Identity and Access Management Blueprint · 2018-11-20 · 1. Identity and Access Management (IAM) blueprint 2. Work packages summary 3. Identity life-cycle layer work packages (extract)

November 14, 2018© 2018 DXC Technology CompanyThe underlying methodologies and information are confidential and proprietary information of DXC Technology Company

Identity and Access Management BlueprintCyber Reference Architecture (CRA)Version 2.1DXC Security

For further information, please contact [email protected]

mailto:[email protected]

November 14, 2018© 2018 DXC Technology CompanyThe underlying methodologies and information are confidential and proprietary information of DXC Technology Company

1. Identity and Access Management (IAM) blueprint

2. Work packages summary

3. Identity life-cycle layer work packages (extract)

4. Authentication layer work packages (extract)

5. Authorization layer work packages (extract)

6. Appendix

Table of contents

November 14, 2018 3© 2018 DXC Technology CompanyThe underlying methodologies and information are confidential and proprietary information of DXC Technology Company

1. Identity and Access Management (IAM) blueprint


Physical Security (PS)

Cyber Defense (CD)

Infrastructure & Endpoint

Security (IES)Applications Security (AS)

Data Protection &

Privacy (DPP)

Converged Security (CS)

Resilient Workforce (RW)

Security Orchestration (SO)

Strategy,Leadership

& Governance(SLG)

Risk & ComplianceManagement (RCM)

Security ResilientArchitecture (SRA)

- IAM Layers - Related CRA Layers

Authorization Layer

Authentication Layer

Cyber Defense & Orchestration Layer

Strategic Layer

Identity Lifecycle

LayerProvisioning

De-Provisioning

Business drivers, Policy &

Directions

HR Identity Records & Job Role Definition

Policy Enforcement

Actionable Sec & Threat Intelligence

Report & Evidence collection

Metrics & Events

Real Time Monitoring &Remediation

Policy

Identity & Access

Management (IAM)

Layers


Layers


Cyber Defense (CD)



Data Protection &

Privacy (DPP)




Strategy,Leadership

& Governance(SLG)

Risk & ComplianceManagement (RCM)

Security ResilientArchitecture (SRA)

- IAM Layers - Related CRA Layers



Provisioning De-Provisioning

Policy


Directions


Policy Enforcement

Metrics & Events


Strategic Layer



Authorization LayerIdentity Lifecycle Layer

Audit Management &

Certification

Empowered Workforce

Legal, Regulatory &

Privacy Compliance

Identity & Account

Management

Security Monitoring

Security Analytics

Security Operations

Management

Authentication Management

Access Management

Privileged Account

Management

Identity & Access

Management (IAM)


Subdomains and capabilitiesIAM.1 IAM.2 IAM.3 IAM.4

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

Identity & Account Management Access ManagementAuthentication

ManagementPrivileged Account

Management

Claims-based Authentication

Credential-based Authentication

Multi-Factor Authentication

Credential Provisioning

Single Sign-On

Credential Reset & Renewal

Strong Authentication

Authentication Policy Enforcement

Object Access Control List

Group-based Access Control

Access Approval

Role-based Access Control

Access Provisioning & De-provisioning

Attribute-based Access Control

Adaptive Access Control

Access Reconciliation

Access Certification

Access Policy Enforcement

Access Removal

Access Monitoring & Auditing

Web and API Access Management

Delegation

Access Reporting

Non-Personal Account Lifecycle

Management

Privileged Session Management

Password Vaulting

Traceability & Accountability

Privileged Account Reporting

Privileged Account Reconciliation

Privileged Account Revalidation

Identity Feed

Identity Directories

Account Removal

Account Provisioning & De-provisioning

Federated Identity Management

Account Reconciliation & Consolidation

Account Revalidation

Account Monitoring & Auditing

Account Reporting


Layers: Summary

Blueprint Layer

StrategicLayer

Cyber Defense &Orchestration Layer

IdentityLife-Cycle Layer

AuthenticationLayer

AuthorizationLayer

Description

Establishes the requisite security policy to manage and govern identity and access-based risk and compliance within the enterprise

Delivers an integrated Security Operations Center(SOC) environment that incorporates data feeds and operational controls from IAM solutions

Provides the ability to centrally manage, report and govern identities and provision their access into the environment

Provides the ability for resources to utilize the appropriate mechanisms to prove identity prior to accessing systems

Provides the ability for resources to access systems based on role and entitlements as well as generate security event data used to identify threats

Examples of typical issues

Inability to view ‘”big picture” without assembling manual reports. No understanding of who has access to what or ability to prove access is controlled. Access requests are not immediately checked against security policies before they are approved.

Lack of monitoring and traceability of privileged accounts that directly affect the enterprise ability to take action in the event of security incident.No user behavior analysis.

Manual IAM workflows and processes, such as access requests and provisioning.Lack of visibility and governance of identities and access, which results in risk.

User or customer experience while authenticating to systems.Inadequate level of authentication for privileged identities or accounts.

Inconsistent access control and segregation of dutiesControl of privileged access to systems


Strategic layer StrategicLayer

Cyber Defense andOrchestration

Layer

Identity Life-Cycle

Layer

AuthenticationLayer

AuthorizationLayer

Supporting background informationThe purpose of the strategic layer is to provide alignment of the IAM domain to organizational goals to support business enablement. It should also define roles and responsibilities of the key stakeholders. To achieve this you should:• Ensure that objectives are achieved by:

– assessing the current policies, standards and procedures– providing a strategy and roadmap to meet compliance requirements– ensuring proper metrics, KPIs and reporting are developed and implemented

• Ensure proper leadership and alignment is in place to provide direction to and ownership of the IAM program and/or solution

• Ensure standards and policies used to create, validate, update and communicate policies are used to implement an IAM program and/or solution

• Ensure processes and procedures align with rules governing various aspects of the IAM program and/or solution during development and operation

• Ensure that compliance with policy is assessed, gaps are identified and remediation efforts are detailed in order to comply with law, regulatory, privacy and industry requirements

• Ensure employees get regular awareness training around identity and access best practices

• Proper deployment of an IAM solution including the strategy and governance layer will be in line with corporate security strategy

• Controls who, when, why and what someone has access to within the enterprise and only have access to what is needed

• Proper reporting, control and auditability throughout the enterprise as it pertains to access and who can access what

Benefits of investing

Map security objectives with risk profile of business to help direct and inform security investment and decision making

