130 likes | 398 Views
Security Insights: Identity Theft & Management . The Identity Theft Problem. What is Identity Theft? Dumpster diving Low tech Phishing/Pharming Targets individual users (albeit in mass) Theft of PII data from companies Accounts for 70% of Identity Theft
E N D
The Identity Theft Problem • What is Identity Theft? • Dumpster diving • Low tech • Phishing/Pharming • Targets individual users (albeit in mass) • Theft of PII data from companies • Accounts for 70% of Identity Theft • 60% of Identity Thieves do not work alone • We are engaging in business practices which make things worse • Outsourcing millions of jobs to other countries • Increasingly mobile more business conducted electronically
What can you do? • If you are a consumer • Evaluate IE7, XP SP2, Defender, MSN Anti-Phishing Filter • If you are a organization • Get your Identity and Access Management House in order • More on that shortly…
The Unifying Identity Metasystem • At the RSA Conference 2006 Bill Gates outlined Microsoft’s vision for the Unifying Identity Metasystem • Built upon industry agreed Rules of Identity • Allows for user centric control of identity information • Standards based on WS-* protocols • Allows for federated use of Identities from various sources: • Personal, Credit Card, Citizen, Professional • Industry co-operation is making this happen
Identity and Access Capabilities Information Protection Process Automation Access Control Auditing Single Sign-on Directory Service Federated Identity Strong Credentials Windows Server Identity and Access Services Metadirectory Services Rights Mgmt Services Certificate Services Domain and Directory Services Security Token Service* Federation Services Unified Architecture, Policy Model, and Management Infrastructure for Identity & Access
Notes MIIS Oracle Microsoft Identity Integration Services Strategy • Get to critical mass of provisioning features • Fully integrated workflow and audit • Make MIIS the engine of identity and access management and compliance • Workflow, audit to model compliance controls • Build on Metadirectory technical strength in convergence and enforcement • Integrate these capabilities with our broader connected systems platform Sun One SQL
Change User • Promotions • Transfers • Entitlement Changes Reporting • Compliance • Audit • Security New User • User ID Creation • Credential Issuance • Entitlements Identity Lifecycle Self-Service • Password Kiosk • New Entitlements Retire User • Delete Accounts • Remove Entitlements Help Desk • “Lost” Credentials • Password Reset • New Entitlements
Rights Management Services Metadirectory Services Federation Services Directory Services Domain Services Active Directory Certificate Services Connected • Integrated • Refined • Unified
Get Your Identity and Access Management House in Order • Talk to us on the stand • Vista IE7, Defender, Anti-Phishing demos • Read the Microsoft Identity and Access Management Series • http://www.microsoft.com/technet/security • Download MIIS 2003 Eval.: www.microsoft.com/miis
More Security Insights – Coming Up • 11:15 Secure Messaging • 11:45 Identity Theft • 12:15 How Microsoft Secures IT • 12:45 User Security • 13:15 Secure Messaging • 13:45 Spyware • 14:15 Identity Theft • 14:45 How Microsoft Secures IT • 15:15 User Security • 15:45 Spyware
www.microsoft.com/uk/security www.microsoft.com/uk/technet © 2006 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only.MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS SUMMARY.
Identity & Access Platform User Experience Logon & credentials Self-service Developer Experience Directory APIs Access APIs Integration APIs IT Pro Experience Management Delegated admin Identity and Access Platform Integration Services Process automation Process control Directory Services Distributed publication Access Services Authentication Authorization Audit Credential Management Connectors Integration with non-Windows integrated applications and systems
What is Identity? • A set of claims that characterize a person or thing in the digital world. • A Claim is a statement made about someone/something by someone/something. • Claims are packaged in Security Tokens.