Table Of Content

Identity and Access Management This pageintentionallyleftblank Identity and Access Management Business Performance Through Connected Intelligence Ertem Osmanoglu AMSTERDAM(cid:1)BOSTON(cid:1)HEIDELBERG(cid:1)LONDON NEWYORK(cid:1)OXFORD(cid:1)PARIS(cid:1)SANDIEGO SANFRANCISCO(cid:1)SINGAPORE(cid:1)SYDNEY(cid:1)TOKYO SyngressisanimprintofElsevier Publisher:StevenElliot EditorialProjectManager:BenjaminRearick ProjectManager:MalathiSamayan Designer:MarkRogers SyngressisanimprintofElsevier 225WymanStreet,Waltham,MA02451,USA Copyrightr2014Ernst&Young,LLP.PublishedbyElsevierInc.Allrightsreserved Nopartofthispublicationmaybereproducedortransmittedinanyformorbyanymeans,electronic ormechanical,includingphotocopying,recording,oranyinformationstorageandretrievalsystem,without permissioninwritingfromthepublisher.Detailsonhowtoseekpermission,furtherinformationaboutthe Publisher’spermissionspoliciesandourarrangementswithorganizationssuchastheCopyrightClearance CenterandtheCopyrightLicensingAgency,canbefoundatourwebsite:www.elsevier.com/permissions. ThisbookandtheindividualcontributionscontainedinitareprotectedundercopyrightbythePublisher (otherthanasmaybenotedherein). Notices Knowledgeandbestpracticeinthisfieldareconstantlychanging.Asnewresearchandexperiencebroaden ourunderstanding,changesinresearchmethodsorprofessionalpractices,maybecomenecessary.Practitionersand researchersmustalwaysrelyontheirownexperienceandknowledgeinevaluatingandusinganyinformationor methodsdescribedherein.Inusingsuchinformationormethodstheyshouldbemindfuloftheirownsafetyandthe safetyofothers,includingpartiesforwhomtheyhaveaprofessionalresponsibility. Tothefullestextentofthelaw,neitherthePublishernortheauthors,contributors,oreditors,assumeanyliability foranyinjuryand/ordamagetopersonsorpropertyasamatterofproductsliability,negligenceorotherwise,orfrom anyuseoroperationofanymethods,products,instructions,orideascontainedinthematerialherein. LibraryofCongressCataloging-in-PublicationData Osmanoglu,Ertem. IdentityandAccessManagement:BusinessPerformanceThroughConnectedIntelligence/ErtemOsmanoglu. pagescm. Includesbibliographicalreferencesandindex. ISBN978-0-12-408140-6(pbk.) 1.Computersecurity.2.Computers(cid:1)Accesscontrol.3.Computernetworks(cid:1)Securitymeasures.4.False personation(cid:1)Prevention.I.Title. QA76.9.A25O782013 005.8(cid:1)dc23 2013036149 BritishLibraryCataloguing-in-PublicationData AcataloguerecordforthisbookisavailablefromtheBritishLibrary ForinformationonallSyngresspublications, visitourwebsiteatstore.elsevier.com/Syngress ISBN:978-0-12-408140-6 PrintedandboundintheUnitedStatesofAmerica 14 15 16 13 12 11 10 9 8 7 6 5 4 3 2 1 Contents FOREWORD................................................................................................xiii PREFACE.....................................................................................................xv INTRODUCTION.......................................................................................xvii ACKNOWLEDGMENTS...........................................................................xxiii AUTHOR AND EDITOR BIOGRAPHIES.................................................xxv Section 1 Business Case and Current State CHAPTER 1 Business Requirementsand Business Case Development.........................................................................3 Introduction.....................................................................................3 AnIAMBusinessCase:WhatIsIt,Exactly?WhyIs ItImportant?....................................................................................4 TypesofBusinessCasesforIAM.................................................5 TheRiskandComplianceBusinessCase................................5 TheOperationalEffectivenessorCostSavings DrivenBusinessCase.................................................................6 TheBusinessEnablementDrivenBusinessCase..................7 AStrategicApproachtoDevelopinganIAMBusinessCase......7 Identify,Analyze,andEngageKeyStakeholders...................8 UnderstandDecision-MakingProcessandRoles.................11 ReexamineIAMScope,Requirements,andDefine ProgramObjectives.................................................................11 DevelopAlternativeIAMSolutions.......................................12 IAMStrategyandVision.........................................................12 AnalyzeAlternativesandSelect“ToBe”State...................13 BaselineCurrentCapabilitiesandCosts..............................13 DevelopRiskMitigationStrategy..........................................15 DetailBusinessCaseJustification:CostsandBenefits.....17 DevelopandDescribeHigh-LevelRoadmap........................17 DocumenttheCompellingBusinessCaseReport...............17 v vi Contents Summary........................................................................................19 AppendixA SampleTableofContentsforRequirements......19 AppendixB SampleRequirementsDocument.........................19 CHAPTER 2 IAM Framework,Key Principlesand Definitions...........47 IAMDefined..................................................................................47 IAMFramework............................................................................49 Governance...............................................................................50 IdentityandCredential...........................................................50 Access.......................................................................................51 AuthoritativeSources..............................................................52 