Download presentation
Presentation is loading. Please wait.
Published byMagdalen Lindsey Modified over 9 years ago
1
Chapter 8 20-1 © 2012 Pearson Education, Inc. Publishing as Prentice Hall
2
Developing controls to prevent, detect, and/or correct harmful events Developing steps to identify & authenticate users, and authorize their access to types of information Key component for safe & secure delivery of online information & services 20-2
3
© 2012 Pearson Education, Inc. Publishing as Prentice Hall 20-3 Registration or identification Answers “Who are you?” (e.g., username) Authentication Answers “How do I know it’s you?” (e.g., passwords, biometrics, swipe card) Authorization Answers “What are you allowed to do or see?” & validate user has right to access specific resource(s)
4
© 2012 Pearson Education, Inc. Publishing as Prentice Hall IDM Administration Information privacy Security Risk Regulatory compliance 20-4
5
© 2012 Pearson Education, Inc. Publishing as Prentice Hall IDM Administration involves user (de)registration of IT systems and management of passwords determines accessibility to types of systems & info Information Privacy Practices to assure information protection 20-5
6
© 2012 Pearson Education, Inc. Publishing as Prentice Hall Security Practices to assure and personal protection and corporate intellectual property It cannot prevent authorized users from using information inappropriately Risk Based on assessment to individuals & organizations Needs linked to the level of risk involved 20-6
7
© 2012 Pearson Education, Inc. Publishing as Prentice Hall Regulatory compliance Organizations have legal responsibilities to identify and authenticate users of their data Organizations legally required to review key transactions done by employees 20-7
8
© 2012 Pearson Education, Inc. Publishing as Prentice Hall Effective IDM in collaboration with security means to balance organizational risk & flexibility needs Effective IDM helps businesses make better decisions as they become more mobile, global, digital & interconnected 20-8
9
© 2012 Pearson Education, Inc. Publishing as Prentice Hall Business needs that require strong IDM 20-9 Support for a mobile and global workforce Speedier mergers and acquisitions Protection for massive amounts The ability to present a consolidate view of data Improved online customer service Increased collaboration Addressing complex external relationships
10
© 2012 Pearson Education, Inc. Publishing as Prentice Hall 20-10 Limited understanding of the business benefits of effective IDM No business benefits No funds available
11
© 2012 Pearson Education, Inc. Publishing as Prentice Hall 20-11 A fragmented governance between IT HR The business Legal departments
12
© 2012 Pearson Education, Inc. Publishing as Prentice Hall 20-12 Current IDM practices &processes often manual Security risks are increasing rapidly Number & type of devices not provided by the organization and number of remote users are increasing
13
© 2012 Pearson Education, Inc. Publishing as Prentice Hall 20-13 Approach IDM holistically Focus on business value Adopt standards wherever possible Develop a roadmap Decouple IDM from applications, environments, and companies 1 23 45
14
© 2012 Pearson Education, Inc. Publishing as Prentice Hall 20-14 Approach IDM holistically Should be integrated part of organization’s overall security framework that consists on several layers.
15
© 2012 Pearson Education, Inc. Publishing as Prentice Hall 20-15 Compliance – demonstrate policy enforcement aligned to regulations, standards, laws and agreements. Identity and Access – provide controlled and secure access to information, applications and assets to both internal and external users. Information Security – protect and secure data and information assets. Application Security – continuously manage, monitor and audit access to applications. Infrastructure Security – comprehensively manage threats and vulnerabilities across networks, servers and end-points. Physical Security – monitor and control access to buildings and secure areas. IDM is Part of a Holistic Security Framework
16
© 2012 Pearson Education, Inc. Publishing as Prentice Hall 20-16 Focus on business value: IDM should be designed to: Help make effective business decisions Reduce cost of providing effective IDM Increase trust both internally and externally Support the development of electronic services and virtual work Enhance productivity and adherence to acceptable- use policies
17
© 2012 Pearson Education, Inc. Publishing as Prentice Hall 20-17 Adopt standards wherever possible Should adhere to open standards in order to facilitate provisioning of cross- enterprise services (Smith 2008)
18
© 2012 Pearson Education, Inc. Publishing as Prentice Hall 20-18 Develop a road map Helps with development of framework, policies & standards for IDM Helps with development of processes & infrastructure required to achieve IDM
19
© 2012 Pearson Education, Inc. Publishing as Prentice Hall 20-19 Decoupled IDM from applications, environments & companies So IDM can be managed holistically. However, also should make identities portable across systems, technical environments & devices
20
© 2012 Pearson Education, Inc. Publishing as Prentice Hall 20-20 Identify IDM needs and set policy Address IDM process and governance Integrate IDM with architecture Incorporate traceability and auditability 1 4 3 2
21
© 2012 Pearson Education, Inc. Publishing as Prentice Hall 20-21 Identify IDM needs & set policy There is no standard list of identity attributes So organizations should develop their own acceptable internal & external authentication, IDM triggers & the level of access.
22
© 2012 Pearson Education, Inc. Publishing as Prentice Hall 20-22 Address IDM process & governance: IDM processes need governance & business ownership of IDM so right decisions about how flexibility versus risk trade-off achieved The IDM should be viewed as a life cycle to develop and manage an improved process.
23
© 2012 Pearson Education, Inc. Publishing as Prentice Hall 20-23 Role-based Provisioning Consume Manage Monitor, Audit and Compliance Register/ Modify/ Deregister Authenticate /Authorize The IDM Life Cycle
24
© 2012 Pearson Education, Inc. Publishing as Prentice Hall 20-24 Integrated IDM with architecture: Architecture group Plans & designs how applications & infrastructure evolve Solve Technical issues Poor system integration & lack of standards
25
© 2012 Pearson Education, Inc. Publishing as Prentice Hall 20-25 Incorporate traceability & auditability significant amount of time spent monitoring accounts, user activity & compliance reports Automation of these process & governance to incorporate them Solution
26
© 2012 Pearson Education, Inc. Publishing as Prentice Hall IT managers must balance risks in becoming networked & opening their firewalls to clients with expected business value delivered Effective IDM initiatives must be articulated in business & technical terms encourages business leader involvement in process 19-26
Similar presentations
© 2024 SlidePlayer.com. Inc.
All rights reserved.