• Lack of clear reporting and understanding at the enterprise of the current access and who has the ability to access restricted applications/systems/databases

• Without proper leadership and alignment there will be no control around who gets access to what causing a “Material Weakness” during any auditing and compliance reviews

• Improper processes and procedures along with improper implementation of an IAM program and/or solution will cause unrestricted access to enterprise

• Lack of unified metrics, KPIs and reporting can be seen as a negative influence on key business objectives, key measures (revenue, profit, etc.) as well as brand reputation

Risks of NOT investing


Cyber defense andorchestration layer

StrategicLayer


Layer

Identity Life-Cycle

Layer

AuthenticationLayer

AuthorizationLayer

Supporting background informationIntegrate operational security management processes with service management processes and business processes for effective attack responseDefinition, ownership, deployment and execution of security delivery processes and consolidated and architecturally well-designed SOC processes and procedures.Collection, reporting and review of security key performance indicators to support compliance and audit programs as well as to measure, communicate and improve security performance, maturity and efficiency of security processes.Assignment of properly skilled resources to support operational security processes.Integration between security processes and Incident & Change Management processes and ticketing system to support requests for change and investigative or remediation activities.Establish a baseline of normal behavior, identify which CMDB information can be integrated, and align with critical assets definitionIntegrated asset management and analytics for behavior analysis for prioritization of response to threats and incidents.Identify, source and integrate internal and external threat intelligenceThreat sources vary greatly and the advanced nature of attacks increases the likelihood of exploitation. Threat intelligence helps prioritize resources to address the most significant threats.Provide a digital Investigation & forensics service, active hunting and threat actor profiling capabilitiesThe aim is to pull together the available data and translate it into actionable security intelligence, to provide an active hunting capability to proactively identify advanced threat actors already in place, and finally to allow accurate threat actor profiling to prioritize activities to efficiently respond to the incident and conduct remediation exercise.

• Integrated SOC function across all localizations providing the most efficient functional and cost model

• Awareness of all assets on the network, allowing for risk assessment and application of appropriate controls and monitoring, as well as better business continuity management

• Identification and understanding of threats and risks relevant to the enterprise• Prioritization and proportional response to threats, vulnerabilities and incidents• Threat intelligence driven pre-emptive actions and service support reducing the impact of

emerging threats• Security data turning into actionable security intelligence that can be utilized to protect the

business


Detect and respond to security incidents, operate security capabilities and manage vulnerabilities

• Security working in silos with increased risk of inappropriate and/or incomplete security response to threats, vulnerabilities and incidents

• Inability to understand and respond to current and emerging threats, advanced threats and risks

• Unknown assets not being monitored or protected thus providing weak points of entry into the network

• Lack of investment in intelligence-driven threat assessments and inability to closely observe the emerging threats reducing the ability to conduct business in the new markets



Identity life-cycle layer StrategicLayer


Layer

Identity Life-Cycle

Layer

AuthenticationLayer

AuthorizationLayer

Supporting background informationThe purpose of the identity life-cycle layer is to provide a manage a corporate identity store for storing, structuring, organizing and managing identity information that is used to manage accounts and authorizations. Common identity management issues include:• Practice of nonstandard identity life-cycle workflows across localization resulting the

creation of unauthorized accounts, uncorrelated and orphaned user accounts provisioned on disparate end point systems throughout the enterprise. This practice impedes life-cycle management of user accounts in efficient consist manner

• De-centralized ad hoc manual identity creation processes decreases accountability, auditability and compliance, increases fulfillment time and human error, leading to a loss of confidence. In the worst case this can manifest itself into the creation/development of noncompliant accounts that could be used by malicious attackers

• Lack of centralized and controlled identity life-cycle management results in complex and expensive integration with third parties such as cloud provider

• Inability to view “big picture” without assembling manual reports. No understanding of who has access to what or ability to prove access is controlled. Manual audit reporting processes require a significant number of resources and time to prepare. Fraught with errors and highly scrutinized by auditors

• No consistent policy enforcement or business rules applied to users and access privileges. Manual processes are both time consuming and costly

Improved risk posture and user satisfaction by:• Standardization of user account creation and the approval process for employees, vendors,

contractors (subcontractors) and service accounts, enabling the user account correlation and end-to-end life-cycle management

• Automated enforcement of password policies across localization ensuring all accounts conform to policies

• Automating Onboarding/Off boarding requests — completed in a timely manner inclusive of set workflows and approval requirements

• Audit and reporting on state of inactive/dormant accounts, accounts frequently lock or disabled account demonstrates audit compliance

• Policy enforcement consistently and ability to view ‘big picture’ without assembling manual reports


Establish a centralized system to manage and control identities and associated accounts

• Ad hoc and nonstandard identity creation processes simplifies and decrease the time a hacker needs to breach a signal identity to gain undetected access to sensitive assets

• Daily new hacking tools are being developed and sold on the internet, enabling low skilled hackers now to infiltrate and steal sensitive information, each day the risk level slowly climbs as exploitation methods/tools become inexpensive and more available

• Multiple orphaned accounts (particularly service accounts) that may be active resulting in fraudulent access



Authentication layer StrategicLayer


Layer

Identity Life-Cycle

Layer

AuthenticationLayer

AuthorizationLayer

Supporting background information• Robust authentication helps organizations comply with regulations mandating data privacy

and protection which effectively save costs• Authentication layer reduces security vulnerabilities to gain a widespread digital presence,

reputation and positive brand image • Users can easily adopt strong and multi-factors authentication solution. This helps

organizations attract security-conscious customers and increase sales• Strong and MFA provides users with needed access to necessary business data and

applications from anywhere, increase productivity by significantly reducing the time spent on password administration and maintenance

• Provide a single consistent method of signing into corporate applications and simplify access to cloud-based applications


Implement appropriate mechanisms to prove identity prior to accessing corporate information assets

• Ad hoc and nonstandard password controls, simplifies and decrease the time a hacker needs to breach a signal Identity to gain undetected access to sensitive assets

• Lack of investment in strong authentication will cause brand value damage, dissatisfied customers and loss of market share

• Without robust authentication organizations may not be able to comply with regulations mandating data privacy and user protection which will significantly increase operating cost

• Increased number of Help Desk Calls — Password Management• Policy violations, i.e., shared passwords