AdministrationandIntelligence............................................54 CHAPTER 3 CurrentState andCapability Maturity............................55 IAMCapabilityMaturityFramework.........................................61 Governance...............................................................................61 IdentityandCredential...........................................................65 Access.......................................................................................77 AuthoritativeSources..............................................................79 AdministrationandIntelligence............................................84 SampleWork-ProductsandArtifacts..........................................88 AppendixA SampleCurrentStateAssessmentReport..........89 AppendixB SampleMaturityAssessment—SummaryView..113 CHAPTER 4 Common Challenges and Key Considerations.............117 Theme1 Governance.................................................................117 Theme2 ProgramDelivery.......................................................121 Theme3 SustainCompliance...................................................121 Theme4 IdentityLifecycle........................................................121 Theme5 ControlAccess...........................................................125 Theme6 Operations..................................................................125 Conclusion...................................................................................134 CHAPTER 5 Case Study: Access Reviews.........................................135 Section 2 Future State and Roadmap CHAPTER 6 Future State Definition....................................................141 Introduction.................................................................................141 StagesofIAMFutureStateDefinition.....................................142 FutureStateVisionandGuidingPrinciples.......................142 FutureStateConceptualDesign..........................................146 FutureStateDetailedDesign...............................................148 Conclusion...................................................................................164 Contents vii CHAPTER 7 IAM Roadmapand Strategy...........................................165 DevelopinganIAMRoadmap....................................................165 KeyComponentsofanIAMRoadmap.....................................166 Conclusion...................................................................................175 CHAPTER 8 Identity and Access Intelligence: ARisk-Based Approach...........................................................................177 ARisk-BasedApproachtoIAM................................................177 PeerGroupandOutlierAnalysis..............................................181 SortingMethod.......................................................................182 RegressionMethods..............................................................183 Request/ApprovalandProvisioning Considerations.......................................................................186 ReviewandCertificationConsiderations...........................186 RoleAnalysis...............................................................................187 ResourceAllocationandAnalysis............................................188 AccountandSystemUsageAnalysis..................................189 RiskandFraudSystemsIntegration........................................190 Conclusion...................................................................................191 CHAPTER 9 Enabling Business ThroughCloud-BasedIAM............193 Introduction.................................................................................193 IAMCloudDeploymentModels................................................194 IAMCloudServiceModels........................................................197 IAMCloudSecurityandRiskManagement............................200 Conclusion...................................................................................202 CHAPTER 10 Case Study: Future State—Finding aWay Outof the Labyrinth........................................................203 Section 3 Implementation CHAPTER 11 ImplementationMethodologyand Approach...............211 ImplementationMethods...........................................................211 PlanandDiagnose.................................................................214 DefineandDesign.................................................................218 DevelopandDeliver..............................................................219 AdoptandSustain.................................................................226 Conclusion...................................................................................227 Chapter11Appendix1—IAMImplementationToolkit.........227 Chapter11Appendix1.1 IAMImplementation—Sample ProjectCharter.......................................................................227 viii Contents Chapter11Appendix1.2 IAMImplementation—Sample ProjectPlan.............................................................................248 Chapter11Appendix1.3 IAMImplementation—Sample ImplementationGuide...........................................................249 Chapter11Appendix1.4 IAMImplementation—Sample RunBook.................................................................................308 Chapter11Appendix1.5 IAMImplementation—Sample CommunicationsGovernance..............................................365 Chapter11Appendix1.6 IAMImplementation—Sample