Identity - All Articles - CISO Platform2024-03-28T11:25:21Zhttps://www.cisoplatform.com/profiles/blogs/feed/tag/IdentityA CISO Guide to Privilege Identity&Access Management(PIM) Implementationhttps://www.cisoplatform.com/profiles/blogs/a-ciso-guide-to-privilege-identity-access-management-pim-implemen2014-09-09T13:00:00.000Z2014-09-09T13:00:00.000Zprithahttps://www.cisoplatform.com/members/pritha<div><p><strong><a href="http://ww.cisoplatform.com/profiles/blogs/a-ciso-guide-to-privilege-identity-access-management-pim-implemen" target="_blank"><img src="http://i58.tinypic.com/98bqe8.jpg" class="align-left" alt="98bqe8.jpg" /></a><br /></strong><br /><strong>Achieved Solution Benefits</strong></p>
<p><strong>To mitigate risk</strong></p>
<ul>
<li>Prevent access breaches through privileged accounts</li>
<li>Monitor activities carried out by privileged users</li>
<li>Enforce accountability for use of generic privileged accounts</li>
<li>Enforce granular access restrictions as required by user roles</li>
<li>Limit privileges of admin accounts</li>
<li>Maintain complete audit trail of privileged activities (i.e Audit Logs / Screen Recording of every session )</li>
</ul>
<p><span>(Read more: </span><b><a href="http://www.cisoplatform.com/profiles/blogs/top-technologies-solutions-available-for-byod-security">Under the hood of Top 4 BYOD Security Technologies: Pros & Cons</a>)</b></p>
<p><br /> <strong>To improve efficiency</strong></p>
<ul>
<li>Reduce management overhead of maintaining large number of passwords using password fault</li>
<li>Single Sign On (SSO) – for Servers/Databases/Network Elements/URL’s/Thick Clients</li>
<li>Securely extend access to remote vendors ( i.e OTP Based , Time based access )</li>
<li>Audit Logs / Screen Recording of every session</li>
<li>Authorization Workflow</li>
<li>Central Reporting & Alerting ( SMS & Email alerts )</li>
</ul>
<p><br /> <strong>To ensure compliance</strong></p>
<ul>
<li>Comply to regulations and standards ( SOD principle , IS0 27001 Reports )</li>
<li>Meet password policy compliance requirements</li>
</ul>
<p></p>
<p>Solution Evaluation Checklist must focus on functionality, security, vendor profile, integration, ease of implementation and total cost of ownership. Here is a complete comparison of Iraje, CA Control Minder & Arcos and the comparison parameters.</p>
<p><a href="http://www.cisoplatform.com/profiles/blogs/a-ciso-guide-to-privilege-identity-access-management-pim-implemen" target="_blank"><img src="http://i57.tinypic.com/2ebscok.png" class="align-full" alt="2ebscok.png" /></a></p>
<p><em>-With Saurabh Kaushik, Head - IT Security, Lupin Group on Privilege Identity & Access Management (PIM) Implementation</em></p>
<p><span>(Read more: </span><b><a href="http://www.cisoplatform.com/profiles/blogs/sneak-peek-into-the-future">Hardware Trojans: Sneak Peek into the Future</a>)</b></p></div>11 Ways To Measure The Effectiveness Of Your Identity & Access Management (IAM) Solutionhttps://www.cisoplatform.com/profiles/blogs/11-measure-effectiveness-identity-access-management-solution2016-02-12T11:30:00.000Z2016-02-12T11:30:00.000Zprithahttps://www.cisoplatform.com/members/pritha<div><p>Identity Access Management (IAM) is a set of business policies, framework and processes which ensures the right person has access to the right asset/resources. Identity Access Management solutions can deliver intangible benefits that are revenue increasing and other tangible benefits that are cost reducing.</p>
<p><a href="http://www.cisoplatform.com/profiles/blogs/11-measure-effectiveness-identity-access-management-solution" target="_blank"><img width="750" src="{{#staticFileLink}}8669805287,original{{/staticFileLink}}" class="align-full" alt="8669805287?profile=original" /></a></p>
<p></p>
<p>Here are <strong>11 Ways To Measure The Effectiveness of your Identity Access Management (IAM)</strong> solution:</p>
<ul>
<li><strong>Average number of distinct accounts (credentials) per user:</strong> <br /> Generally an organisation has multiple number of accounts per user. <span>Identity Access Management (IAM)</span> solutions can help organisations to reduce this number close to one using their <strong>SSO (Single Sign on) functionality</strong>.</li>
<li><strong>Number of unused accounts:</strong><br /> Identity Access Management(IAM) solution can also help in <strong>reducing the number of unused/uncorrelated accounts</strong>. Uncorrelated accounts are the accounts which don’t have any owners and they come into picture because of promotions, transfers, and termination of workforce. These uncorrelated accounts can create risk for the companies if being hijacked by outsiders.</li>
