• Home

  • Documents

  • Best Practices in Enterprise IAM Liza Lowery Massey Montana Government IT Conference December 6,...
14
Best Practices in Enterprise IAM Liza Lowery Massey Montana Government IT Conference December 6, 2007

Best Practices in Enterprise IAM Liza Lowery Massey Montana Government IT Conference December 6, 2007

Embed Size (px)

Citation preview

Page 1: Best Practices in Enterprise IAM Liza Lowery Massey Montana Government IT Conference December 6, 2007

Best Practices in

Enterprise IAM  

Liza Lowery Massey

Montana Government IT Conference December 6, 2007

Page 2: Best Practices in Enterprise IAM Liza Lowery Massey Montana Government IT Conference December 6, 2007

The Issue

More sensitive & confidential data is being stored on-line

We are under attack Securing the enterprise is expensive Security procedures can be counter-

productive Management understanding & support is

lacking

Page 3: Best Practices in Enterprise IAM Liza Lowery Massey Montana Government IT Conference December 6, 2007

The Solution

Assess and manage your risks Know your data Implement an IAM Program

Processes, technologies & policiesManaging digital identitiesControlling how identities grant access

Page 4: Best Practices in Enterprise IAM Liza Lowery Massey Montana Government IT Conference December 6, 2007

Assess & Manage Risk

What is likely to occur? What is the impact if it occurs? What mandates exist? How secure do we need to be? What should we do first? What resources do we have/need?

Page 5: Best Practices in Enterprise IAM Liza Lowery Massey Montana Government IT Conference December 6, 2007

Know Your Data (classification)

Understand applicable state & federal laws Follow best practices Form a cross-organizational team Draft your policy Run it by legal Gain approval Educate the organization

Page 6: Best Practices in Enterprise IAM Liza Lowery Massey Montana Government IT Conference December 6, 2007

IAM Programs

DriversFearCompliance Improvement

ChallengesFragmentationFundingBalance

Page 7: Best Practices in Enterprise IAM Liza Lowery Massey Montana Government IT Conference December 6, 2007

IAM Programs

Success Factors Return on InvestmentGovernance

TechnicalAreas to AddressStandardsBest Practices

Page 8: Best Practices in Enterprise IAM Liza Lowery Massey Montana Government IT Conference December 6, 2007

Areas to Address

ID administration & provisioning Host based access control Extranet access control Single sign on Biometric/strong authentication Web services access management Mainframe access control Monitoring and auditing

Page 9: Best Practices in Enterprise IAM Liza Lowery Massey Montana Government IT Conference December 6, 2007

Standards

LDAP Lightweight Directory Access Protocol Networking protocol for querying and modifying

directory services Running over TCP/IP

SAML Security assurance markup language XML for IAM over the Web Critical middleware solution for state and local

governments

Page 10: Best Practices in Enterprise IAM Liza Lowery Massey Montana Government IT Conference December 6, 2007

Best Practices

Availability Authentication Integrity Confidentiality Non-repudiation Compliance

Page 11: Best Practices in Enterprise IAM Liza Lowery Massey Montana Government IT Conference December 6, 2007

Getting Started

Establish governance Allocate resources Designate a responsible party Prioritize needs Draft & distribute policies Review & modify business processes Plan a phased implementation Identify & deploy technology

Page 12: Best Practices in Enterprise IAM Liza Lowery Massey Montana Government IT Conference December 6, 2007

The Next Step

Merging physical and logical securityConsolidate responsibilityExample – smart card

Electronically identifies a person Serves as a visual badge Grants access to facilities Part of 2 or 3 tier access to IT applications & data

Page 13: Best Practices in Enterprise IAM Liza Lowery Massey Montana Government IT Conference December 6, 2007

Related Reading

I Am Who I Say I AM http://www.centerdigitalgov.com/publications.php

Page 14: Best Practices in Enterprise IAM Liza Lowery Massey Montana Government IT Conference December 6, 2007

Liza Lowery MasseyThe CIO Collaborative

[email protected]


Liza Kurtz Powerpoint

Liza Kurtz Powerpoint

Business
The ROI of IAM - docs.bankinfosecurity.comdocs.bankinfosecurity.com/files/handbooks/IAM/IAM-eHandbook.pdf · IAM, of course, is a huge issue for financial institutions – not just

The ROI of IAM - docs.bankinfosecurity.comdocs.bankinfosecurity.com/files/handbooks/IAM/IAM-eHandbook.pdf · IAM, of course, is a huge issue for financial institutions – not just

Documents
Brown Lowery Provincial Park - Alberta Parks · Brown Lowery Provincial Park Located approximately 50 km southwest of Calgary, Brown-Lowery is a hidden gem. Access is via Highways

Brown Lowery Provincial Park - Alberta Parks · Brown Lowery Provincial Park Located approximately 50 km southwest of Calgary, Brown-Lowery is a hidden gem. Access is via Highways

Documents
Lowery Training Associates 1 Building a Safe Place - Part 3 Brian Lowery MPA, LSW Lowery Training Associates Cleveland, Ohio E-mail: Brian@LoweryAndAssociates.com

Lowery Training Associates 1 Building a Safe Place - Part 3 Brian Lowery MPA, LSW Lowery Training Associates Cleveland, Ohio E-mail: [email protected]