Key issues driving the need for strong authentication service:• Inconsistent implementation and enforcement of password policy controls result in

accounts that have weak passwords, allow password reuse, nonexpiring passwords, no automated account expiration for inactive account, do not lock or disable accounts after to many authentication attempts. Account passwords are targeted daily by hackers, breaching one account can lead unlimited rewards for the hacker

• Rapid growth of the mobile workforce, cloud-based applications offer greater flexibility, but also create new challenges for organizations

• Meeting the traditional challenges like enterprise integration, protecting against data breaches and complying with regulations are now combined with new challenge such as providing users with simple, yet secure access from anywhere to applications that could reside anywhere

• Changing working environment demands remote access to data and applications which poses huge security risks to organizations

• Organizations need managed services that combines strong multifactor authentication (MFA), industry-leading integration, and authentication options to meet varied customer needs

• Authentication options, whether they conform to the traditional MFA model of dynamic security codes or new models such as biometrics, must enable enterprises to select what is right for its users, devices, and applications


Authorization layer StrategicLayer


Layer

Identity Life-Cycle

Layer

AuthenticationLayer

AuthorizationLayer

Supporting background informationImproved risk posture and user satisfaction by:• Automating Onboarding/off boarding access requests — completed in a timely manner

inclusive of set workflows, role access and approval requirements• Scheduling and performing access certifications, including ongoing periodic access reviews

and account/asset clean-up improving compliance requirements• Streamlining and documenting processes to demonstrate adherence with regulations and

standards• Improving maintenance and monitoring of privileged access, performing reviews to

remediate issues • Eliminating segregation of duties and “cloning” issues by implementing the RBAC life cycle

of building, reviewing, correlating and maintaining access rights and entitlements


Access management strategies resulting in meeting enterprise security challenges and appropriate levels of access

Lack of enforcement or weakly defined controls resulting in overall security risks both internal and external:• Noncompliance; limited auditing; limited accountability, too many privileged users • Over-privileged accounts not tracked properly resulting in data loss or theft; account access

“creep”• Access requests not immediately checked against security policies before they are

approved


Access management is a control that can improve security by centralizing access decisions -subscribing to a common set of policies, creating and enforcing standards and procedures for provisioning and managing users. Secondly, by identifying the most critical applications and systems and by deploying the tools to discover what permissions exist for current and previous employees will enable most enterprises to utilize a risk-based approach of access management.Most government and industry-specific standards (e.g. SOX, HIPPA, GLBA, NIST, PCI, etc.) can be used to map processes and establish appropriate policy. Some organizations struggle in areas such as:• Lack of documentation• Visibility into orphaned accounts or unused accounts• Audit and compliance issues — no reporting or ad hoc reporting is used• No scheduled attestation or periodic access reviews • Third party access policy not documented or enforced if existing• Privileged Access Management controls not in place or enforced if existing• Manual and legacy processes for granting access; lack of automation• Workflows and Approval process is inefficient• Onboarding — waiting for excessive periods to obtain baseline or “birthright” access


2. Work packages summary and capabilities mapping


Work packages per subdomain

Identity & Account

Management

IAM.1.a – Establish Corporate Identity StoreIAM.1.b – Automated Identity ManagementIAM.1.c – Account Provisioning / De-provisioningIAM.1.d – Discovery of Accounts and PrivilegesIAM.1.e – Federated Identity ManagementIAM.1.f – Role model


IAM.2.a – Password Self ServiceIAM.2.b – Multi-Factor AuthenticationIAM.2.c – Single Sign-OnIAM.2.d – Adaptive Authentication

Access Management

IAM.3.a – Approval of AccessIAM.3.b – Certification of AccessIAM.3.c – Role Based AccessIAM.3.d – Auditing and Reporting of AccessIAM.3.e – Web Access Management IAM.3.f – API Access Management

Privileged Account

Management

IAM.4.a – Privileged Account Discovery & Assessment IAM.4.b – Privileged Account and Password ControlIAM.4.c – Privileged Account Monitoring & Session Management

Security Analytics

CD 6.c – User Behavior Analytics CD 6.e – Privileged Threat Analytics

Work Package in next release

Work Package available


Work packages (WP) summary (1/3)

WP name Subdomain WP description WP outcomes Objective TimescaleIAM.1.a – Establish Corporate Identity Store

Identity & Account Management

• Corporate repository for storing, structuring, organizing, and managing data within an LDAP structure or other proprietary directory structure

• Requirements, design, use case, implementation and operational documentation

• Centralized corporate directory to satisfy the secure storage of UIDs, credentials, and attributes

• Facilitate administration, and support synchronization of data cross domains

PRODUCTIVITY

INTEGRATION

2+ months

IAM.1.b – Automated Identity Management


• Configure a feed of user data into an identity management system• Define appropriate policies and processes (joiners, movers and leavers

process)• Configuration of policies based on data feed

• User access configured without administrator interaction

• Decreased administrator overhead

PRODUCTIVITY 2+ months

IAM.1.c – Account Provisioning/De-provisioning


• Connect to directories, systems or applications• Develop automated process for creating, modifying and removing accounts

• Decreased time for account changes• Increased user productivity• Accounts configured accurately

PRODUCTIVITY 6 months

IAM.1.d – Discovery of Accounts and Privileges


• Match users to current accounts to gather accurate record of access a user has

• Identify users with multiple accounts• Identity users with privileged access• Identity users with access from prior roles• Identity accounts belonging to users no longer with the company

• Identity owners of accounts• Complete visibility of a users access• Ability to mine application to develop roles• Reduced administrative overhead

ACCOUNTABILITY 1+ month

IAM.1.e – Federated Identity Management


• Establish authentication relationships with external partners • Configure authorization controls to internal resources allowing external users

access

• Partners are able to manage their users internally while accessing shared resources

• Ability to grant access to internal resources to a external user

• Third parties are able to independently verify identities of users

SIMPLIFICATION

INTEGRATION

3+ months


Work packages summary (2/3)

WP name Subdomain WP description WP outcomes Objective TimescaleIAM.2.a – Password Self-Service


• Configure password self-service• Configure password self-service registration

• Decrease help desk calls• Increased user productivity• Increased security

PRODUCTIVITY 3 months

IAM.2.b – Multi-Factor Authentication


• Setup of two or more distinct systems of authentication used together to grant access to systems

• Development of policies and procedures for controls

• Increased security• Increased accountability• Meeting compliance requirements

SECURITY

COMPLIANCE

1+ months

IAM.2.c – Single Sign-On Authentication Management

• Using a single authentication source to authorize access to multiple systems • Reduced administrative overhead• Centralization of user management• Decreased effort to roll out new systems

