CIS13: How to Build a Federated Identity Service on Identity and Context Virtualization
Build an identity security services plan
1
The IT Challenge Step 1 IDENTIFY USERS AND WHAT THEY CAN ACCESS Optimize identity security through understanding the who, what, and how of identity management. Key Outcomes of Completing this Project Ideal Users of this Research KNOW YOUR USERS KNOW THEIR ACCESS OPTIMIZE AND IMPROVE YOUR IDENTITY MANAGEMENT PROCESSES TO CUT COSTS Increased visibility through data collection will help the organization notice potential problems, such as redundancies, user groups that are now defunct, and other areas where clean-up needs to be made and risks addressed. SECURE YOUR WEAKEST LINKS: YOUR USERS Build an Identity Security Services Plan YOU SHOULD CARE ABOUT YOUR USERS — IT WILL COST YOU IF YOU DON’T. Organizations with an upcoming audit that have not reviewed their user groups in over a year. Organizations that have experienced data theft due to a disgruntled former employee. IT departments faced with a high volume of help desk tickets due to provisioning/deprovisioning, password administration, etc. Applications or infrastructure managers dealing with manual provisioning/deprovisioning processes that take too long and disrupt employee productivity. Identify your users and what they can access. Identify ways to optimize your current identity management processes. Identify gaps in your identity management strategy. Create a roadmap of the priority controls you can implement to address those gaps. Determine whether their levels of access are appropriate. You cannot begin to manage in an information vacuum; make the process manageable by working in chunks. Choose your top five applications/systems and work through those first so you are addressing the most critical areas. Establishing a process you can re-execute and allows you to understand who your users are will make this time-consuming process easier to pursue each year. Decrease your overall help desk ticket volume and spending. URGENT It’s more than likely you are not fully aware of whether all your users have the appropriate levels of access for their particular roles – this creates serious risk. Now-defunct accounts, users with too much access, and other access-related issues can create increased help desk costs and headaches down the line. Automating the provisioning/deprovisioning process, and looking into self-service for password changes will dramatically cut down on help desk ticket costs and time spent on fighting these fires. 1 ? ? ? Your organization will have some identity management processes in place – the key is to optimize those processes before looking at new spending. Step 2 PREPARE TO AUDIT USER ACCESS APPROPRIATENESS Conducting a full-blown audit saves you headaches later. Put in the effort and reap the long-term rewards. Identifying incorrect access first in your high priority levels paves the way to tackle the other areas. It further reinforces the insight of this entire project by demonstrating there are key problems organizations are missing by not pursuing identity management. Step 3 IDENTIFY CURRENT IDENTITY MANAGEMENT PRACTICES Current process assessment and optimization is a valuable step and a cheaper one relative to overhauling your infrastructure or buying a new piece of software. Step 4 CREATE YOUR IMPLEMENTATION ROADMAP Organizations may have a preconceived notion of what they need to undertake to properly manage their identities. After reviewing what your organization currently does, and finding successful tactics within that, you can now focus on additional layers. Organizations are too busy looking outwards for threats, neglecting to address the key internal threats that their users’ identities can pose. Identity management is not just a backburner project to dig up whenever an audit is looming. It’s critical to your overall security plan. Start this project today by calling 1-877-876-3322 Use our Build an Identity Security Services Plan Best Practice Toolkit Includes: 116 Do-It-Yourself Project Slides IAM Controls Analysis Tool IAM Policy Source: http://www.infotech.com/research/ss/build-an-identity-security-services-plan Guided Implementations: User Access Appropriateness Assessment Checklist Determine application sensitivity, and key user and data groups Prepare for user access appropriateness assessment www.infotech.com 1-877-876-3322 Plus: Onsite workshops available Assess current process and identify gaps Create identity management implementation roadmap www.infotech.com 1-877-876-3322
-
Upload
jason-goncalves -
Category
Technology
-
view
116 -
download
0
description
Secure your weakest links: your users. Learn more at http://bit.ly/IdentitySSP.
