Title:
Identity and access management : business performanve through connected intelligence
Personal Author:
Publication Information:
Amsterdam : Syngress, an imprint of Elsevier, 2014.
Physical Description:
xxix, 618 pages : illustrations ; 24 cm
ISBN:
9780124081406
Available:*
Library | Item Barcode | Call Number | Material Type | Item Category 1 | Status |
|---|---|---|---|---|---|
Searching... | 30000010285184 | QA76.9.A25 O78 2013 | Open Access Book | Book | Searching... |
On Order
Summary
Summary
Identity and Access Management: Business Performance Through Connected Intelligence provides you with a practical, in-depth walkthrough of how to plan, assess, design, and deploy IAM solutions. This book breaks down IAM into manageable components to ease systemwide implementation. The hands-on, end-to-end approach includes a proven step-by-step method for deploying IAM that has been used successfully in over 200 deployments. The book also provides reusable templates and source code examples in Java, XML, and SPML.
Author Notes
Ertem Osmanoglu is a Partner and Principal in the IT Advisory Services practice in Ernst Young's Financial Services Office (FSO) based in New York. He is the Identity and Access Management (IAM) service line leader in FSO. He is a results-oriented business leader, who has managed and coordinated complex programs and projects for large global clients with identity and access management, information security, e-business strategy, risk management, and compliance service needs. He is a frequent speaker at industry events, the author of Security Architecture: Design, Deployment, and Operations (McGraw-Hill)
Table of Contents
| Foreword | p. xiii |
| Preface | p. xv |
| Introduction | p. xvii |
| Acknowledgments | p. xxiii |
| Author and Editor Biographies | p. xxv |
| Section 1 Business Case and Current State | |
| Chapter 1 Business Requirements and Business Case Development | p. 3 |
| Introduction | p. 3 |
| An IAM Business Case: What Is It, Exactly? Why Is It Important? | p. 4 |
| Types of Business Cases for IAM | p. 5 |
| The Risk and Compliance Business Case | p. 5 |
| The Operational Effectiveness or Cost Savings Driven Business Case | p. 6 |
| The Business Enablement Driven Business Case | p. 7 |
| A Strategic Approach to Developing an IAM Business Case | p. 7 |
| Identify, Analyze, and Engage Key Stakeholders | p. 8 |
| Understand Decision-Making Process and Roles | p. 11 |
| Reexamine IAM Scope, Requirements, and Define Program Objectives | p. 11 |
| Develop Alternative IAM Solutions | p. 12 |
| IAM Strategy and Vision | p. 12 |
| Analyze Alternatives and Select "To Be" State | p. 13 |
| Baseline Current Capabilities and Costs | p. 13 |
| Develop Risk Mitigation Strategy | p. 15 |
| Detail Business Case Justification: Costs and Benefits | p. 17 |
| Develop and Describe High-Level Roadmap | p. 17 |
| Document the Compelling Business Case Report | p. 17 |
| Summary | p. 19 |
| Appendix A Sample Table of Contents for Requirements | p. 19 |
| Appendix B Sample Requirements Document | p. 19 |
| Chapter 2 IAM Framework, Key Principles and Definitions | p. 47 |
| IAM Defined | p. 47 |
| IAM Framework | p. 49 |
| Governance | p. 50 |
| Identity and Credential | p. 50 |
| Access | p. 51 |
| Authoritative Sources | p. 52 |
| Administration and Intelligence | p. 54 |
| Chapter 3 Current State and Capability Maturity | p. 55 |
| IAM Capability Maturity Framework | p. 61 |
| Governance | p. 61 |
| Identity and Credential | p. 65 |
| Access | p. 77 |
| Authoritative Sources | p. 79 |
| Administration and Intelligence | p. 84 |
| Sample Work-Products and Artifacts | p. 88 |
| Appendix A Sample Current State Assessment Report | p. 89 |
| Appendix B Sample Maturity Assessment-Summary View | p. 113 |
| Chapter 4 Common Challenges and Key Considerations | p. 117 |