</ul>
<ul>
<li><strong>Number of orphaned accounts:</strong> <br /> These are the privileged accounts without an owner. For an effective <span>Identity Access Management (IAM)</span> solution, this metric should come down.<br /> <br /> ( Read more: <a href="http://www.cisoplatform.com/profiles/blogs/10-questions-to-ask-before-you-start-your-bug-bounty-program"><b>10 questions to ask before you start your Bug Bounty program…</b></a><b> )<br /></b></li>
</ul>
<p></p>
<ul>
<li><strong>Number of new accounts provisioned:</strong> <br /> Number of new accounts provisioned should be equal to the number of new joinees. If there is a significant difference between these two numbers then it indicates that your IAM solution is not effective to give correct identity data.</li>
</ul>
<ul>
<li><strong>Number of exceptions per access re-certification cycle:</strong> <br /> Exceptions means when the user is assigned the rights he/she should not be given. High number of exceptions can be because of poor identity data or access process problem (persons requesting re-certification do not have all the information required).</li>
</ul>
<ul>
<li><strong>Password policy effectiveness:</strong> <br /> To measure the effectiveness of your IAM solution you can check the password reset data for a period say one month. With an effective Identity Access Management (IAM) solution this volume of data should tend to go down. If it does not, then there may be some issues with the password policies and management of your organisation.</li>
</ul>
<ul>
<li><strong>Average time to provision and de-provision of a user:</strong><br /> For an effective Identity Access Management (IAM) solution, this metric should come down.Most of the time, if someone is not getting the timely access, then there are backend processes responsible for that. This gives you an indication that you should work on your business processes.</li>
</ul>
<ul>
<li><strong>Average time to provide an authorization</strong> <br /> For an effective <span>Identity Access Management (IAM)</span> solution, this metric should come down.This metric can provide insight into the efficiency of an organization's approval processes.Knowing the time taken can help to resolve the bottlenecks and help in improving out dated processes.<br /> <br /><p>( <span id="docs-internal-guid-7e7ed265-3703-c3c7-56c8-9c6e568323f4"><span>Read More:</span> <a href="http://www.cisoplatform.com/profiles/blogs/checklist-to-assess-effectiveness-of-vulnerability-management">Checklist To Assess The Effectiveness Of Your Vulnerability Management Program</a></span><b> )<br /> <br /> <br /></b></p>
</li>
</ul>
<ul>
<li><strong>Average time to make changes in identity policies:</strong><br /> For an effective Identity Access Management (IAM) solution, this metric should come down as IAM solutions <strong>can aid centralization of policies</strong>. So changes are faster compared to traditional ways. Organisation wide changes can be made easily.</li>
</ul>
<ul>
<li><strong>Violation of separation of duties:</strong><br /> For an effective <span>Identity Access Management (IAM)</span> solution, this metric should come down.The organization should implement preventive controls to monitor these violations, report them and orchestrate their remediation.</li>
</ul>
<ul>
<li><strong>Reduced identity management cost</strong><br /> For an effective Identity Access Management (IAM) solution, this cost of managing the large amount of identity store should come down. An effective IAM solution will provide the capability to expand the organization’s people and IT resources without increasing the IT staff.</li>
</ul>
<p></p>
<p>More: <a href="http://www.cisoplatform.com/main/authorization/signUp"><b> </b><b>Join the community of 3000+ Chief Information Security Officers.</b></a><b> </b> <a href="http://www.cisoplatform.com/main/authorization/signUp"><b>Click here</b></a></p>
<p></p></div>Top 7 Talks On Identity Amp Access Management From Rsa Conferencehttps://www.cisoplatform.com/profiles/blogs/top-7-talks-on-identity-amp-access-management-from-rsa-conference2018-06-20T09:30:00.000Z2018-06-20T09:30:00.000ZKuladeep Tummalahttps://www.cisoplatform.com/members/KuladeepTummala<div><p><span>Our editorial team has handpicked the best of the best talks at RSA Conference - one of the largest IT Security Conference in the world. Following is the list of top talks on Identity & Access Management at RSA Conference USA 2018.