SECURITY

SIMPLIFICATION

3+ months

IAM.3.a – Approval of Access

Access Management • Identity responsible parties for any creations, modifications or removal of access

• Configure or integrate with a request system• Configuration of approval workflow

• Streamlined process for administrators• Simplified fulfillment process• Reduced administrative overhead• Accountability for users and access

ACCOUNTABILITY 1+ months

IAM.3.b – Certification of Access

Access Management • Establish owners of users and applications• Identity users management hierarchy• Development of automated and/or manual processes to review access

• Accountability of user and applications• Ability to respond to internal and external auditors

ACCOUNTABILITY 1+ months

IAM.3.c – Role Based Access

Access Management • Data mine existing access to develop possible roles• Work with user managers to manually develop roles• Work with application owners to manually develop roles• Configure Identity Manager System to assign roles based on available user

data

• Decreased administrative overhead• Increased user productivity• Increased compliance• Increased account access accuracy

PRODUCTIVITY 5+ months


Work packages summary (3/3)

WP name Subdomain WP description WP outcomes Objective TimescaleIAM.3.d – Auditing and Reporting of Access

Access Management • Generation of reports• Review of access versus established policy or controls• Review of account usage versus established policy or controls

• Data is available for compliance review• Internal controls are evaluated for effectiveness• Additional controls, policies, and/or procedures are

developed

COMPLIANCE 1+ months

IAM.4.a – Privileged Account Discovery & Assessment

Privileged Account Management

• Gain complete visibility of privileged user accounts; answers the question “who has privileged access to what?”

• Perform discovery on UNIX, Linux, and Windows Endpoints to discover where privileged accounts exist, discover SSH Key Pairs and geography

• Assess privileged account security risks, identify machines vulnerable to Pass-the-Hash attacks

• Better understanding of the Privileged Accounts• Enforce granular privileged access controls with

complete understanding of policies

ACCOUNTABILITY 1 month

IAM.4.b – Privileged Account and Password Control


• Gathering of existing privileged account passwords• Creation of password vault including OTP and check in/out• Setup of approval workflows for password release• Setup of password rotation

• Increased security• Increased accountability• Increased availability to passwords• Increased compliance

ACCOUNTABILITY 7 months

IAM.4.c – Privileged Account Monitoring & Session Management


• Configure session monitoring and recording (flight recorder)• Configure auditing and reporting• Configure session proxying

• Increased accountability• Ability to monitor sessions live and terminate if

needed

ACCOUNTABILITY 5 months


3. Identity life-cycle layer work packages (extract)


Work package mapping: IAM.1.a




Policy


Directions


Policy Enforcement

Metrics & Events


Strategic Layer




Audit Management &

Certification

Empowered Workforce

Legal, Regulatory &

Privacy Compliance

Identity & Account

Management

Security Monitoring

Security Analytics

Security Operations

Management


Access Management

Privileged Account

Management

Identity Lifecycle Layer Work Packages

Establish Corporate Identity

Store (IAM.1.a)

Corporate repository for storing, structuring, organizing, and managing data within a LDAP structure or other proprietary directory structure


Work package mapping: IAM.1.b




Policy


Directions


Policy Enforcement

Metrics & Events


Strategic Layer




Audit Management &

Certification

Empowered Workforce

Legal, Regulatory &

Privacy Compliance

Identity & Account

Management

Security Monitoring

Security Analytics

Security Operations

Management


Access Management

Privileged Account

Management



Store (IAM.1.a)


Automated Identity Management

(IAM.1.b)

Configure a user data feed into the Identity Management System and define appropriate policies and processes (joiners, movers and leavers)


Work package mapping: IAM.1.c




Policy


Directions


Policy Enforcement

Metrics & Events


Strategic Layer




Audit Management &

Certification

Empowered Workforce

Legal, Regulatory &

Privacy Compliance

Identity & Account

Management

Security Monitoring

Security Analytics

Security Operations

Management


Access Management

Privileged Account

Management



Store (IAM.1.a)



(IAM.1.b)


Account Provisioning / De-

provisioning (IAM.1.c)

Connect to directories, systems or applications and develop an automated process for creating, modifying, and removing accounts


Work package mapping: IAM.1.d




Policy


Directions


Policy Enforcement

Metrics & Events


Strategic Layer




Audit Management &

Certification

Empowered Workforce

Legal, Regulatory &

Privacy Compliance

Identity & Account

Management

Security Monitoring

Security Analytics

Security Operations

Management


Access Management

Privileged Account

Management



Store (IAM.1.a)



(IAM.1.b)





Discovery of Account and

Privileges (IAM.1.d)

Gather accurate records of access a user has. Identify users with multiple accounts, privileged access, access from prior roles, accounts of users who left the company


Work package mapping: IAM.1.e




Policy


Directions


Policy Enforcement

Metrics & Events


Strategic Layer




Audit Management &

Certification

Empowered Workforce

Legal, Regulatory &

Privacy Compliance

Identity & Account

Management

Security Monitoring

Security Analytics

Security Operations

Management


Access Management

Privileged Account

Management



Store (IAM.1.a)



(IAM.1.b)





Discovery of Account and

Privileges (IAM.1.d)

Gather accurate records of access a user has. Identify users with multiple accounts, privileged access, access from prior roles, accounts of users who left the company

Federated Identity Management

(IAM.1.e)

Establish authentication relationships with external partners and configure appropriate authorization controls to internal resources for external users


Work package: IAM.1.bAutomated identity management

Name: Automated Identity Management Work Package ID: IAM.1.bPurpose and High Level Description:• Define Authoritative source(s) (e.g. HR Database/System) towards providing a consolidated identity management system • Extract and analyze business and technical requirements of Identity Management • Support identity requirements defined by the Business by providing processes, procedures and technologies • Examine and update infrastructure topology to adopt with requirements of technical implementation• Examine and update business policies and procedures to meet the requirements of automated Identity Management: joiners, movers and leavers (JML)

process• Implement and configure an automatic or (partly) manual feed from Authoritative source to the Identity Management System• Define the attribute mapping of information from the data feed to the field in the Identity Management System• Define rules and policies for handling of processing the information from the feed• Define account correlation rules for reconciling and validating the ownership of accounts

Staffing Requirements:• DXC Roles:

• 1 x Security Principal (5 days)• 1 x Security Consultant and IAM SME (50 days)• 1 x Project Manager (15 days)• 1 x IDM System Engineer (10 days)• 1 x Networking Engineer (5 days)

• Customer Roles:• 1 x Head of Security (2 days)• 1 x HR Application SME (10 days)• 1 x IAM SME (15 days)• 1 x Privacy officer ( 3 days)

Key Activities:• Analyze existing identity Life-Cycle and optimize feed of identities into the Identity Management System• Define and optimize processing policies based on data of feed• Risk analysis on feed attribute update• Implement designed solution

Deliverables:• Authoritative System Interface specification• Report of the feed update status• Identity Attributes mapping table • Automated User Management, Use Cases for Joiner, Mover, Leaver

Workload estimation:• Estimated project duration = 2-3 months (depending on the current maturity)• Estimated number of man days effort for DXC = 80 man days• Estimated number of man days effort for Customer = 30 man days• Hardware and Software costs not included

Business Benefits and Outcomes:• Improve efficiency and lowering operating costs by limiting the (manual) interactions of internal/3rd

party administrators• 1 Source of truth by having a single Authoritative System • Authoritative source drives the lifecycle events: e.g. Leaver in HR system results in automatic de-

provisioning of Identity and accounts• Specific attributes from Authoritative source(s) can facilitate Role Based Access Control (e.g.

department and function roles)

Business Challenges and Problems Foregoing Commitment:• External personnel are not usually included in the HR database• Automation of authoritative source might not be directly linked to Identity Management System• People with multiple roles or responsibilities• Alignment of multiple data, process and system owners• Privacy conflicts using HR data as authoritative source• Conversion of HR data format sometimes requires additional manual effort• Lack of processes and procedures for management of users and access rights in organizations

Duration

Business impact/ disruption

Cost

IAM.1.1Capabilities addressed

H

M

M

Work Package example ---

The CRA library of Work Packages is DXC Intellectual Property. For further information,

please contact [email protected]


4. Authentication layer work packages(extract)






Policy


Directions


Policy Enforcement

Metrics & Events


Strategic Layer




Audit Management &

Certification

Empowered Workforce

Legal, Regulatory &

Privacy Compliance

Identity & Account

Management

Security Monitoring

Security Analytics

Security Operations

Management


Access Management

Privileged Account

Management

Authentication Layer Work Packages

Password Self Service (IAM.2.a)

Configure password self service and registration






Policy


Directions


Policy Enforcement

Metrics & Events


Strategic Layer




Audit Management &

Certification

Empowered Workforce

Legal, Regulatory &

Privacy Compliance

Identity & Account

Management

Security Monitoring

Security Analytics

Security Operations

Management


Access Management

Privileged Account

Management





(IAM.2.b)

Set up two or more distinct authentication systems used together to grant access to systems, develop appropriate policies and procedures for controls






Policy


Directions


Policy Enforcement

Metrics & Events


Strategic Layer




Audit Management &

Certification

Empowered Workforce

Legal, Regulatory &

Privacy Compliance

Identity & Account

Management

Security Monitoring

Security Analytics

Security Operations

Management


Access Management

Privileged Account

Management





(IAM.2.b)

Set up two or more distinct authentication systems used together to grant access to systems, develop appropriate policies and procedures for controls

Single Sign-On (IAM.2.c)

Use a single authentication source to authorize access to multiple systems


Work package: IAM.2.aPassword self-service

Name: Password Self Service Work Package ID: IAM.2.aPurpose and High Level Description:• Establish single entry web-based solution for end-users to reset or recover forgotten passwords using configurable challenge/response questions• Provide mobile support to reset password or unlock accounts from different devices• Delegate password management actions to management and administrators• Establish strong password policies• Enforce strong password policies into existing account directory services • Optional: Provide automatic synchronization of password to selected applications/systems using underlying technology


• Security Principal (5 days)• 1 x Security Consultant, IAM SME (5 days)• 1 x IDM System Engineer (10 days)

• Customer Roles:• 1 x Head of Security (3 days)• 1 x Application owner (5 days per application)• 1 x IAM SME (2 days)

Key Activities:• Define use cases, password policies, challenge/response authentication• Define corporate design (logo and colors only)• Optional: Define integration of Password Self Service into existing corporate portal and/or Windows logon screen (underlying technical limitations may apply)• Optional: Define overall requirements regarding password synchronization to selected systems (underlying technical limitations may apply)

Deliverables:• Complemented password management concept including Password Self Service• Implement technology • Adapt Password Self Service to corporate design (logo and colors only)• Testing and documentation• Client training if applicable• System handover• Optional: integration into existing corporate portal and/or Windows logon screen

Workload estimation:• Estimated project duration = 3 months (depending on the infrastructure complexity)• Estimated number of man days effort for DXC = 20 man days• Estimated number of man days effort for Customer = 10 man days• Hardware and Software costs not included

Business Benefits and Outcomes:• Reduce operational costs and Help Desk call volume by reducing the number of password resets• Improve end-user productivity and satisfaction by providing an easy to use web portal for Password

Self Service• Strengthen security through consistent enforcement of password policy• Optional: Usage of automated password synchronization to selected systems

Business Challenges and Problems Foregoing Commitment:• High Help Desk call volume regarding password resets or recovery of forgotten passwords• No single entry solution for end-users to reset or recover forgotten passwords• No consistent enforcement of password policy across different applications/systems

Duration


Cost

IAM.2.3 ; IAM.2.4 ; (IAM.2.8)Capabilities addressed

L

L

L





5. Authorization layer work packages(extract)






Policy


Directions


Policy Enforcement

Metrics & Events


Strategic Layer




Audit Management &

Certification

Empowered Workforce

Legal, Regulatory &

Privacy Compliance

Identity & Account

Management

Security Monitoring

Security Analytics

Security Operations

Management


Access Management

Privileged Account

Management

Authorization Layer Work Packages

Approval of Access (IAM.3.a)

Identity parties responsible for granting, modifying, or removing access, and configure an approval workflow






Policy


Directions


Policy Enforcement

Metrics & Events


Strategic Layer




Audit Management &

Certification

Empowered Workforce

Legal, Regulatory &

Privacy Compliance

Identity & Account

Management

Security Monitoring

Security Analytics

Security Operations

Management


Access Management

Privileged Account

Management




Certification of Access

(IAM.3.b)

Establish owners of users and applications and develop an automated or manual processes to review access