| Theme 1 Governance | p. 117 |
| Theme 2 Program Delivery | p. 121 |
| Theme 3 Sustain Compliance | p. 121 |
| Theme 4 Identity Lifecycle | p. 121 |
| Theme 5 Control Access | p. 125 |
| Theme 6 Operations | p. 125 |
| Conclusion | p. 134 |
| Chapter 5 Case Study: Access Reviews | p. 135 |
| Section 2 Future State and Roadmap | |
| Chapter 6 Future State Definition | p. 141 |
| Introduction | p. 141 |
| Stages of IAM Future State Definition | p. 142 |
| Future State Vision and Guiding Principles | p. 142 |
| Future State Conceptual Design | p. 146 |
| Future State Detailed Design | p. 148 |
| Conclusion | p. 164 |
| Chapter 7 IAM Roadmap and Strategy | p. 165 |
| Developing an IAM Roadmap | p. 165 |
| Key Components of an IAM Roadmap | p. 166 |
| Conclusion | p. 175 |
| Chapter 8 Identity and Access Intelligence: A Risk-Based Approach | p. 177 |
| A Risk-Based Approach to IAM | p. 177 |
| Peer Group and Outlier Analysis | p. 181 |
| Sorting Method | p. 182 |
| Regression Methods | p. 183 |
| Request/Approval and Provisioning Considerations | p. 186 |
| Review and Certification Considerations | p. 186 |
| Role Analysis | p. 187 |
| Resource Allocation and Analysis | p. 188 |
| Account and System Usage Analysis | p. 189 |
| Risk and Fraud Systems Integration | p. 190 |
| Conclusion | p. 191 |
| Chapter 9 Enabling Business Through Cloud-Based IAM | p. 193 |
| Introduction | p. 193 |
| IAM Cloud Deployment Models | p. 194 |
| IAM Cloud Service Models | p. 197 |
| IAM Cloud Security and Risk Management | p. 200 |
| Conclusion | p. 202 |
| Chapter 10 Case Study: Future State-Finding a Way Out of the Labyrinth | p. 203 |
| Section 3 Implementation | |
| Chapter 11 Implementation Methodology and Approach | p. 211 |
| Implementation Methods | p. 211 |
| Plan and Diagnose | p. 214 |
| Define and Design | p. 218 |
| Develop and Deliver | p. 219 |
| Adopt and Sustain | p. 226 |
| Conclusion | p. 227 |
| Chapter 11 Appendix 1-IAM Implementation Toolkit | p. 227 |
| Chapter 11 Appendix 1.1IAM Implementation-Sample Project Charter | p. 227 |
| Chapter 11 Appendix 1.2 IAM Implementation-Sample Project Plan | p. 248 |
| Chapter 11 Appendix 1.3 IAM | p. 249 |
| Chapter 11 Appendix 1.4 IAM Implementation-Sample Run Book | p. 308 |
| Chapter 11 Appendix 1.5 IAM Implementation-Sample Communications Governance | p. 365 |
| Chapter 11 Appendix 1.6 IAM Implementation-Sample Issue Tracking Log | p. 379 |
| Chapter 11 Appendix 1.7 IAM Implementation-Sample Workstream Status Template | p. 383 |
| Chapter 11 Appendix 1.8 IAM Implementation-Sample Interview Tracker | p. 385 |
| Chapter 11 Appendix 1.9 IAM Implementation-Sample Meeting Notes Template | p. 388 |
| Chapter 12 Access Request, Approval, and Provisioning | p. 391 |
| System Overview and Key Components | p. 393 |
| Request System | p. 394 |
| Workflow System | p. 396 |
| Provisioning System | p. 398 |
| HR System | p. 400 |
| IAM Data Management | p. 401 |
| Conclusion | p. 402 |
| Chapter 13 Enforcement | p. 405 |
| Introduction | p. 405 |
| Authentication | p. 405 |
| Single-Factor Authentication | p. 407 |
| Multifactor Authentication | p. 408 |
| Authentication Implementation Approaches | p. 412 |
| Risk-Based Adaptive Authentication | p. 413 |
| SSO Systems | p. 415 |
| Directory Services | p. 417 |
| Centralized Versus Decentralized Authentication | p. 418 |
| Federated IAM | p. 419 |
| Authorization | p. 423 |
| Initial Stage Application Architectures | p. 423 |
| Centralized Authentication and Coarse-Grained Authorization | p. 425 |
| Central Authentication and Fine-Grained Authorization | p. 429 |
| Choosing an Application Authorization Architecture | p. 430 |
| Logging and Monitoring | p. 433 |
| Conclusion | p. 434 |
| Chapter 14 Access Review and Certification | p. 437 |
| Benefits and Objectives | p. 438 |
