Employee information security awareness training for new IAM systems
Our enterprise recently implemented LDAP in concert with SiteMinder technology. I need to get employees up to speed on the new system as quickly as possible. How do you recommend doing this?
As with any new security initiative, it's important that the user community understand not only how to use the new systems and technologies, but also why they've been implemented. Often, the most cost-effective way to do this is by using a third party specializing in training, specifically information security training, if possible. A good training company will offer several training options, including Web-based and in person. The company should also be able to customize the modules for different user populations and departments in your enterprise, track participation, and be globally positioned if needed.A couple of the possible options available include SafeLight Security Advisors
Inc. or Vigilar
Because implementing a Web access control product like SiteMinder often means fewer privileges, not more, you should also make sure that the helpdesk is aware of this change and there are clearly documented processes for users requesting access to intranet sites. You may be able to create dynamic roles based on LDAP attributes, but you should be prepared for the eventuality of users losing access to an online resource needed for their work. If he or she is aware and well-trained on how the system works, the resource owner should be able to work with the SiteMinder administrators to implement the proper controls in a timely manner.
For more information:
This was first published in January 2009