Policy


Directions


Policy Enforcement

Metrics & Events


Strategic Layer




Audit Management &

Certification

Empowered Workforce

Legal, Regulatory &

Privacy Compliance

Identity & Account

Management

Security Monitoring

Security Analytics

Security Operations

Management


Access Management

Privileged Account

Management





(IAM.3.b)


Role Based Access(IAM.3.c)

Data-mine existing access, work with user managers and application owners to develop roles. Configure Identity Manager System to assign roles


Work package mapping: IAM.3.d




Policy


Directions


Policy Enforcement

Metrics & Events


Strategic Layer




Audit Management &

Certification

Empowered Workforce

Legal, Regulatory &

Privacy Compliance

Identity & Account

Management

Security Monitoring

Security Analytics

Security Operations

Management


Access Management

Privileged Account

Management





(IAM.3.b)




Auditing and Reporting of

Access(IAM.3.d)

Review and generate reports on access and account usage vs established policy or controls






Policy


Directions


Policy Enforcement

Metrics & Events


Strategic Layer




Audit Management &

Certification

Empowered Workforce

Legal, Regulatory &

Privacy Compliance

Identity & Account

Management

Security Monitoring

Security Analytics

Security Operations

Management


Access Management

Privileged Account

Management





(IAM.3.b)





Access(IAM.3.d)


Privileged Account Discovery & Assessment

(IAM.4.a)

Gain complete visibility of privileged user accounts; answers the question “who has privileged access to what?”






Policy


Directions


Policy Enforcement

Metrics & Events


Strategic Layer




Audit Management &

Certification

Empowered Workforce

Legal, Regulatory &

Privacy Compliance

Identity & Account

Management

Security Monitoring

Security Analytics

Security Operations

Management


Access Management

Privileged Account

Management





(IAM.3.b)





Access(IAM.3.d)



(IAM.4.a)


Privileged Account and Password

Control (IAM.4.b)

Management of privileged accounts and associated passwords including policies, reconciliation, password vaulting, OTP, check in/out, rotation






Policy


Directions


Policy Enforcement

Metrics & Events


Strategic Layer




Audit Management &

Certification

Empowered Workforce

Legal, Regulatory &

Privacy Compliance

Identity & Account

Management

Security Monitoring

Security Analytics

Security Operations

Management


Access Management

Privileged Account

Management





(IAM.3.b)





Access(IAM.3.d)



(IAM.4.a)


Privileged Account and Password

Control (IAM.4.b)

Management of privileged accounts and associated passwords including policies, reconciliation, password vaulting, OTP, check in/out, rotation

Privileged Account Monitoring &

Session Mgmt. (IAM.4.c)

Session monitoring and recording (flight recorder) ; auditing and reporting ; session proxying


Work package: IAM.3.bCertification of access

Name: Certification of Access Work Package ID: IAM.3.bPurpose and High Level Description:• Provide periodic (on-demand and scheduled) evaluation of access throughout the identity’s full life cycle and ensure granted access are still appropriate as

peoples role and relationship with the business changes• Enables detective control mechanism to ensure that subsequent access change are aligned with user’s current roles and responsibilities• Review, assess and validate appropriateness of user access to applications systems and information • Provides a process to determine the person responsible for periodically reviewing and certifying/recertifying/attesting the access, routing the access

certification/recertification/attestation request to appropriate person, conducting the review and certifying appropriate entitlements, and revoking any inappropriate access

• Generates auditable ‘action item/events’ that can be tracked through the system


• 1 x Security Principal (10 days)• 1 x IAM Consultant (30+ days)• 1 x IAM SME (30+ days)• 1 x Project Manager (15+ days)• 1 x Operations Support Rep(* if applicable*)

(15+ days)• Customer Roles:

• 1 x Head of IT Security (3 days)• 1 x Chief Information Security Officer (2 days)• 1 x Security Architect (4+ days)• 1 x Project Coordinator (4+ days)• 3 x SME’s (i.e. DBA, IT Support, HR Rep) (30+

days)Key Activities:• Define access review scope and approach• Communicate the approach to stakeholders • Define the access review process or review and optimize the current process • Collect and maintain access and entitlement data • Define and agree with relevant teams and stakeholders the different use cases for process flow• Configure and deploy the solution with customizations (if required) • Monitor the outcomes of the entire process, document lessons learned and close the project with appropriate feedbackDeliverables:• Documented Use cases with identified actors (subjects and objects)• Documented Access Certification process aligned with business requirements and best practices• Build and integrate solution package• End user training and guidance for Production Support• Access Review and Certification Tool Implementation Run Book

Workload estimation:• Estimated project duration = 1+ months (depending on environment complexity)• Estimated number of man days effort for DXC = 85 man days (may vary based on customization) • Estimated number of man days effort for Customer = 43 man days (may vary based on customization)• Hardware and Software costs not included

Business Benefits and Outcomes:• Provide a well managed and trackable medium for Security Team, System and Account Owners and

Audit and Compliance Teams • Managed according to business and operational requirements • Systems, platforms and application owners are well equipped to control access to their respective

environment • Centralization of processes, procedures and policies• Reduced manual processes that simplify User Access Review• Improved auditing and sustainable compliance• Improved security posture due to frequent review of accesses and entitlements

Business Challenges and Problems Foregoing Commitment:• Lack of control and visibility on access and entitlements• Low ROI on the entire IAM program because inappropriate access review process results in

unmanaged and irrelevant access which disregards the entire purpose of the IAM strategy and program

• Ineffective and inefficient audit and compliance which can be a major business risk for regulated industries and sectors

Duration


Cost

IAM.3.8 ; IAM.3.9 ; IAM.3.10 ; IAM.3.14 ; IAM.3.15

Capabilities addressedL

L

L




© 2018 DXC Technology CompanyThe underlying methodologies and information are confidential and proprietary information of DXC Technology Company

For further information, please contact [email protected]


6. Appendix


Blueprint structure


Blueprint structure: Layers

Blueprint layering model 1-page summarized description of all layers

+ 1 page per layer

Blueprint Layer

ControlsLayer

OperationsLayer

Context &Behavior Layer

VulnerabilityLayer

IntelligenceLayer

StrategicLayer

Description

Onboard new and existing feedsIdentify and remediate gaps in feeds and controls

Deliver a consolidated SOC environment with business-aligned use cases and a service provider model

Establish a baseline of normal behaviorIdentify which CMDB information can be integratedAlign with critical assets definition

Identify, integrate and manage vulnerability landscape

Provide a Digital Investigation & Forensics serviceActive hunting and threat actor profiling capabilities

Map Security objectives with business risk profile to help prioritize security investment and decision making

Examples of typical issues

Limited types of data feeds, limited coverage of feeds etc.