Documents
Mark Lowery - Introduction to Attacking

Mark Lowery - Introduction to Attacking

Documents
2018 Annual Results - cngascn.comcngascn.com/public/uploads/file/20190326/20190326111323_30310… · P acora D N orth P ayara Liza 2 Liza 1 Liza 4 Liza 3 Pay -1 Pay -2 Liza 5 Pacora

2018 Annual Results - cngascn.comcngascn.com/public/uploads/file/20190326/20190326111323_30310… · P acora D N orth P ayara Liza 2 Liza 1 Liza 4 Liza 3 Pay -1 Pay -2 Liza 5 Pacora

Documents
TA Lowery-20190529113643

TA Lowery-20190529113643

Documents
J lowery enterprise resource planning

J lowery enterprise resource planning

Technology
IAM Full Control Document v01 - IAM RoadSmart

IAM Full Control Document v01 - IAM RoadSmart

Documents
Lowery picture edit

Lowery picture edit

Entertainment & Humor
Liza Makowski, Ph.D., M.M. PERSONAL · 08/06/2015  · Curriculum Vitae Last Modified on 7/1/2015 CV Liza Makowski 1 Liza Makowski, Ph.D., M.M. PERSONAL Publication Name: Liza Makowski

Liza Makowski, Ph.D., M.M. PERSONAL · 08/06/2015  · Curriculum Vitae Last Modified on 7/1/2015 CV Liza Makowski 1 Liza Makowski, Ph.D., M.M. PERSONAL Publication Name: Liza Makowski

Documents
Spotify vs Lowery

Spotify vs Lowery

Documents
Accomplishments liza delgado

Accomplishments liza delgado

Business
Lowery v. Spotify complaint.pdf

Lowery v. Spotify complaint.pdf

Documents
Spotify vs. Lowery (Motion to Strike)

Spotify vs. Lowery (Motion to Strike)

Documents
Liza Kleinman SUFFIXES, & ROOTS PREFIXES, SUFFIXES, & ROOTS · PREFIXES, SUFFIXES, & ROOTS Liza Kleinman PREFIXES, SUFFIXES, & ROOTS Liza Kleinman

Liza Kleinman SUFFIXES, & ROOTS PREFIXES, SUFFIXES, & ROOTS · PREFIXES, SUFFIXES, & ROOTS Liza Kleinman PREFIXES, SUFFIXES, & ROOTS Liza Kleinman

Documents
Lowery Training Associates 1 Introduction to Childhood Trauma – Part 2 Brian Lowery MPA, LSW Lowery Training Associates Cleveland, Ohio E-mail: Brian@LoweryAndAssociates.com

Lowery Training Associates 1 Introduction to Childhood Trauma – Part 2 Brian Lowery MPA, LSW Lowery Training Associates Cleveland, Ohio E-mail: [email protected]

Documents
Liza Report

Liza Report

Documents
Pneumonia Liza

Pneumonia Liza

Health & Medicine
David Lowery Lawsuit vs. Spotify

David Lowery Lawsuit vs. Spotify

Documents
The Value of IT Governance Liza Lowery Massey Montana Government IT Conference December 6, 2007

The Value of IT Governance Liza Lowery Massey Montana Government IT Conference December 6, 2007

Documents
Lowery contact sheet l

Lowery contact sheet l

Documents
Crim Pro PreTrial Spring 2010 Lowery

Crim Pro PreTrial Spring 2010 Lowery

Documents
Lowery denise4.4

Lowery denise4.4

Career
INTERMOT - aADVANCED - MOTORS IAM SERIES H6 MODEL · pag. 88 IAM rev. 00 TECHNICAL DATA H6 MODEL IAM 2200 H6 IAM 2500 H6 IAM 2800 H6 IAM 3000 H6 IAM 3200 H6 IAM 3500 H6 Displacement

INTERMOT - aADVANCED - MOTORS IAM SERIES H6 MODEL · pag. 88 IAM rev. 00 TECHNICAL DATA H6 MODEL IAM 2200 H6 IAM 2500 H6 IAM 2800 H6 IAM 3000 H6 IAM 3200 H6 IAM 3500 H6 Displacement

Documents
Samsung SDS IAM & EMM SDS IAM & EM… · IAM & EMM application to authenticate with Samsung SDS IAM & EMM Mobile Authenticator—see “Using the Samsung SDS IAM & EMM application

Samsung SDS IAM & EMM SDS IAM & EM… · IAM & EMM application to authenticate with Samsung SDS IAM & EMM Mobile Authenticator—see “Using the Samsung SDS IAM & EMM application

Documents
Karen Diane Loweryassets.luginbuel.com/persons/L/Lowery/karen-diane-lowery... · 2010. 2. 28. · Karen Diane Lowery 51 a resident of Prairie Grove, Arkansas, passed away February

Karen Diane Loweryassets.luginbuel.com/persons/L/Lowery/karen-diane-lowery... · 2010. 2. 28. · Karen Diane Lowery 51 a resident of Prairie Grove, Arkansas, passed away February

Documents
Liza Fireman Tutorial #3 Summer 2005. Liza Fireman Keywords whilevolatilevoidunsigned uniontypedefswitchstruct staticsizeofsignedshort returnregisterLongint

Liza Fireman Tutorial #3 Summer 2005. Liza Fireman Keywords whilevolatilevoidunsigned uniontypedefswitchstruct staticsizeofsignedshort returnregisterLongint

Documents
Lowery v. Spotify - notice of motion.pdf

Lowery v. Spotify - notice of motion.pdf

Documents
Liza ILLÉS

Liza ILLÉS

Documents