Presentation is loading. Please wait.

Presentation is loading. Please wait.

© 2014 The MITRE Corporation. All rights Reserved. Roger Westman Principal Information Security Engineer September 29, 2014 Authorization.

Published byBryan Dickerson Modified over 8 years ago

Similar presentations

Presentation on theme: "© 2014 The MITRE Corporation. All rights Reserved. Roger Westman Principal Information Security Engineer September 29, 2014 Authorization."— Presentation transcript:

1 © 2014 The MITRE Corporation. All rights Reserved. Roger Westman Principal Information Security Engineer rwestman@mitre.org September 29, 2014 Authorization in Action Approved for Public Release; Distribution Unlimited 14-3233 The views, opinions and/or findings contained in this presentation are those of The MITRE Corporation and should not be construed as an official Government position, policy, or decision, unless designated by other documentation.

2 © 2014 The MITRE Corporation. All rights Reserved. Purpose and Constraints ■Purpose –Provide lessons learned from our experience ■Constraints –This presentation reflects our operational experience –Your environment may have different or additional needs 2

3 © 2014 The MITRE Corporation. All rights Reserved. Evolution of Identity and Access Management (Our Viewpoint) 3

4 © 2014 The MITRE Corporation. All rights Reserved. High Level Logical Architecture 4

5 © 2014 The MITRE Corporation. All rights Reserved. Need Improved Technical Capabilities and Cultural Evolution ■Content Aware, Context Aware, and Risk Aware Decisions are intertwined ■Risk Adaptive Access Control (RAdAC) is a good starting point See NIST for more details ■A Key Challenge: Formal but agile organization governance for lifecycle management for business based and IT implemented decision logic –It’s an organizational governance challenge, more complex than the IT governance challenge –Example policy: Allow user U to access (i.e., view but not download or modify) ■If it is Data Y (but not Y1) from device A (but not A1) when the user is operating from environment B1 over network C (but not CX) when conditions 1 … N are satisfied ■Deny any user access even if above is true when in business operational mode M1 ■Allow access for user U7 even if above is false when in business operational mode M0, M2, … MN 5

6 © 2014 The MITRE Corporation. All rights Reserved. Best Practices ■Partner with your internal stakeholders –It is a team sport ■Know your –Stakeholders’ expectations and organizational culture –Set of business access control policies –Set of attributes/entitlements –Business and Technical dependencies –Normal, level of degradation, and fail safes modes of operation ■Standardize and harmonize where practical –Understanding, adopting, and/or developing the right standards and specifications –Loose coupling, high internal cohesion are key principles ■One size does not fit all ■Enjoy the journey because it never ends! 6

7 © 2014 The MITRE Corporation. All rights Reserved. Contact Information and Questions ■Roger Westman –rwestman@mitre.org 7 ?

Download ppt "© 2014 The MITRE Corporation. All rights Reserved. Roger Westman Principal Information Security Engineer September 29, 2014 Authorization."

Similar presentations

Connected Health Framework

Connected Health Framework
Rational Unified Process®

Rational Unified Process®
Institute for Cyber Security

Institute for Cyber Security
ONS Research Data Access Strategy AGENDA Background and context Confidentiality The Strategy.

ONS Research Data Access Strategy AGENDA Background and context Confidentiality The Strategy.
Building an Operational Enterprise Architecture and Service Oriented Architecture Best Practices Presented by: Ajay Budhraja Copyright 2006 Ajay Budhraja,

Building an Operational Enterprise Architecture and Service Oriented Architecture Best Practices Presented by: Ajay Budhraja Copyright 2006 Ajay Budhraja,
Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch

Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch
Systems Engineering in a System of Systems Context

Systems Engineering in a System of Systems Context
© 2010 The MITRE Corporation. All rights reserved. SWIM Architecture Alternatives Duncan Thomson 6 May 2010 The contents of this material reflect the views.

© 2010 The MITRE Corporation. All rights reserved. SWIM Architecture Alternatives Duncan Thomson 6 May 2010 The contents of this material reflect the views.
1 For System Administrators INFORMATION INFORMATION SYSTEM SECURITY INFORMATION INFORMATION SYSTEM SECURITY.

1 For System Administrators INFORMATION INFORMATION SYSTEM SECURITY INFORMATION INFORMATION SYSTEM SECURITY.
© 2009 The MITRE Corporation. All rights Reserved. April 28, 2009 MITRE Public Release Statement Case Number 09-017 Norman F. Brickman, Roger.

© 2009 The MITRE Corporation. All rights Reserved. April 28, 2009 MITRE Public Release Statement Case Number Norman F. Brickman, Roger.
© Siemens AG 2001 Software & Systems Architectures - Mobile Computing Proposed Research Topics Cooperation between Siemens and UCB March 27, 2001 Visit.

© Siemens AG 2001 Software & Systems Architectures - Mobile Computing Proposed Research Topics Cooperation between Siemens and UCB March 27, 2001 Visit.
Chapter 6 Database Design

Chapter 6 Database Design
Analysis Stage (Phase I) The goal: understanding the customer's requirements for a software system. n involves technical staff working with customers n.

Analysis Stage (Phase I) The goal: understanding the customer's requirements for a software system. n involves technical staff working with customers n.
MSIS 110: Introduction to Computers; Instructor: S. Mathiyalakan1 Systems Design, Implementation, Maintenance, and Review Chapter 13.

MSIS 110: Introduction to Computers; Instructor: S. Mathiyalakan1 Systems Design, Implementation, Maintenance, and Review Chapter 13.
Fit for Purpose Governance in the NHS A National Inquiry “The effective spread of innovation is determined more by inter-personal and inter-organisational.

Fit for Purpose Governance in the NHS A National Inquiry “The effective spread of innovation is determined more by inter-personal and inter-organisational.
Document Number Here © 2006 The MITRE Corporation. All rights reserved. Holds and Diversions June 22, 2004.

Document Number Here © 2006 The MITRE Corporation. All rights reserved. Holds and Diversions June 22, 2004.
© 2007 The MITRE Corporation. All rights reserved Approved for Public Release; Distribution Unlimited 07-1134 Potential New Ideas from Complexity Science.

© 2007 The MITRE Corporation. All rights reserved Approved for Public Release; Distribution Unlimited Potential New Ideas from Complexity Science.
1 SOFTWARE QUALITY ASSURANCE Basic Principles. 2 Requirements System Design Detailed Design Implementation Installation & Testing Maintenance SW Quality:

1 SOFTWARE QUALITY ASSURANCE Basic Principles. 2 Requirements System Design Detailed Design Implementation Installation & Testing Maintenance SW Quality:
ITIL as a Standard for Service Process Management Tavipark Sreesurichan.

ITIL as a Standard for Service Process Management Tavipark Sreesurichan.
© 2014 The MITRE Corporation. All rights reserved. SEDC 2014 April 4, 2014 Nadya Subowo Towards Agile Systems Engineering for the National Airspace System.

© 2014 The MITRE Corporation. All rights reserved. SEDC 2014 April 4, 2014 Nadya Subowo Towards Agile Systems Engineering for the National Airspace System.

Similar presentations

Ads by Google