120 likes | 226 Views
Office of the Chief Technology Officer Citywide IT Security (CWITS). State of Maryland Digital Government Summit. Identity Management June 25, 2004. AGENDA. Security Architecture Principles What is an Identity? n-Factor Authentication Identity Management Convergence
E N D
Office of the Chief Technology Officer Citywide IT Security (CWITS) State of Maryland Digital Government Summit Identity Management June 25, 2004
AGENDA • Security Architecture Principles • What is an Identity? • n-Factor Authentication • Identity Management Convergence • What is Identity Management? • Effective Identity Management Program • Points of Contact • Questions & Answers 1
Authentication Auditing Authorization Availability Confidentiality/ Privacy Non-repudiation Integrity Identification Security Architecture Principals 1
What is an Identity? Identity - Is the fundamental concept of uniquely identifying an object (person, computer, application, service, etc.) as contained within an boundary (department, banking account, etc.). Digital Identity - The ability to assign a computerized identifier with or to a person, computer, component, or service. It is critical to determine the items of information required to collect. Digital Identity Lifecycle – Creation, Maintenance, and Removal/Destruction of Identity Information. 1
Driver License Number Date of Birth Social Security Number Patient Account Number Employee Number Mother’s Name (Maiden) Job Title Identity Information Business Address Purchasing Authority Name Credit Card Home Address HIPAA - Protect Health Information (PHI) very critical data!
N-Factor Authentication Methods(Use of Identity Information) Something that you HAVE (Token, Smart Card). Something that you ARE (Biometrics). Something that you NEED (Joint Signatures). Something that you KNOW (Password, PIN) Someplace where you are located (Computer, SITE). HANKS 1
Identity Challenges • Identity Theft • Disclosure of Identity Information • Multiple Identity Islands • Mismanagement of Identity during Lifecycle 1
Identity Management Convergence Business Requirements Information Technology Success
Identity Management What is Identity Management? Access Management Rights Management Permission Management Directory Services Management Policy Management User/System Account Management Provisioning Management Password Management Certificate Management
Effective Identity Management Program The 4 P’s Policies People/Organization Processes/ Procedures Products/ Technologies 1
CWITS : Contact Information Terrence Lillard, CWITS Associate Director Terrence.Lillard@dc.gov (202) 727-8796 1
Questions Answers 1