Access control management strategy essentials

BROWSE BY TAG Identity Management and Access Control,   Web Authentication and Access Control,   Enterprise Identity and Access Management,   Expert Archive: Identity Management and Access Control,   Information Security Management,   Business Management: Security Support and Executive Communications,   VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Identity Management and Access Control Is Identity Management as a Service (IDaaS) a good idea? How to log in to multiple servers with federated single sign-on (SSO) How to confirm the receipt of an email with security protocols Learn about enterprise strategy for server virtualization single sign-on Employee information security awareness training for new IAM systems Can you combine RFID tag technology with GPS to track stolen goods? Is there a free enterprise-caliber password-management tool? Cryptosystem attacks that do not involve obtaining the decryption key Can any firm or organization get a digital signature certificate? Should the CTO have domain administrator access? Web Authentication and Access Control Group to shed light on secure identity management threats How to confirm the receipt of an email with security protocols Schneier-Ranum Face-Off: Is Perfect Access Control Possible? Kaminsky reveals key flaws in X.509 SSL certificates at Black Hat Changing times for identity management How to use single sign-on for Web access control to prevent malware IBM USB banking device stops keyloggers, malware Can mutual authentication beat phishing or man-in-the-middle attacks? Could someone place a rootkit on an internal network through a router? Sun launches open source OpenSSO for identity management Expert Archive: Identity Management and Access Control Enterprise password management policy: Finding the balance How to conduct a periodic user access review for account privileges Options for a mechanical door security system on a server room door Comparing access control mechanisms and identity management techniques User provisioning and SSO for PeopleSoft- and Unix-based products Could someone place a rootkit on an internal network through a router? Should a new user have to confirm an email address to gain access? Can home PCs provide a way for viruses and spyware to enter a corporate LAN? What should an enterprise look for in a password token and a vendor? Using batch files for temporary user access to the local admin group

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary access log  (SearchSecurity.com) anonymous Web surfing  (SearchSecurity.com) authentication, authorization, and accounting  (SearchSecurity.com) identity chaos  (SearchSecurity.com) knowledge-based authentication  (SearchSecurity.com) multifactor authentication (MFA)  (SearchSecurity.com) walled garden  (SearchSecurity.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary

Without knowing details about your organization and its needs, it's tough to answer your question specifically. But, generally speaking, there are some common components that any access management control strategy should have. They include:

A thorough analysis of your user base. How many users do you have? How are they segmented? Are they segmented by department or function? And, finally, what are their access needs?

An analysis of your technical infrastructure. Are you a Windows shop running .NET or a Unix shop running Java? This will make a difference in the selection of an access management system. Both management and the non-technical executives will be more interested in something that's compatible with your current IT plumbing rather than something that needs to be fitted to another platform.

An identity and access management control strategy that is functional and cost-effective. Executive management isn't interested in fancy technology, or how cool it is. They're interested in cold hard cash and want to make sure that your security implementations won't trash the bottom line in next year's budget.

Besides compatibility with your existing systems, a cost analysis of the proposed strategy needs to be done. These days, everybody's favorite phrase is "return on investment," or ROI. Access management plans, like most information security projects, do not generate direct revenue, making it difficult to measure the success of a given security program.

Finally, a good way to please your executives is to produce figures that show how the system might save the company money. For example, if you can document the potential decrease of help desk calls under a new access management system, you could demonstrate a hard dollar figure for cost savings. The most frequent calls to help desks are for password resets, and that's a number that can be quantified based on the cost of your help desk employees and the time they take to handle password issues.

More information: