Presentation is loading. Please wait.

Presentation is loading. Please wait.

Best Practices in Enterprise IAM Liza Lowery Massey Montana Government IT Conference December 6, 2007.

Published byPatrick Eaton Modified over 8 years ago

Similar presentations

Presentation on theme: "Best Practices in Enterprise IAM Liza Lowery Massey Montana Government IT Conference December 6, 2007."— Presentation transcript:

1 Best Practices in Enterprise IAM Liza Lowery Massey Montana Government IT Conference December 6, 2007

2 The Issue More sensitive & confidential data is being stored on-line We are under attack Securing the enterprise is expensive Security procedures can be counter- productive Management understanding & support is lacking

3 The Solution Assess and manage your risks Know your data Implement an IAM Program  Processes, technologies & policies  Managing digital identities  Controlling how identities grant access

4 Assess & Manage Risk What is likely to occur? What is the impact if it occurs? What mandates exist? How secure do we need to be? What should we do first? What resources do we have/need?

5 Know Your Data (classification) Understand applicable state & federal laws Follow best practices Form a cross-organizational team Draft your policy Run it by legal Gain approval Educate the organization

6 IAM Programs Drivers  Fear  Compliance  Improvement Challenges  Fragmentation  Funding  Balance

7 IAM Programs Success Factors  Return on Investment  Governance Technical  Areas to Address  Standards  Best Practices

8 Areas to Address ID administration & provisioning Host based access control Extranet access control Single sign on Biometric/strong authentication Web services access management Mainframe access control Monitoring and auditing

9 Standards LDAP  Lightweight Directory Access Protocol  Networking protocol for querying and modifying directory services  Running over TCP/IP SAML  Security assurance markup language  XML for IAM over the Web  Critical middleware solution for state and local governments

10 Best Practices Availability Authentication Integrity Confidentiality Non-repudiation Compliance

11 Getting Started Establish governance Allocate resources Designate a responsible party Prioritize needs Draft & distribute policies Review & modify business processes Plan a phased implementation Identify & deploy technology

12 The Next Step Merging physical and logical security  Consolidate responsibility  Example – smart card Electronically identifies a person Serves as a visual badge Grants access to facilities Part of 2 or 3 tier access to IT applications & data

13 Related Reading I Am Who I Say I AM  http://www.centerdigitalgov.com/publications.php http://www.centerdigitalgov.com/publications.php

14 Liza Lowery Massey The CIO Collaborative liza@ciocollaborative.com www.ciocollaborative.com 702-743-4634

Download ppt "Best Practices in Enterprise IAM Liza Lowery Massey Montana Government IT Conference December 6, 2007."

Similar presentations

Pennsylvania Banner Users Group 2008 Fall Conference Campus Identity Management in a Banner World.

Pennsylvania Banner Users Group 2008 Fall Conference Campus Identity Management in a Banner World.
How Identity and Access Management Can Help Your Institution Touch Its Toes Renee Woodten Frost Internet2 and University of Michigan Kevin Morooney The.

How Identity and Access Management Can Help Your Institution Touch Its Toes Renee Woodten Frost Internet2 and University of Michigan Kevin Morooney The.
Lynn Ray ISO Towson University Strategic Planning for IT Security Copyright Lynn Ray, 2007. This work is the intellectual property rights of the author.

Lynn Ray ISO Towson University Strategic Planning for IT Security Copyright Lynn Ray, This work is the intellectual property rights of the author.
E-Business Risks Chapter Seven. E-Business Models EDI Web pages The online environment Distributed e-business and intranets Supply chain linkage Collaborative.

E-Business Risks Chapter Seven. E-Business Models EDI Web pages The online environment Distributed e-business and intranets Supply chain linkage Collaborative.
The Value of IT Governance Liza Lowery Massey Montana Government IT Conference December 6, 2007.

The Value of IT Governance Liza Lowery Massey Montana Government IT Conference December 6, 2007.
Information Security Policies and Standards

Information Security Policies and Standards
OPM Cybersecurity Competencies by Occupation (Technical Competencies) 2210085508540391 Information Technology Management Series Electronics Engineering.

OPM Cybersecurity Competencies by Occupation (Technical Competencies) Information Technology Management Series Electronics Engineering.
Identity & Access Management DCS 861 Team2 Kirk M. Anne Carolyn Sher-Decaustis Kevin Kidder Joe Massi John Stewart.

Identity & Access Management DCS 861 Team2 Kirk M. Anne Carolyn Sher-Decaustis Kevin Kidder Joe Massi John Stewart.
Cybersecurity Summit 2004 Andrea Norris Deputy Chief Information Officer/ Director of Division of Information Systems.

Cybersecurity Summit 2004 Andrea Norris Deputy Chief Information Officer/ Director of Division of Information Systems.
Identity and Access Management IAM. 2 Definition Identity and Access Management provide the following: – Mechanisms for identifying, creating, updating.

Identity and Access Management IAM. 2 Definition Identity and Access Management provide the following: – Mechanisms for identifying, creating, updating.
Chapter 12 USING TECHNOLOGY TO ENHANCE BUSINESS PROCESSES.

Chapter 12 USING TECHNOLOGY TO ENHANCE BUSINESS PROCESSES.
Automated Policy Enforcement Adam Vincent, Layer 7 Federal Technical Director

Automated Policy Enforcement Adam Vincent, Layer 7 Federal Technical Director
Identity Management and PKI Credentialing at UTHSC-H Bill Weems Academic Technology University of Texas Health Science Center at Houston.

Identity Management and PKI Credentialing at UTHSC-H Bill Weems Academic Technology University of Texas Health Science Center at Houston.
Data Protection in Higher Education: Recent Experiences in Privacy and Security Institute for Computer Law and Policy Cornell University June 29, 2005.

Data Protection in Higher Education: Recent Experiences in Privacy and Security Institute for Computer Law and Policy Cornell University June 29, 2005.
Accessibility, Integrity, & Confidentiality: Security Challenges for E-Business Rodney J. Petersen University of Maryland & Educause/Internet2 Security.

Accessibility, Integrity, & Confidentiality: Security Challenges for E-Business Rodney J. Petersen University of Maryland & Educause/Internet2 Security.
© 2008 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. HP Automates Infrastructure Outsourcing.

© 2008 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. HP Automates Infrastructure Outsourcing.
Aegis Identity Software, Inc. presents Trends in Identity and Access Management in Higher Education to US Federations June 20, 2012 Janet Yarbrough – Director.

Aegis Identity Software, Inc. presents Trends in Identity and Access Management in Higher Education to US Federations June 20, 2012 Janet Yarbrough – Director.
Deploying a Certification Authority for Networks Security Prof. Dr. VICTOR-VALERIU PATRICIU Cdor.Prof. Dr. AUREL SERB Computer Engineering Department Military.

Deploying a Certification Authority for Networks Security Prof. Dr. VICTOR-VALERIU PATRICIU Cdor.Prof. Dr. AUREL SERB Computer Engineering Department Military.
Chapter 20 20-1 © 2012 Pearson Education, Inc. Publishing as Prentice Hall.

Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.
Best Practices in Deploying a PKI Solution BIEN Nguyen Thanh Product Consultant – M.Tech Vietnam

Best Practices in Deploying a PKI Solution BIEN Nguyen Thanh Product Consultant – M.Tech Vietnam

Similar presentations

Ads by Google