<br /> <br /> RSA Conference held its event in San Francisco, CA at the Moscone Center & Marriott Marquis and brought together a record number of 50,000 attendees.Attendees experienced keynotes, peer-to-peer sessions, top notch track sessions, tutorials and seminars. Keynotes, sessions and debates focused on New Attack Technique, Encryption, Artificial Intelligence, Machine Learning, Internet Of Things, Cloud Security & Virtualization & many more.<br /> <br /> (Source: RSA Conference USA 2018)</span></p><p></p><p></p><p></p><p><span><a href="http://www.cisoplatform.com/profiles/blogs/adventures-in-open-banking-understanding-oauth-and-openid-client" target="_blank"><img src="http://i68.tinypic.com/2jbp5wm.jpg?width=750" width="750" class="align-full" alt="2jbp5wm.jpg?width=750" /></a></span></p><p><span>1. <a href="http://www.cisoplatform.com/profiles/blogs/adventures-in-open-banking-understanding-oauth-and-openid-client" target="_blank">Adventures in Open Banking: Understanding OAuth and OpenID Client Ecosystems</a></span></p><p><span>Speaker: Pamela Dingle</span></p><p><span>What happens when you need to create an open API ecosystem with robust security requirements, in a short period of time, implemented by conservative entities and mandated across the entire EU? Enter the complex world of Open Banking. In this talk, Pam Dingle will unpack the thrills and chills of the standards profiles and security measures that form the OpenID Foundation’s UK Open Banking profile.</span></p><p><a href="http://www.cisoplatform.com/profiles/blogs/adventures-in-open-banking-understanding-oauth-and-openid-client" target="_blank">>>Go To Presentation</a></p><p></p><p></p><p></p><p><span><a href="http://www.cisoplatform.com/profiles/blogs/can-blockchain-enable-identity-management" target="_blank"><img src="http://i64.tinypic.com/vhx1zc.jpg?width=750" width="750" class="align-full" alt="vhx1zc.jpg?width=750" /></a></span></p><p><span>2. <a href="http://www.cisoplatform.com/profiles/blogs/can-blockchain-enable-identity-management" target="_blank">Can Blockchain Enable Identity Management?</a></span></p><p><span>Speakers: Kurt Lieber, Prakash Sundaresan</span></p><p><span>Blockchain continues to gain traction in the market place as a compelling solution for making identity and access management (IAM) more cost effective by harnessing the power of distributed members in order to “crowdsource” identity services. This session will review an attempt to prove this hypothesis through a proof-of-concept (POC) built for a not-for-profit healthcare consortium.</span></p><p><a href="http://www.cisoplatform.com/profiles/blogs/can-blockchain-enable-identity-management" target="_blank">>>Go To Presentation</a></p><p></p><p></p><p></p><p><a href="http://www.cisoplatform.com/profiles/blogs/fool-proof-protecting-digital-identity-in-the-age-of-the-data" target="_blank"><img src="http://i67.tinypic.com/10yjqzq.jpg?width=750" width="750" class="align-full" alt="10yjqzq.jpg?width=750" /></a></p><p><span>3. <a href="http://www.cisoplatform.com/profiles/blogs/fool-proof-protecting-digital-identity-in-the-age-of-the-data" target="_blank">Fool Proof: Protecting Digital Identity in the Age of the Data Breach</a></span></p><p><span>Speakers: Gregory Crabb, Paul Grassi</span></p><p><span>In the age of the data breach there are no more secrets. Name, address, date of birth and Social Security number have been the de facto identity attributes for years. But as this information has become more exposed it’s time for organizations to rethink identity proofing and take a more holistic approach to knowing who they are doing business with online.</span></p><p><a href="http://www.cisoplatform.com/profiles/blogs/fool-proof-protecting-digital-identity-in-the-age-of-the-data" target="_blank">>>Go To Presentation</a></p><p></p><p></p><p></p><p><a href="http://www.cisoplatform.com/profiles/blogs/identity-based-security-and-privacy-for-the-internet-of-things" target="_blank"><img src="http://i67.tinypic.com/11kcwtl.png?width=750" width="750" class="align-full" alt="11kcwtl.png?width=750" /></a></p><p><span>4. <a href="http://www.cisoplatform.com/profiles/blogs/identity-based-security-and-privacy-for-the-internet-of-things" target="_blank">Identity-Based Security and Privacy for the Internet of Things</a></span></p><p><span>Speaker: Robert Brown</span></p><p><span>The Internet of Things presents both a challenge and opportunity for identity management - a challenge because existing mechanisms for authentication & authorization must be extended and adapted for the particular constraints of devices (both legacy and new) and an opportunity because the devices that users more and more carry with them offer new abilities to enable a more seamless authentication experience for those users. Both of these aspects demand a consistent, cohesive and interoperable identity layer across IoT verticals, platforms, and protocols. Critically, we need an identity layer that acknowledges the full continuum of risk (and so appropriate security measures) that the IoT presents. Good security means knowing who entities (both device & user) are and what they should or should not be allowed to do. Good privacy requires that users will be able to control how their devices collect, store and share data. This talk will examine how existing & new tools (like OAuth, UMA, FIDO, and DLTs) may help meet these fundamental requirements for securing the IoT.