Best Practices in Enterprise IAM Liza Lowery Massey Montana Government IT Conference December 6, 2007.

Slides:



Advertisements
Similar presentations
Pennsylvania Banner Users Group 2008 Fall Conference Campus Identity Management in a Banner World.
Advertisements

How Identity and Access Management Can Help Your Institution Touch Its Toes Renee Woodten Frost Internet2 and University of Michigan Kevin Morooney The.
Lynn Ray ISO Towson University Strategic Planning for IT Security Copyright Lynn Ray, This work is the intellectual property rights of the author.
E-Business Risks Chapter Seven. E-Business Models EDI Web pages The online environment Distributed e-business and intranets Supply chain linkage Collaborative.
The Value of IT Governance Liza Lowery Massey Montana Government IT Conference December 6, 2007.
Information Security Policies and Standards
OPM Cybersecurity Competencies by Occupation (Technical Competencies) Information Technology Management Series Electronics Engineering.
Identity & Access Management DCS 861 Team2 Kirk M. Anne Carolyn Sher-Decaustis Kevin Kidder Joe Massi John Stewart.
Cybersecurity Summit 2004 Andrea Norris Deputy Chief Information Officer/ Director of Division of Information Systems.
Identity and Access Management IAM. 2 Definition Identity and Access Management provide the following: – Mechanisms for identifying, creating, updating.
Chapter 12 USING TECHNOLOGY TO ENHANCE BUSINESS PROCESSES.
Automated Policy Enforcement Adam Vincent, Layer 7 Federal Technical Director
Identity Management and PKI Credentialing at UTHSC-H Bill Weems Academic Technology University of Texas Health Science Center at Houston.
Data Protection in Higher Education: Recent Experiences in Privacy and Security Institute for Computer Law and Policy Cornell University June 29, 2005.
Accessibility, Integrity, & Confidentiality: Security Challenges for E-Business Rodney J. Petersen University of Maryland & Educause/Internet2 Security.
© 2008 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. HP Automates Infrastructure Outsourcing.
Aegis Identity Software, Inc. presents Trends in Identity and Access Management in Higher Education to US Federations June 20, 2012 Janet Yarbrough – Director.
Deploying a Certification Authority for Networks Security Prof. Dr. VICTOR-VALERIU PATRICIU Cdor.Prof. Dr. AUREL SERB Computer Engineering Department Military.
Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.
Best Practices in Deploying a PKI Solution BIEN Nguyen Thanh Product Consultant – M.Tech Vietnam
HIPAA COMPLIANCE WITH DELL
Security Baseline. Definition A preliminary assessment of a newly implemented system Serves as a starting point to measure changes in configurations and.
Federal Aviation Administration Federal Aviation Administration 1 Presentation to: Name: Date: Federal Aviation Administration AMHS Security Security Sub-Group.
1 Secure Commonwealth Panel Health and Medical Subpanel Debbie Condrey - Chief Information Officer Virginia Department of Health December 16, 2013 Virginia.
Web Services Igor Wasinski Olumide Asojo Scott Hannan.
X-Road – Estonian Interoperability Platform
1 EAP and EAI Alignment: FiXs Pilot Project December 14, 2005 David Temoshok Director, Identity Policy and Management GSA Office of Governmentwide Policy.
CS480 Computer Science Seminar Introduction to Microsoft Solutions Framework (MSF)
Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 22 – Internet Authentication.
Mark Estberg, John Howie Senior Directors Microsoft Corporation SESSION CODE: SIA317.
U.S. Department of Agriculture eGovernment Program July 15, 2003 eAuthentication Initiative Pre-Implementation Status eGovernment Program.
Identity Management: A Technical Perspective Richard Cissée DAI-Labor; Technische Universität Berlin
U.S. Department of Agriculture eGovernment Program July 9, 2003 eAuthentication Initiative Update for the eGovernment Working Group eGovernment Program.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
State of e-Authentication in Higher Education August 20, 2004.
E-Authentication in Higher Education April 23, 2007.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
Information Systems, Security, and e-Commerce* ACCT7320, Controllership C. Bailey *Ch in Controllership : The Work of the Managerial Accountant,
Energize Your Workflow! ©2006 Merge eMed. All Rights Reserved User Group Meeting “Energize Your Workflow” May 7-9, Security.
Policy, Standards, Guidelines. NSF draft Article for FATC supplement The awardee is responsible for all information technology (IT) systems security and.
1 PARCC Data Privacy & Security Policy December 2013.
Identity Management and Enterprise Single Sign-On (ESSO)
E-Authentication & Authorization Presentation to the EA2 Task Force March 6, 2007.
Operated by the Southeastern Universities Research Association for the U.S. Depart. Of Energy Thomas Jefferson National Accelerator Facility Mike Memory.
University of Washington Collaboration: Identity and Access Management Lori Stevens University of Washington October 2007.
Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.
Active Directory. Computers in organizations Computers are linked together for communication and sharing of resources There is always a need to administer.
Case Study: Applying Authentication Technologies as Part of a HIPAA Compliance Strategy.
E-Commerce E-Commerce Security?? Instructor: Safaa S.Y. Dalloul E-Business Level Try to be the Best.
Online Security Myths & Challenges HIGHER COLLEGES OF TECHNOLOGY Abeer Nijmeh Account Manager April 14, 2002.
Directory Services CS5493/7493. Directory Services Directory services represent a technological breakthrough by integrating into a single management tool:
Sicherheitsaspekte beim Betrieb von IT-Systemen Christian Leichtfried, BDE Smart Energy IBM Austria December 2011.
THE UNIVERSITY OF GEORGIA Office of the Chief Information Officer Enterprise Information Technology Services Identity Management Brief Presentation to.
Advanced Planning Brief to Industry Jerry L. Davis DAS, Office of Information Security June 9, 2011.
L’Oreal USA RSA Access Manager and Federated Identity Manager Kick-Off Meeting March 21 st, 2011.
Identity and Access Management
Case studies on Authentication, Authorization and Audit in SOA Environments Dr. Srini Kankanahalli.
Identity and Access Management
Data and Applications Security Developments and Directions
Chapter 17 Risks, Security and Disaster Recovery
Module 8: Securing Network Traffic by Using IPSec and Certificates
Proposal to Create IAM Working Group
IS4680 Security Auditing for Compliance
Identity & Access Management
Module 8: Securing Network Traffic by Using IPSec and Certificates
PLANNING A SECURE BASELINE INSTALLATION
Hardware Sizing, Placement, & Capacity Planning
Unit # 1: Overview of the Course Dr. Bhavani Thuraisingham
Presentation transcript:

