laws and agreements. Identity and Access – provide controlled and secure access to information, applications and assets to both internal and external users. Information Security – protect and secure data and information assets. Application Security – continuously manage, monitor and audit access to applications. Infrastructure Security – comprehensively manage threats and vulnerabilities across networks, servers and end-points. Physical Security – monitor and control access to buildings and secure areas. IDM is Part of a Holistic Security Framework

19 © 2012 Pearson Education, Inc. Publishing as Prentice Hall 20-19 Focus on business value: IDM should be designed to: Help make effective business decisions Reduce cost of providing effective IDM Increase trust both internally and externally Support the development of electronic services and virtual work Enhance productivity and adherence to acceptable- use policies

20 © 2012 Pearson Education, Inc. Publishing as Prentice Hall 20-20 Adopt standards wherever possible Enterprise IDM should adhere to open standards in order to facilitate provisioning of cross-enterprise services (Smith 2008)

21 © 2012 Pearson Education, Inc. Publishing as Prentice Hall 20-21 Develop a road map Helps with the development of framework, policies, and standards for IDM as well as with the development of processes and infrastructure required to achieve IDM.

22 © 2012 Pearson Education, Inc. Publishing as Prentice Hall 20-22 Decoupled IDM from applications, environments, and companies So that IDM can be managed holistically. However, it should also make identities portable across systems, technical environments and devices.

23 © 2012 Pearson Education, Inc. Publishing as Prentice Hall 20-23 Identify IDM needs and set policy Address IDM process and governance Integrate IDM with architecture Incorporate traceability and auditability 1 4 3 2

24 © 2012 Pearson Education, Inc. Publishing as Prentice Hall 20-24 Identify IDM needs and set policy There is no standard list of identity attributes, so organizations should develop their own acceptable internal and external authentication, IDM triggers, and the level of access.

25 © 2012 Pearson Education, Inc. Publishing as Prentice Hall 20-25 Address IDM process and governance: IDM processes need governance and business ownership of IDM so that right decisions about how the flexibility:risk trade-off can be achieved. The IDM should be viewed as a life cycle to develop and manage an improved process.

26 © 2012 Pearson Education, Inc. Publishing as Prentice Hall 20-26 Role-based Provisioning Consume Manage Monitor, Audit and Compliance Register/ Modify/ Deregister Authenticate /Authorize The IDM Life Cycle

27 © 2012 Pearson Education, Inc. Publishing as Prentice Hall 20-27 Integrated IDM with architecture: Architecture group Plans and designs how applications and infrastructure will evolve Solve Technical issues Poor system integration and a lack of standards

28 © 2012 Pearson Education, Inc. Publishing as Prentice Hall 20-28 Incorporate traceability and auditability – a significant amount of time is spent on monitoring accounts, user activity, and compliance reports. Automation of these process and governance to incorporate them Solution

29 © 2012 Pearson Education, Inc. Publishing as Prentice Hall IT managers must balance the risks in becoming networked and opening their firewalls to clients with the expected business value delivered. Effective IDM initiatives must be articulated in both business and technical terms. This encourages business leaders to be involved in the process. 19-29

30 © 2012 Pearson Education, Inc. Publishing as Prentice Hall 20-30 Copyright © 2012 Pearson Education, Inc. Copyright © 2012 Pearson Education, Inc. Publishing as Prentice Hall

Download ppt "Chapter 20 20-1 © 2012 Pearson Education, Inc. Publishing as Prentice Hall."

Similar presentations

© 2008 Cisco Systems, Inc. All rights reserved.Cisco Confidential 14854_10_2008_c1 1 Holistic Approach to Information Security Greg Carter, Cisco Security.

© 2008 Cisco Systems, Inc. All rights reserved.Cisco Confidential 14854_10_2008_c1 1 Holistic Approach to Information Security Greg Carter, Cisco Security.
Chapter 10 Accounting Information Systems and Internal Controls

Chapter 10 Accounting Information Systems and Internal Controls
Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.

Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.
Control and Accounting Information Systems

Control and Accounting Information Systems
SAFE Blueprint and the Security Ecosystem. 2 Chapter Topics  SAFE Blueprint Overview  Achieving the Balance  Defining Customer Expectations  Design.

SAFE Blueprint and the Security Ecosystem. 2 Chapter Topics  SAFE Blueprint Overview  Achieving the Balance  Defining Customer Expectations  Design.
Chapter 11 11-1 © 2012 Pearson Education, Inc. Publishing as Prentice Hall.

Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.
6.1 © 2007 by Prentice Hall 6 Chapter Foundations of Business Intelligence: Databases and Information Management.

6.1 © 2007 by Prentice Hall 6 Chapter Foundations of Business Intelligence: Databases and Information Management.
Chapter 5 5-1 © 2009 Pearson Education, Inc. Publishing as Prentice Hall.

Chapter © 2009 Pearson Education, Inc. Publishing as Prentice Hall.
Chapter 5 5-1 © 2009 Pearson Education, Inc. Publishing as Prentice Hall.

Chapter © 2009 Pearson Education, Inc. Publishing as Prentice Hall.
Security Controls – What Works

Security Controls – What Works
The New World of Security for Business Travellers Anurag Lal Senior Vice President Strategic Services & Business Development Wi-Fi Business Development.

The New World of Security for Business Travellers Anurag Lal Senior Vice President Strategic Services & Business Development Wi-Fi Business Development.
Advanced Metering Infrastructure AMI Security Roadmap April 13, 2007.

Advanced Metering Infrastructure AMI Security Roadmap April 13, 2007.
ISS IT Assessment Framework

ISS IT Assessment Framework
Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.

Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
Chapter 9 Information Systems Controls for System Reliability— Part 2: Confidentiality and Privacy Copyright © 2012 Pearson Education, Inc. publishing.

Chapter 9 Information Systems Controls for System Reliability— Part 2: Confidentiality and Privacy Copyright © 2012 Pearson Education, Inc. publishing.
Chapter 8 Information Systems Controls for System Reliability— Part 1: Information Security Copyright © 2012 Pearson Education, Inc. publishing as Prentice.

Chapter 8 Information Systems Controls for System Reliability— Part 1: Information Security Copyright © 2012 Pearson Education, Inc. publishing as Prentice.
Information Systems Controls for System Reliability -Information Security-

Information Systems Controls for System Reliability -Information Security-
Demonstrating IT Relevance to Business Aligning IT and Business Goals with On Demand Automation Solutions Robert LeBlanc General Manager Tivoli Software.

Demonstrating IT Relevance to Business Aligning IT and Business Goals with On Demand Automation Solutions Robert LeBlanc General Manager Tivoli Software.
Chapter 16 16-1 © 2012 Pearson Education, Inc. Publishing as Prentice Hall.

Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.

Similar presentations

Ads by Google