No SOC or multiple local SOC’s working in silos, poor engagement and information sharing efficiency, etc.

Inconsistent and incomplete asset and configuration awareness, little contextual information for decision making

Lack of knowledge of vulnerability landscape to prioritize incident management activities

Lack of knowledge of threat landscape, poor detection rate for advanced threat, inconsistent response, etc.

No defined metrics/ KPI’s, limited engagement with customers, limited understanding of business impact etc.

ControlsLayer

OperationsLayer

Context &Behavior Layer

VulnerabilityLayer

IntelligenceLayer

StrategicLayer

Supporting background information

Data feeds are absolutely essential to drive improved detection. They bring more events for analysis and provide the basis for more correlation of data.If the necessary feeds are not available there can be a significant impact to security operations, such as:• Enterprise is dependent on only ‘noisy’ and lower value feeds such as

Firewalls and IPS• The lack of required feeds can mean identified Critical Risk Use Cases

cannot be created and acted upon. This results in a large information & security awareness gap

• Where feeds are available in many cases they do not contain the needed information and require retuning

• A lack of feeds can mean that only relatively simplistic use cases can be created. To produce more complex, behavior-orientated and correlated use cases more feeds are required

• Compliance programs need to be aligned with identified detection requirements, which are invariably supported by specific data feeds

• Creation of a centralized view of the current state of security of the Enterprise network, enhancing situational awareness, correlation capability and security operational efficiency

• Ability to quickly and efficiently respond to threats, vulnerabilities and incidents• Ability to respond as and when needed across all departments, business units

and local markets• Regulatory compliance in-line with device control logging, monitoring and

analysis


Onboard new and existing feeds, identify and remediate gaps in feeds and controls

• Significantly increased risk of a successful attack/breach with possibility of the attack not being detected at all, resulting in a potential financial loss/competitive loss (e.g. IP loss)/brand damage

• Risk of inappropriate and/or incomplete security response to a threat, vulnerability or incident, resulting in a potential financial loss/competitive loss (e.g. IP loss)/brand damage

• Lack of regulatory and audit compliance


• One single picture is used to outline the blueprint• Layers represent the key functional areas and are mapped to domains• Relevant subdomains are mapped to layers providing the end-to-end story


Cyber Defense (CD)

Identity & Access

Management (IAM)



Data Protection &

Privacy (DPP)




Strategy,Leadership

& Governance(SLG)

Risk & ComplianceManagement (RCM)Security ResilientArchitecture (SRA)

Actionable Security & Threat Intelligence

Correlated events

Containment, Clean-up, Eradication, Disruption, Remediation Physical

eventsIT

eventsOT

events

Security Analytics

Context & Behavior Layer

Threat Intelligence & Profiling

Digital Investigation & Forensics

Intelligence Layer

Vulnerability Management

Vulnerability Layer

Security MonitoringSecurity Incident

Response & Remediation Management

Forensic Analysis & Response

Operations Layer

Controls Layer

Strategic Layer

Asset Management


Blueprint structure: Work packages

• Each work package has the objective to deploy, setup, implement some capabilities addressing one subdomain (with sometimes dependencies with other subdomains)

Work packages summary list

Work package detailed description

Name: Infrastructure Security Monitoring Work Package ID: CD.1.aPurpose and High Level Description:• Define SIEM Use Cases to support SOC objectives or known threat actors targeting the organization. This has to be done based on the outcomes of several Work Packages helping to

profile threat actors (CD.3.c, CD.3.d, CD.4.a, CD.4.b are examples but others as well). This will allow the corresponding alerting to be automated• Create a «use cases to log source mapping» to identify and justify onboarding of new log sources• To support the deployment of identified use cases, define the requirements for log policy, log generation and log storage, for critical IT security infrastructure for SIEM Part 1 project (MS

domain controllers, firewalls, VPN GW, DHCP, DNS, email GW, web proxies, NIPS, endpoint threat management solutions, sandboxing solutions, “touched” devices etc.)• Define logging setting changes to be made on targeted systems to allow proper logging• Define or revisit and update SIEM architecture requirements to support additional onboarding of log sources• Perform design and sizing impact analysis of the current solution if any and upgrade the existing SIEM solution or define a new solution, to support additional requirements and to support

new use cases• Review and update security incident management and incident response processes if necessary (dependency on Work Package CD.2.b)• Define the transformation plan to deploy the log policy across the environment• Define the transformation plan to upgrade the existing SIEM solution or to deploy a new solution as well as use cases implementation• Execute the transformation planIdeally, if affordable during phase 1 (optional):• Integrate the Asset Management system as an information source to optimize prioritization decision making (make sure to obtain Asset name, Host name, IP@, MAC@, Asset classification

as a minimum)• Integrate IPAM information (IP subnets, start address, end address, classification)• Integrate NetFlow information from core networks (could be filtered first with another tool before feeding into the SIEM) for at least 1 day history• Define the requirements for log protection (including separation of duty and compliance requirements)


– 1 x Security Principal (10 days)– 1 x Program Director (5 days) – N x Security Consultant & Security Architect (25 days)– 2 x SIEM SME’s (100 days)– 1 x Content SME (50 days)– 1 x Account Security Officer (15 days)– 1 x SME per o/s platform (Wintel, Linux/Unix, Mainframe,

VMWare, network security infra. components, applications, etc.) (~30 days)

– 1 x Project Manager (45 days or 50% of time)• Customer Roles:

– 1 x Head of IT Security (3 days)– 1 x Chief Information Security Officer (2 days)– 1 x Head of Security Operations (2 days)– 1 x Head of Risk Management, Group Internal Auditor (2

days)– 1 x Program Director (5 days) – 1 x Project Coordinator (5 days)

Key Activities:1) Perform Project initiation and team briefings 2) Define use cases 3) Perform Current State Assessment to establish critical infrastructure and asset feeds 4) Define both technical and service requirements 5) Create a detailed technical and service design 6) Build 7) Test 8) DeployDeliverables:• Project Plan & Schedule, Processes & Plans including Test Plan and Success Criteria• SIEM solution deployment, onboarding of feeds, implementation of use cases and fine tuning• SIEM architecture and standard service documentation update including use cases • Existing security processes updated with corresponding use cases

