Presentation is loading. Please wait.

Presentation is loading. Please wait.

Identity, Management & Federation  Can you ever trust someone you don't manage?  John Arnold Chief Security Architect, Capgemini  Geoff Sweeney CTO,

Published byMerry Alexander Modified over 9 years ago

Similar presentations

Presentation on theme: "Identity, Management & Federation  Can you ever trust someone you don't manage?  John Arnold Chief Security Architect, Capgemini  Geoff Sweeney CTO,"— Presentation transcript:

1 Identity, Management & Federation  Can you ever trust someone you don't manage?  John Arnold Chief Security Architect, Capgemini  Geoff Sweeney CTO, Tier-3

2 © 2004 Capgemini - All rights reserved Xxx/yymmdd - Title of the presentation, Author / 2 Overview  Jericho Forum’s Trust Paper –What is trust –How can we manage trust in a de-perimeterised organisation?  Tier-3 Experience with monitoring outsourced back-office for a bank

3 Why should we care about Trust?  Modern IT security is largely about constraining behaviour against rules in a directory  Today, we are happy to maintain that directory manually  As organisations become more porous, so do their directories  Trust is a general framework for managing directories effectively

4 © 2004 Capgemini - All rights reserved Xxx/yymmdd - Title of the presentation, Author / 4 Why do I trust my employees  Employment is governed by a contract –Rules of behaviour laid out for both sides –System of rewards and penalties for desired and undesired behaviour  Employment is trusting and co-operative –Employee trusts employer to pay him in arrears –Employer trusts employee not to damage his interests –The legal system, and informal sanctions, punish non-co- operation

5 © 2004 Capgemini - All rights reserved Xxx/yymmdd - Title of the presentation, Author / 5 How do I trust non-employees?  I will trust people to perform a task if –They have the necessary resources and skills –They are well disposed towards me –I can hold them accountable  Any form of trust can be treated as a contract –The terms must be made clear –The performance of both sides must be monitored –An accountability mechanism is required to handle non- compliance

6 © 2004 Capgemini - All rights reserved Xxx/yymmdd - Title of the presentation, Author / 6 Generic Trust Model Contract Formation Contract Performance Contract Monitoring Service Catalogue ProvisioningUser Audit Shopping CartFulfilmentFraud Detection

7 © 2004 Capgemini - All rights reserved Xxx/yymmdd - Title of the presentation, Author / 7 Trust Continuum High TrustLow Trust Strict registration and reputation checking Basic registration Emphasis on accountability Emphasis on access control Long term relationshipShort term transaction

8 Background  International Bank  Off shoring opportunity based in India –Attractive cost proposal  Risk management concerns –IT Security major focus  Enforcement of contract terms –SLA monitoring –Regular reporting © 2004 Capgemini - All rights reserved Xxx/yymmdd - Title of the presentation, Author / 8

9 Key Challenges  No sure way to control outsourced environment  Detailed audit provisioning –Audit use of banking environment Network’s Operating environment Application layer –Control and monitoring of all connected devices  Real time response –Critical situation resolution © 2004 Capgemini - All rights reserved Xxx/yymmdd - Title of the presentation, Author / 9

10 Audit Analysis  Record all network activity –VPN handoff Real time connected asset view Anomalous communications Use of bank assets –Operating system layer Account logon/off File access –Applications layer Database access (query level) Mainframe use © 2004 Capgemini - All rights reserved Xxx/yymmdd - Title of the presentation, Author / 10

11 Ongoing Process  Compliance statement –Management reporting  Real time monitoring –Investigation and threat prioritisation  Regular reporting back to outsourcer –Anomalous and inappropriate activity SLA implications Commercial resolution © 2004 Capgemini - All rights reserved Xxx/yymmdd - Title of the presentation, Author / 11

12 Benefits  Monitoring makes up for difficulties with access control  Allows organisations to build up trust  Modern technology allows audit analysis to be performed in real time  Allows participants, and 3 rd parties, to gain confidence in each other  Makes new types of de-perimeterised business partnerships viable

Download ppt "Identity, Management & Federation  Can you ever trust someone you don't manage?  John Arnold Chief Security Architect, Capgemini  Geoff Sweeney CTO,"

Similar presentations

SKILLS SUMMIT November 2012 Warwick Quinn. Topics Today What is the Construction Safety Council? CSC Strategic Plan Current Initiatives Competency framework.