IssueTrackingLog................................................................379 Chapter11Appendix1.7 IAMImplementation—Sample WorkstreamStatusTemplate...............................................383 Chapter11Appendix1.8 IAMImplementation—Sample InterviewTracker..................................................................385 Chapter11Appendix1.9 IAMImplementation—Sample MeetingNotesTemplate......................................................388 CHAPTER 12 Access Request, Approval, andProvisioning...............391 SystemOverviewandKeyComponents..................................393 RequestSystem......................................................................394 WorkflowSystem...................................................................396 ProvisioningSystem..............................................................398 HRSystem...............................................................................400 IAMDataManagement..............................................................401 Conclusion...................................................................................402 CHAPTER 13 Enforcement......................................................................405 Introduction.................................................................................405 Authentication.............................................................................405 Single-FactorAuthentication................................................407 MultifactorAuthentication...................................................408 AuthenticationImplementationApproaches..........................412 Risk-BasedAdaptiveAuthentication..................................413 SSOSystems...........................................................................415 DirectoryServices..................................................................417 CentralizedVersusDecentralizedAuthentication............418 FederatedIAM.......................................................................419 Authorization...............................................................................423 InitialStageApplicationArchitectures...............................423 CentralizedAuthenticationandCoarse-Grained Authorization..........................................................................425 CentralAuthenticationandFine-GrainedAuthorization.429 ChoosinganApplicationAuthorizationArchitecture.......430 LoggingandMonitoring............................................................433 Conclusion...................................................................................434 Contents ix CHAPTER 14 Access Reviewand Certification...................................437 BenefitsandObjectives.............................................................438 AccessReviewandCertificationProcesses............................438 AccessReviewandCertificationScopeandApproach....438 CommunicatingwithStakeholdersandParticipants........453 CollectingandManagingData.............................................453 ExecutingtheAccessReviewandCertificationProcess.455 ExecutingAccessRemediation............................................457 MonitoringandClosingOut.................................................458 Conclusion...................................................................................458 CHAPTER 15 Privileged Access Management.....................................461 UnderstandingPrivilegedAccess.............................................461 KeyBusinessDrivers..................................................................462 MaliciousUseofPrivilegedAccess.....................................463 PrivilegedAccessManagementProgram................................464 TechnicalEnablersforPrivilegedAccessManagement...467 PasswordVaultingSolutions................................................467 PrivilegeEscalation...............................................................468 PrivilegedAccessLife-CycleManagement........................470 EnforcementThroughAuthenticationandDirectory Services...................................................................................471 Conclusion...................................................................................477 CHAPTER 16 Roles andRules................................................................479 ABriefHistoryofAccessControlModels..........................483 RBACKeyConcepts..............................................................488 RulesandEnforcement..............................................................492 TheRBACModelandtheAccessManagement LifeCycle.....................................................................................498 EnterpriseRoles.....................................................................498 FunctionalRoles.....................................................................501 ITRoles...................................................................................502 ApplingtheRBACModel......................................................503 RBACImplementationConsiderations....................................505 RBACApproachandMethodology......................................505 Planning..................................................................................505 RiskRanking...........................................................................510 RoleAnalysis/RoleMining....................................................510 RoleDefinitionReporting......................................................511 OngoingRoleManagement..................................................512

