Identity & Access Management

Get in control: IT Governance, people, permission and technical challenges.

More Info
expand_more

Abstract

Identity and Access Management (IAM) is about managing “Who has permission to do what on which data and why?” at technical and process level. This is a very complex problem for organizations, because of heterogeneous technology and complex processes. Together with the continuous change in organizations, managing “Who has permission to do what on which data and why?” is a real challenge. (For example: change of working processes, change of people, change of jobs, change of information systems or change of the organization when merging with other organizations.) Current insights, based on practical experience, reflect that IAM is 20% about technology and 80% about processes and IT Governance. In general IT governance literature and frameworks, IAM is only a small topic. IAM specific literature is often only about technology, of course with a few exceptions. One may conclude a gap exists between IAM technology and IT governance literature/frameworks. In short, this research will try to: “Close the gap between IAM technology and general security or IT governance frameworks.” This knowledge will enable organizations to establish IAM more efficiently, without having to go through every known pitfall. The research is performed in 7 chronological steps: 1. Using the results of the literature study on COBIT as guidance in practical applications. (Chapter 2.) 2. Setting the research environment and boundary by a general introduction to the term Identity and Access Management as it will be used in this research. (Chapter 3.) 3. Developing insight in why organizations want to implement an IAM process and how IAM will be used to their benefit. (Chapter 4.) 4. Creating a generic IAM process model based on the literature study, former chapters and practical experience. (Chapter 5.) 5. Business Case: an assignment to implement an IAM process in a large organization. The process model is used as a starting point for this assignment. (Chapter 6 to 12.) 6. Compare theory to practical experiences gained in the business case. (Chapter 13.) 7. Ideas for further research (Chapter 14.)