Transcript of Build an identity security services plan
The IT Challenge
Step 1IDENTIFY USERSAND WHAT THEY
CAN ACCESS
Optimize identity security through understanding the who, what,
and how of identity management.
Key Outcomes of Completing this Project
Ideal Users of this Research
KNOW YOUR USERS
KNOW THEIR ACCESS
OPTIMIZE AND IMPROVE YOUR IDENTITY MANAGEMENT PROCESSES TO CUT COSTS
Increased visibility through data collection will help the organization notice potential problems, such as redundancies, user groups that are now defunct, and other areas where clean-up needs
to be made and risks addressed.
SECURE YOUR WEAKEST LINKS: YOUR USERS
Build an IdentitySecurity Services Plan
YOU SHOULD CARE ABOUT YOUR USERS — IT WILL COST YOU IF YOU DON’T.
Organizations with an upcoming audit that have not reviewed their user groups in over a year.
Organizations that have experienced data theft due to a disgruntled former employee.
IT departments faced with a high volume of help desk tickets due to provisioning/deprovisioning,
password administration, etc.
Applications or infrastructure managers dealing with manual provisioning/deprovisioning processes that
take too long and disrupt employee productivity.
Identify your users and what they can access.
Identify ways to optimize your current identity
management processes.
Identify gaps in your identity management strategy.
Create a roadmap of the priority controls you can implement to
address those gaps.
Determine whether their levels of access are appropriate.
You cannot begin to manage in an information vacuum;
make the process manageable by working in chunks.
Choose your top five applications/systems and work through those first so you are
addressing the most critical areas.
Establishing a process you can re-execute and allows
you to understand who your users are will make this
time-consuming process easier to pursue each year.
Decrease your overall help desk ticket volume and spending.
URGENT
It’s more than likely you are not fully aware of whether all your users have the appropriate levels of access for their particular roles –
this creates serious risk.
Now-defunct accounts, users with too much access, and other access-related issues can
create increased help desk costs andheadaches down the line.
Automating the provisioning/deprovisioning process, and looking into self-service for password changes will dramatically cut down on help desk ticket costs and time
spent on fighting these fires.
1
? ? ?
Your organization will have some identity management processes in place – the key
is to optimize those processes before looking at new spending.
Step 2PREPARE TO AUDIT
USER ACCESSAPPROPRIATENESS
Conducting a full-blown audit saves you headaches later. Put in the effort and reap the
long-term rewards. Identifying incorrect access first in your high priority levels paves the way to tackle the other areas. It further reinforces the insight of this entire project by demonstrating
there are key problems organizations are missing by not pursuing identity management.
Step 3IDENTIFY CURRENT
IDENTITY MANAGEMENT PRACTICES
Current process assessment and optimization is a valuable step and a cheaper one relative to overhauling your infrastructure or buying a new
piece of software.
Step 4CREATE YOUR
IMPLEMENTATION ROADMAP
Organizations may have a preconceived notion of what they need to undertake to properly
manage their identities. After reviewing what your organization currently does, and finding successful tactics within that, you can now
focus on additional layers.
Organizations are too busy looking outwards for threats, neglecting to address the key internal
threats that their users’ identities can pose.
Identity management is not just a backburner project to dig up whenever an audit is looming.
It’s critical to your overall security plan.
Start this project today by calling 1-877-876-3322Use our Build an Identity Security Services Plan
Best Practice Toolkit Includes:
116 Do-It-Yourself Project Slides
IAM Controls Analysis Tool
IAM Policy
Source: http://www.infotech.com/research/ss/build-an-identity-security-services-plan
Guided Implementations:
User Access Appropriateness Assessment Checklist
Determine application sensitivity, and key user and data groups
Prepare for user access appropriateness assessment
www.infotech.com1-877-876-3322
Plus: Onsite workshops available
Assess current process and identify gaps
Create identity management implementation roadmap
www.infotech.com1-877-876-3322
