This post is to recommend you a new white paper by Hitachi: “Best Practices for Identity Management Projects”.
The paper presents some best practices related to project management topics useful deploying and operating an identity management infrastructure.
In every identity management solution there is one identity management system and one or more managed systems, also known as target or resource systems.
Identity synchronization is the task of synchronize identity data across a wide range of heterogeneous applications, directories, databases, and other data stores that are connected to the identity management system in order to capitalize its provisioning capabilities and, inherently, all the benefit that the identity management systems brings.
So, we can say that the main duties of identity synchronization is to keep synchronized and aligned identity data stored across different systems.
There are many identity management products and solutions on the market that supply functionalities such as provisioning, SSO, authorization, authentication, auditing, data consolidation, and so on. This is where identity management solution providers are concentrating most of their efforts in the last years.
As exposed by Joe Pato et al. in “On Adaptive Identity Management: The Next Generation of Identity Management Technologies”, this landscape must change.
Googling around on the web looking for some white papers on identity and access management architectures and guide lines, I’ve found this interesting video provided by TechTarget in their “How to build an identity and access management architecture” series.
In this speech, Richard Mackey explores the essentials of identity and access management, from the definition of digital identity to the most common identity and access management architectural issues.
This video explores different aspects about identity within organizations and covers topics such as access management fundamentals, centralized and de-centralized identity management models, and best practices for integrating commercial products.
To be honest that’s a basic introduction to this complex world but, despite that, it’s very well organized and exposed, and offers some challenging food for thought and tips on some interesting web resources to which refer.
Autore: Costabile Gerardo
Editore: Experta
Data di Pubblicazione: 2008
Collana: Azienda e professioni
ISBN: 8860211409
ISBN-13: 9788860211408
Pagine: XVII-320
Dopo una sintetica presentazione della funzione di Information Security Governance, il volume illustra quelle che sono le principali linee guida da seguire nella stesura e nell’aggiornamento di policy, standard e procedure in materia di sicurezza delle informazioni, nonché quelle necessarie per la verifica della loro corretta applicazione e l’individuazione delle relative contromisure.
Il volume affronta poi, nell’ordine, i seguenti argomenti:
- Analisi dei rischi e informazioni
- Le corporate information security policy
- Sicurezza e management dei database aziendali
- Classificazione e tutela delle informazioni aziendali classificate
- Identity management
- Distruzione delle informazioni
- Backup dei dati
- Accessi in mobilità ai servizi aziendali
- La videosorveglianza in azienda
- Sicurezza e biometria in azienda
- Virus e antivirus in azienda
- Sicurezza fisica e logica dei sistemi IT nelle sale server
- La sicurezza della rete TLC aziendale
- Norme per il corretto utilizzo delle risorse informative aziendali da parte dei dipendenti e controlli difensivi
- Internet e posta elettronica in azienda
- Monitoraggio delle policy aziendali: case study sulle cartelle condivise e sui sistemi antivirus aziendali
- Alcuni standard e certificazioni di sicurezza BS 7799, ISO 27001 e PCI/DSS.
Personalmente ho trovato in questo libro un buon punto di partenza per affrontare la tematica dell’information security da una nuova prospettiva. Molto utili in particolare il capitolo su Internet e posta elettronica, con l’approfondimento sul rapporto tra privacy dei lavoratori e necessità dell’azienda, e la parte finale del volume in cui vengono riportate tutte le norme, gli standard e le best practice a cui fare riferimento in ambito information security e privacy.