IAM in TwC

I attended 2006 Microsoft EE & TwC Forum recently and tried to find out if there is any relationship between IAM and TwC. It is interesting that TwC (Trustworthy Computing) has Identity and Access Control as a grand child. At top level, TwC has four children, referred as 4 pillars: 1. Security 2. Privacy 3. Reliability 4. Business Practices…

0

IAM Strategy

IAM is a combination of processes, technologies, and policies enabled by software to manage digital identities in their lifecycle and specify how they are used to access resources. IAM is a superset of AAA (Authentication, Authorization, Auditing)*. Here are some general strategies for enterprise to consider: Obtain executive sponsorship because IAM is an important part of…

0

Authentication Strategy

Authentication is the procedure through which a user or a device or a service (or application) provides sufficient credentials to satisfy access requirements to another service, application, or system. User Authentication Strategy: ·         Prepare and plan for Strong User Authentication ·      Educate line of business application owners to use standard OS and directory protocol authentication and avoid application custom…

0

Authorization Strategy

Authorization (or establishment or entitlement) defines a user’s (or process’) rights and permissions to a resource. After a user (or process) is authenticated, authorization determines what that user can do to the resource. Here are some authorization strategies to improve security: By default, grant users no rights and permissions Grant users least privileged rights and permissions on “need to…

0

Auditing Strategy

Auditing (also referred as Audit or Accounting or Accountability) ensures that the activities associated with user access are logged for monitoring, regulatory and investigative purposes. Auditing Strategies for IAM to be compliance: Identify regulations you company must be compliance: such as SOX (Sarbanes-Oxley), HIPAA (Health Insurance Portability and Accountability Act), GLBA (Gramm-Leach-Bliley Act), Basel II. Assess current compliance…

0

Systems Management Stategy

Digital identities includes not only people but also devices, such as machine account and machine certificate, and applications (or software services). Therefore, there is a small overlapped area between systems management and IAM. Although systems management is another big area in IT, you should have a good understanding of systems management in order to figure out where the common area…

0