| Access Review and Certification Processes | p. 438 |
| Access Review and Certification Scope and Approach | p. 438 |
| Communicating with Stakeholders and Participants | p. 453 |
| Collecting and Managing Data | p. 453 |
| Executing the Access Review and Certification Process | p. 455 |
| Executing Access Remediation | p. 457 |
| Monitoring and Closing Out | p. 458 |
| Conclusion | p. 458 |
| Chapter 15 Privileged Access Management | p. 461 |
| Understanding Privileged Access | p. 461 |
| Key Business Drivers | p. 462 |
| Malicious Use of Privileged Access | p. 463 |
| Privileged Access Management Program | p. 464 |
| Technical Enablers for Privileged Access Management | p. 467 |
| Password Vaulting Solutions | p. 467 |
| Privilege Escalation | p. 468 |
| Privileged Access Life-Cycle Management | p. 470 |
| Enforcement Through Authentication and Directory Services | p. 471 |
| Conclusion | p. 477 |
| Chapter 16 Roles and Rules | p. 479 |
| A Brief History of Access Control Models | p. 483 |
| RBAC Key Concepts | p. 488 |
| Rules and Enforcement | p. 492 |
| The RBAC Model and the Access Management Life Cycle | p. 498 |
| Enterprise Roles | p. 498 |
| Functional Roles | p. 501 |
| IT Roles | p. 502 |
| Appling the RBAC Model | p. 503 |
| RBAC Implementation Considerations | p. 505 |
| RBAC Approach and Methodology | p. 505 |
| Planning | p. 505 |
| Risk Ranking | p. 510 |
| Role Analysis/Role Mining | p. 510 |
| Role Definition Reporting | p. 511 |
| Ongoing Role Management | p. 512 |
| Guiding Principles and Lessons Learned | p. 514 |
| Role Definition | p. 514 |
| Ownership | p. 514 |
| Role Management Processes and BAU Operation | p. 514 |
| RBAC High-Level Roadmap-a Phased Approach | p. 515 |
| Lessons Learned | p. 515 |
| Conclusion | p. 518 |
| Appendix Sample RBAC Work Products and Artifacts | p. 519 |
| Appendix A Sample-Processes and Governance Process | p. 520 |
| Appendix B Sample-RBAC Role Management Processes | p. 533 |
| Chapter 17 IAM Product Selection | p. 565 |
| The IAM Product Selection and Decision Framework | p. 566 |
| Collect | p. 566 |
| Analyze | p. 574 |
| Compare | p. 576 |
| Select | p. 578 |
| Conclusion | p. 581 |
| Chapter 18 Case Study: Implementation | p. 583 |
| Background and Issues | p. 583 |
| The Proposed Remediation Plan and Key Decisions | p. 584 |
| The Introduction of Remediation Risks | p. 585 |
| What Happened? | p. 586 |
| Final Results and Impact on the Organization | p. 588 |
| Lessons Learned | p. 588 |
| Case Study Questions | p. 590 |
| Section 4 Identity and Access Management Forecast | |
| Chapter 19 The Future of Identity and Access Management | p. 593 |
| 1 Password-Based Authentication. To Paraphrase Mark Twain, the Reports of its Death Have Been Greatly Exaggerated | p. 593 |
| Cheap | p. 594 |
| Easy | p. 594 |
| Existing Standard | p. 594 |
| Insufficient Recognition of the Need for Change | p. 595 |
| 2 It's Not Your Voice That Will Be Your Password, but It Will Be Your Phone | p. 595 |
| Secure Hosting of Credentials | p. 596 |
| Sensors | p. 596 |
| Low Cost | p. 597 |
| 3 Biometrics Authentication Will Remain a Niche for Primary Authentication | p. 597 |
| Lack of Infrastructure | p. 598 |
| User Acceptance | p. 598 |
| Personal Safety and Privacy | p. 598 |
| 4 Access Decision-Making Will Become Context Aware | p. 599 |
| 5 The Identity Ecosystem Will Finally Emerge | p. 600 |
| 6 Privacy Will Take a Back Seat to Security | p. 602 |
| 7 Increasing Use of Cloud Services Will Drive Adoption of Federated Authentication | p. 604 |
| 8 Entitlement Management Will Shift from Being Technology Centric to Business Centric | p. 604 |
| 9 Access Governance Will Become (Near) Real Time | p. 606 |
| 10 Identity Repositories Will Move Out of HR | p. 607 |
| Conclusion | p. 608 |
| Bibliography | p. 609 |
| Index | p. 611 |