Workload estimation:• Estimated project duration = 9 months• Estimated number of man days effort for DXC = 210 man days• Estimated number of man days effort for Customer = 19 man days• Hardware and Software costs not included

Business Benefits and Outcomes:• Ability to achieve faster identification of incidents and mitigation of threats by implementing the Cyber Defense Strategy and

SIEM Phase I; centralized log management and alerting solution • A more complete view of security throughout the infrastructure• A more accurate and integrated security incident & response process. Less downtime through an integrated and experienced

response process• Reduced cyber risk by implementing key log policies and improved security incident handling processes• 24x7x365 rapid response from a highly experienced and industry-certified global security incident response team

Business Challenges and Problems Foregoing Commitment:• Breaches of information security (e.g. loss of confidentiality, integrity and availability). Intellectual property theft (trade secrets,

competitive information, IP theft, secured collaboration)• Breaches of legal, regulatory or contractual requirements (legal exposure, data loss, privacy breaches, information leakage,

etc.)• Less visibility of events and hack attempts across the entire estate• Lack of proactive monitoring and addressing threats, reacting to security incidents• Loss of business and financial value• Damage to reputation• Productivity loss, disruption of plans and deadlines, impaired operations (internal or third parties)

Duration

Business impact/disruption

Cost

CD.1.1 ; CD.1.2 ; CD.1.3 ; CD.1.4 ; CD.1.5 ; CD.1.7 ; CD.1.8


M

M

Actionable Security & Threat Intelligence

Correlated events

Containment, Clean-up, Eradication, Disruption, Remediation

Physical events

IT events

OT events

Security Analytics

Context & Behavior Layer

Threat Intelligence & Profiling

Digital Investigation & Forensics

Intelligence Layer

Vulnerability Management

Vulnerability Layer

Security Monitoring

Security Incident Response & Remediation Management

Forensic Analysis & Response

Operations Layer

Controls Layer

Strategic Layer

Asset Management

SOC Foundation Key Work Packages

Infrastructure Security Monitoring (CD.1.a)

Centralized storage of normalized data. Detect security incidents quickly based on Use Cases Comprehensive breadth & depth of collection of events across the infrastructure

Assess / define SOCprocesses (CD.2.a) Monitor and analyze security events 24 x 7 x 365

Work packages mapping to subdomains





















Duration


Cost

CD.1.1 ; CD.1.2 ; CD.1.3 ; CD.1.4 ; CD.1.5 ; CD.1.7 ; CD.1.8


M

M

Work package structure

Description of the WP’s scope and objective along with some solution

requirementsWP title Reference

Number

Workload estimation summary and elapsed time to complete the work package

Deliverables: what will be provided/delivered to the customer once WP is completed

Expected benefits from successful delivery of this project

Key activities to be executed as part of this work package

Staffing estimation provided for DXC and for the customer

List of Capabilities addressed by the WP

Evaluation criteria

Impacts to the customer by not implementing this WP


Duration


Cost

L

M

M

October 25, 2018 28© 2018 DXC Technology CompanyThe underlying methodologies and information are confidential and proprietary information of DXC Technology Company

Work Package – CD.1.aInfrastructure Security Monitoring




















Duration


Cost

CD.1.1 ; CD.1.2 ; CD.1.3 ; CD.1.4 ; CD.1.5 ; CD.1.7 ; CD.1.8


M

M

Subdomain, capability and work package ID assignment rulesSubdomains

An ID for a subdomain is made up of:• The acronym for its parent domain (for example, “CD” for

“Cyber Defense”)• The position of the subdomain in the header of the matrixExample: the ID of “Security Monitoring” subdomain will be “CD.1”

An ID for a capability is defined by its position in the matrix and is made up of:- The ID of the subdomain it

belongs to- Its row number in the matrixExample: the ID of “Big Data Security Analytics” Capability will be “CD.6.1”

Capabilities

Work packages

CD.1.aAn ID for a work package is made up of:- the ID of the subdomain it is related to- a lowercase letter (‘a’, ‘b’, ‘c’, etc.)Example: The IDs of work packages related to CD.1 subdomain can be CD.1.a, CD.1.b, CD.1.c etc.

Work package evaluation criteria

Criteria Low if… Medium if… High if…

Cost < USD 100k USD 100-500k > USD 500k

Duration < 3 months 3-6 months > 6 months

Business Impact/Disruption Low Medium High

CD.1 CD.2 CD.3 CD.4 CD.5 CD.6

1

2

3

4

5

6

7

8

9

10

11

12

13

Security Monitoring Threat Intelligence & ProfilingSecurity Incident Response & Remediation Mngt Security AnalyticsVulnerability ManagementDigital Investigation & Forensics

Incident & Defect Notification

CERT & Authority Information Request

Incident Analysis

Incident Triage

Root Cause Analysis

Incident Validation

Incident Classification

Incident Mitigation & Remediation

Incident Recovery

Crisis Communication

Incident Reporting

Crisis Leadership & Organization

Escalation Procedure

Threat Intelligence Platform

Cyber Threat Intelligence Sources

Threat Actor Profiling

Cyber Threat Intelligence Sharing

Malware Analysis

Security Trends

Technical Threat Modeling

Threat Intelligence Knowledge Management

Digital Investigations

Digital Forensics

E-Discovery

Active Threat Hunting

Static Code Analysis

Dynamic Code Analysis

Social Engineering

Penetration Testing

Vulnerability Remediation

Attack Simulation

Vulnerability Scanning

Patch Management

Vulnerability Notification

Vulnerability Monitoring

Vulnerability Validation & Criticality

Vulnerability Research

Big Data Security Analytics

Baselining

Social Media Analysis

Data Anomaly Detection

Network Anomaly Detection

User Behavior Analysis

Privileged Threat Analytics

DNS Analytics

Technical Attack Reconstruction & Visualization

Log Policy Definition

Log Management

Monitoring & Alerting Processes

Log Correlation

Event Query

Log Integrity

Use Case Management

Log Reporting

Shift-Handover Process

Daily Operations Meeting Procedure

CD.6

Security Analytics

Big Data Security Analytics

CD.1

Security Monitoring

Documents

Identity and Access Management Blueprint · 2018-11-20 · 1. Identity and Access Management (IAM) blueprint 2. Work packages summary 3. Identity life-cycle layer work packages (extract)