Protecting the Data: Best Practices in Enterprise Identity Management - PowerPoint PPT Presentation

1 / 14
About This Presentation
Title:

Protecting the Data: Best Practices in Enterprise Identity Management

Description:

Follow best practices. Form a cross-organizational team. Draft ... Best Practices. Areas to Address. ID administration & provisioning. Host based access control ... – PowerPoint PPT presentation

Number of Views:45
Avg rating:3.0/5.0
Slides: 15
Provided by: lizalowe
Category:

less

Transcript and Presenter's Notes

Title: Protecting the Data: Best Practices in Enterprise Identity Management


1
Protecting the Data Best Practices in Enterprise
Identity Management   
  • Liza Lowery Massey
  • City and County Technology Summit
  • March 13, 2007

2
The Issue
  • More sensitive confidential data is being
    stored on-line
  • We are under attack
  • Securing the enterprise is expensive
  • Security procedures can be counter-productive
  • Management understanding support is lacking

3
The Solution
  • Assess and manage your risks
  • Know your data
  • Implement an IAM Program
  • Processes, technologies policies
  • Managing digital identities
  • Controlling how identities grant access

4
Assess Manage Risk
  • What is likely to occur?
  • What is the impact if it occurs?
  • What mandates exist?
  • How secure do we need to be?
  • What should we do first?
  • What resources do we have/need?

5
Know Your Data (classification)
  • Understand applicable state federal laws
  • Follow best practices
  • Form a cross-organizational team
  • Draft your policy
  • Run it by legal
  • Gain approval
  • Educate the organization

6
IAM Programs
  • Drivers
  • Fear
  • Compliance
  • Improvement
  • Challenges
  • Fragmentation
  • Funding
  • Balance

7
IAM Programs
  • Success Factors
  • Return on Investment
  • Governance
  • Technical
  • Areas to Address
  • Standards
  • Best Practices

8
Areas to Address
  • ID administration provisioning
  • Host based access control
  • Extranet access control
  • Single sign on
  • Biometric/strong authentication
  • Web services access management
  • Mainframe access control
  • Monitoring and auditing

9
Standards
  • LDAP
  • Lightweight Directory Access Protocol
  • Networking protocol for querying and modifying
    directory services
  • Running over TCP/IP
  • SAML
  • Security assurance markup language
  • XML for IAM over the Web
  • Critical middleware solution for state and local
    governments

10
Best Practices
  • Availability
  • Authentication
  • Integrity
  • Confidentiality
  • Non-repudiation
  • Compliance

11
Getting Started
  • Establish governance
  • Allocate resources
  • Designate a responsible party
  • Prioritize needs
  • Draft distribute policies
  • Review modify business processes
  • Plan a phased implementation
  • Identify deploy technology

12
The Next Step
  • Merging physical and logical security
  • Consolidate responsibility
  • Example smart card
  • Electronically identifies a person
  • Serves as a visual badge
  • Grants access to facilities
  • Part of 2 or 3 tier access to IT applications
    data

13
Related Reading
  • I Am Who I Say I AM
  • http//www.centerdigitalgov.com/publications.php

14
Liza Lowery MasseyThe CIO Collaborative
  • liza_at_ciocollaborative.com
  • www.ciocollaborative.com
  • 702-743-4634
Write a Comment
User Comments (0)
About PowerShow.com