Description:
Identity and Access Management: Business Performance Through Connected Intelligence provides you with a practical, in-depth walkthrough of how to plan, assess, design, and deploy IAM solutions. This book breaks down IAM into manageable components to ease systemwide implementation. The hands-on, end-
ebook img

Identity and Access Management: Business Performance Through Connected Intelligence PDF

649 Pages·2013·165.7 MB·English
by  Ertem Osmanoglu
Download
Upgrade Premium
Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.

Download Identity and Access Management: Business Performance Through Connected Intelligence PDF Free - Full Version

by Ertem Osmanoglu| 2013| 649 pages| 165.7| English

Download Identity and Access Management: Business Performance Through Connected Intelligence by Ertem Osmanoglu in PDF format completely FREE. No registration required, no payment needed. Get instant access to this valuable resource on PDFdrive.to!

Free Download PDF

About Identity and Access Management: Business Performance Through Connected Intelligence

Identity and Access Management: Business Performance Through Connected Intelligence provides you with a practical, in-depth walkthrough of how to plan, assess, design, and deploy IAM solutions. This book breaks down IAM into manageable components to ease systemwide implementation. The hands-on, end-

Detailed Information

Author:Ertem Osmanoglu
Publication Year:2013
Pages:649
Language:English
File Size:165.7
Format:PDF
Price:FREE
Download Free PDF

Safe & Secure Download - No registration required

Why Choose PDFdrive for Your Free Identity and Access Management: Business Performance Through Connected Intelligence Download?

  • 100% Free: No hidden fees or subscriptions required for one book every day.
  • No Registration: Immediate access is available without creating accounts for one book every day.
  • Safe and Secure: Clean downloads without malware or viruses
  • Multiple Formats: PDF, MOBI, Mpub,... optimized for all devices
  • Educational Resource: Supporting knowledge sharing and learning

Free Books Similar to Identity and Access Management: Business Performance Through Connected Intelligence

Frequently Asked Questions

Is it really free to download Identity and Access Management: Business Performance Through Connected Intelligence PDF?

Yes, on https://PDFdrive.to you can download Identity and Access Management: Business Performance Through Connected Intelligence by Ertem Osmanoglu completely free. We don't require any payment, subscription, or registration to access this PDF file. For 3 books every day.

How can I read Identity and Access Management: Business Performance Through Connected Intelligence on my mobile device?

After downloading Identity and Access Management: Business Performance Through Connected Intelligence PDF, you can open it with any PDF reader app on your phone or tablet. We recommend using Adobe Acrobat Reader, Apple Books, or Google Play Books for the best reading experience.

Is this the full version of Identity and Access Management: Business Performance Through Connected Intelligence?

Yes, this is the complete PDF version of Identity and Access Management: Business Performance Through Connected Intelligence by Ertem Osmanoglu. You will be able to read the entire content as in the printed version without missing any pages.

Is it legal to download Identity and Access Management: Business Performance Through Connected Intelligence PDF for free?

https://PDFdrive.to provides links to free educational resources available online. We do not store any files on our servers. Please be aware of copyright laws in your country before downloading.

The materials shared are intended for research, educational, and personal use in accordance with fair use principles.

Upgrade Premium
Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.
We use cookies

We use cookies to ensure you get the best browsing experience on our website. By clicking "Accept Cookies", you agree that we can store cookies on your device in accordance with our Terms and Privacy.

DMCA & Copyright: Dear all, most of the website is community built, users are uploading hundred of books everyday, which makes really hard for us to identify copyrighted material, please contact us if you want any material removed.
Copyright @ PDFdrive.to, 2022 | We love our users