SKILLS SUMMIT November 2012 Warwick Quinn. Topics Today What is the Construction Safety Council? CSC Strategic Plan Current Initiatives Competency framework.
STRATEGIC PLANNING FOR Post-Clearance Audit (PCA)

STRATEGIC PLANNING FOR Post-Clearance Audit (PCA)
BalaBit Shell Control Box

BalaBit Shell Control Box
AFM INTERNAL AUDIT NETWORK MEETING MUTUAL ONE GROVE PARK, LEICESTER Current ‘Hot Topics’ in Information Security Governance Auditing David Tattersall 03.

AFM INTERNAL AUDIT NETWORK MEETING MUTUAL ONE GROVE PARK, LEICESTER Current ‘Hot Topics’ in Information Security Governance Auditing David Tattersall 03.
Identity Federation Rules and Process Linda Elliott President, PingID Network Electronic Authentication Partnership Washington, DC February 12, 2004.

Identity Federation Rules and Process Linda Elliott President, PingID Network Electronic Authentication Partnership Washington, DC February 12, 2004.
Chapter 10 Accounting Information Systems and Internal Controls

Chapter 10 Accounting Information Systems and Internal Controls
1 The Development of Corporate Governance in Hong Kong Paul M Y Chow Chief Executive Hong Kong Exchanges and Clearing Limited Presented at the AIA Luncheon,

1 The Development of Corporate Governance in Hong Kong Paul M Y Chow Chief Executive Hong Kong Exchanges and Clearing Limited Presented at the AIA Luncheon,
Professional Behaviour

Professional Behaviour
5 Things Every Trustee Should Know/Do 1.Responsibilities 2.Governing Document 3.Prudent Control 4.Strategic Leadership 5.Challenge 6.Evaluation.

5 Things Every Trustee Should Know/Do 1.Responsibilities 2.Governing Document 3.Prudent Control 4.Strategic Leadership 5.Challenge 6.Evaluation.
Collaboration Oriented Architecture COA Position Paper An Overview Adrian Seccombe Board of Management, Jericho Forum ® CISO & Snr Enterprise Information.

Collaboration Oriented Architecture COA Position Paper An Overview Adrian Seccombe Board of Management, Jericho Forum ® CISO & Snr Enterprise Information.
1 Question 5 : Are they well led? Supporting staff Temporary Staffing MAST Staff Appraisals.

1 Question 5 : Are they well led? Supporting staff Temporary Staffing MAST Staff Appraisals.
WHY CHOOSE CEO-PE?  We employ International Association of Privacy Professionals (IAPP) Certified and Health Insurance Portability & Accountability Act.

WHY CHOOSE CEO-PE?  We employ International Association of Privacy Professionals (IAPP) Certified and Health Insurance Portability & Accountability Act.
The Australian/New Zealand Standard on Risk Management

The Australian/New Zealand Standard on Risk Management
Computers: Tools for an Information Age

Computers: Tools for an Information Age
© 2012 McGladrey LLP. All Rights Reserved.© 2014 McGladrey LLP. All Rights Reserved. © 2012 McGladrey LLP. All Rights Reserved. © 2013 McGladrey LLP. All.

© 2012 McGladrey LLP. All Rights Reserved.© 2014 McGladrey LLP. All Rights Reserved. © 2012 McGladrey LLP. All Rights Reserved. © 2013 McGladrey LLP. All.
Management of Health & Safety Joe McNicholas July 2000.

Management of Health & Safety Joe McNicholas July 2000.
The University of California Strengthening Business Practices: The Language of Our Control Environment Dan Sampson Assistant Vice President Financial Services.

The University of California Strengthening Business Practices: The Language of Our Control Environment Dan Sampson Assistant Vice President Financial Services.
Session 3 – Information Security Policies

Session 3 – Information Security Policies
Tips and Tricks for CFO’s Global Expansion Alliance Webinar John Galvin, June 2 2015.

Tips and Tricks for CFO’s Global Expansion Alliance Webinar John Galvin, June
Cloud Computing Stuart Dillon-Roberts. “In the simplest terms, cloud computing means storing & accessing data & programs over the Internet instead of.

Cloud Computing Stuart Dillon-Roberts. “In the simplest terms, cloud computing means storing & accessing data & programs over the Internet instead of.

Similar presentations

Ads by Google