Best Practices in Enterprise IAM Liza Lowery Massey Montana Government IT Conference December 6, 2007

The Issue More sensitive & confidential data is being stored on-line We are under attack Securing the enterprise is expensive Security procedures can be counter- productive Management understanding & support is lacking

The Solution Assess and manage your risks Know your data Implement an IAM Program  Processes, technologies & policies  Managing digital identities  Controlling how identities grant access

Assess & Manage Risk What is likely to occur? What is the impact if it occurs? What mandates exist? How secure do we need to be? What should we do first? What resources do we have/need?

Know Your Data (classification) Understand applicable state & federal laws Follow best practices Form a cross-organizational team Draft your policy Run it by legal Gain approval Educate the organization

IAM Programs Drivers  Fear  Compliance  Improvement Challenges  Fragmentation  Funding  Balance

IAM Programs Success Factors  Return on Investment  Governance Technical  Areas to Address  Standards  Best Practices

Areas to Address ID administration & provisioning Host based access control Extranet access control Single sign on Biometric/strong authentication Web services access management Mainframe access control Monitoring and auditing

Standards LDAP  Lightweight Directory Access Protocol  Networking protocol for querying and modifying directory services  Running over TCP/IP SAML  Security assurance markup language  XML for IAM over the Web  Critical middleware solution for state and local governments

Best Practices Availability Authentication Integrity Confidentiality Non-repudiation Compliance

Getting Started Establish governance Allocate resources Designate a responsible party Prioritize needs Draft & distribute policies Review & modify business processes Plan a phased implementation Identify & deploy technology

The Next Step Merging physical and logical security  Consolidate responsibility  Example – smart card Electronically identifies a person Serves as a visual badge Grants access to facilities Part of 2 or 3 tier access to IT applications & data

Related Reading I Am Who I Say I AM 

Liza Lowery Massey The CIO Collaborative

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.