</span></p><p><a href="http://www.cisoplatform.com/profiles/blogs/identity-based-security-and-privacy-for-the-internet-of-things" target="_blank">>>Go To Presentation</a></p><p></p><p></p><p></p><p><a href="http://www.cisoplatform.com/profiles/blogs/oauth-2-0-threat-landscapes" target="_blank"><img src="http://i66.tinypic.com/316kmlg.png?width=750" width="750" class="align-full" alt="316kmlg.png?width=750" /></a></p><p><span>5. <a href="http://www.cisoplatform.com/profiles/blogs/oauth-2-0-threat-landscapes" target="_blank">OAuth 2.0 Threat Landscapes</a></span></p><p><span>Speaker: Prabath Siriwardena</span></p><p><span>OAuth 2.0 is at the heart of OpenID Connect, Mobile Connect, UMA and many other popular standards. Understanding the threat landscapes in OAuth 2.0 is essential in building a secured identity infrastructure. This talk will guide you through multiple attacks that took place over last couple of years, their root causes and how to mitigate any future security exploits by following best practices.</span></p><p><a href="http://www.cisoplatform.com/profiles/blogs/oauth-2-0-threat-landscapes" target="_blank">>>Go To Presentation</a></p><p></p><p></p><p></p><p><a href="http://www.cisoplatform.com/profiles/blogs/passwords-and-fingerprints-and-faces-oh-my-comparing-old-and-new" target="_blank"><img src="http://i68.tinypic.com/2vi2drr.jpg?width=750" width="750" class="align-full" alt="2vi2drr.jpg?width=750" /></a></p><p><span>6. <a href="http://www.cisoplatform.com/profiles/blogs/passwords-and-fingerprints-and-faces-oh-my-comparing-old-and-new" target="_blank">Passwords and Fingerprints and Faces—Oh My! Comparing Old and New Authentication</a></span></p><p><span>Speaker: Jackson Shaw</span></p><p><span>People use more passwords today than ever before. But with the advent of Apple’s latest iPhone releases and its TouchID and FaceID technologies, we’ll begin to see a wider acceptance of some biometrics methods like fingerprint and facial scanning. This session will assess the security of these methods compared to the tried and true password.</span></p><p><a href="http://www.cisoplatform.com/profiles/blogs/passwords-and-fingerprints-and-faces-oh-my-comparing-old-and-new" target="_blank">>>Go To Presentation</a></p><p></p><p></p><p></p><p><a href="http://www.cisoplatform.com/profiles/blogs/risk-based-approach-to-deployment-of-omnichannel-biometrics-in" target="_blank"><img src="http://i65.tinypic.com/2rx72ad.jpg?width=750" width="750" class="align-full" alt="2rx72ad.jpg?width=750" /></a></p><p><span>7. <a href="http://www.cisoplatform.com/profiles/blogs/risk-based-approach-to-deployment-of-omnichannel-biometrics-in" target="_blank">Risk-Based Approach to Deployment of Omnichannel Biometrics in Sberbank</a></span></p><p><span>Speakers: Leyla Goncharenko, Anton Mitrofanov</span></p><p><span>This session will present a case study about the innovative approach that Sberbank has taken to implement biometrics in the bank with over 100M customers. Speakers will share best practices in designing an omnichannel user experience for customers, and how risk-based approach and machine learning helped them to build an intelligent system that is soft to legitimate users and hard to fraudsters.</span></p><p><a href="http://www.cisoplatform.com/profiles/blogs/risk-based-approach-to-deployment-of-omnichannel-biometrics-in" target="_blank">>>Go To Presentation</a></p><p></p><p></p><p><a href="https://goo.gl/GXFXoZ" target="_blank"><img src="http://i67.tinypic.com/1445we9.png?width=750" width="750" class="align-full" alt="1445we9.png?width=750" /></a></p><p><a href="https://goo.gl/GXFXoZ" target="_blank"><span style="font-size:18pt;">Your Complete Guide To Top Talks @RSA Conference 2018 (USA)</span></a></p><p>Get your FREE Guide on Top Talks @ RSA Conference 2018 (USA) . Our editorial team has gone through all the talks and handpicked the best of the best talks at RSA Conference into a single guide. Get your Free copy today.</p><p><span style="font-size:14pt;"><a href="https://goo.gl/GXFXoZ" target="_blank">>>Click Here To Get Your FREE Guide</a></span></p><p> </p><p> </p></div>