1 / 23

Identity and Access Management

Identity and Access Management. The Risk Environment. Enterprise Risk Management.

oriana
Download Presentation

Identity and Access Management

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Identity and Access Management The Risk Environment

  2. Enterprise Risk Management The University is assessing risk in several categories, including strategic, financial, compliance-related and operational. "Our goal is to create a risk-aware culture, permitting the University to identify and make plans to avoid material impact on finances and operations, while encouraging the acceptance of manageable risks. Effective risk management is a proactive endeavor that helps to ensure that the University has an approach to risk that is well-defined, consistently applied and continually improved." Penn State Live 11/15/07

  3. Risk in IAM • External Forces • Limited control on our part • Penalties are imposed by others • PCI DSS, HIPAA, FERPA, DOD rules, etc. • Internal Behaviors • Theoretically controllable • Service or application development • Paradigm shift to integrate risk awareness

  4. Everything has some risk

  5. Manage Risk

  6. Be Really Careful

  7. IAM Protects the Door

  8. What’s on the other side?

  9. Knock, Knock Who’s there? Dude, it’s the Police!

  10. The Police

  11. Who’s home?

  12. Home Alone?

  13. A well defensed location?

  14. Credentials are good

  15. Credentials, fake and real State College Passport Retinal Scan Bill’s New Job

  16. Data owner questions • What information exists? • How must it be protected? • Who can see it? • Can the identity be trusted? • How confident must the data owner be? • How can exposure be limited?

  17. Security as part of risk management • Physical access • Electronic access • System vulnerabilities • Application vulnerabilities • Hardware vulnerabilities

  18. Risk Tolerance

  19. Risk Mitigation Risk mitigation line Primary line

  20. What kind of risk for you? • Server Room • Physical access? • Electronic access? • Forensic source of evidence? • Identity management?

  21. Relative Risk • Health Insurance Portability and Accountability Act (HIPAA) • Family Educational Rights and Privacy Act (FERPA) • Payment Card Industry Data Security Standard (PCI DSS) Risk of Harm Open Access Poor Service Enhanced Service

  22. Enterprise Risk Management The University is assessing risk in several categories, including strategic, financial, compliance-related and operational. "Our goal is to create a risk-aware culture, permitting the University to identify and make plans to avoid material impact on finances and operations, while encouraging the acceptance of manageable risks. Effective risk management is a proactive endeavor that helps to ensure that the University has an approach to risk that is well-defined, consistently applied and continually improved." Penn State Live 11/15/07

More Related