cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
MichelC
Newcomer I

IAM Concept

Hi,

 

We are currently looking for informations about IAM.

What does ISC2 say about IAM concept and what relevant is (main points to integrate, ...)

 

Thanks

Regards

Michel

 

5 Replies
CraginS
Defender I


@MichelC wrote:

Hi,

We are currently looking for informations about IAM.

What does ISC2 say about IAM concept and what relevant is (main points to integrate, ...)

...


Michael,

The community will be able to give you much better feedback if you clarify what you mean by "IAM Concept," and also describe the research you have done so far on the topic. More specific questions that you would like answered would also help.

Are you referring to Identity & Access Management, NSA's Infosec Assessment Methodology  courses and certification, or something else?

 

Craig

 

 

D. Cragin Shelton, DSc
Dr.Cragin@iCloud.com
My Blog
My LinkeDin Profile
My Community Posts
MichelC
Newcomer I

Hi Craig

Thanks for your answer.
Yes, I am referring to Identity & Access Management

In CISSP, we can find the following chapter:
- Control physical and logical access to assets
- Manage identification and authentication of people, devices, and services
- Federated identity with a third-party service
- Implement and manage authorization mechanisms
- Manage the identity and access provisioning lifecycle
- Implement authentication systems

I've also found these informations:

Identity and Access Management (IAM) is the set of business processes, information and technology for managing and using digital identities. IAM includes the people, processes, and technology required to provide secure and auditable access to systems and applications. The operational improvements and benefits delivered by IAM will help advance each of these core business drivers:

- Business Improvement
- Risk Mitigation
- Core IAM service areas for CISSP: Identity Administration, Access Certification, RBAC, Access Management , Password Management , Privileged User Management , Identity and Access Management Governance
- IAM Organizational Functions
- Provisioning

Do you see other points that belong in an IAM concept?

Thanks in advance
Regards
Michel
CraginS
Defender I


@MichelC wrote:
...
Do you see other points that belong in an IAM concept?
..

Michael,

There are subtleties in your syntax that make me think English is not your first language. I say this because IAM is not really a concept, rather it is simply a category or grouping of related concerns in managing access control. That said, good job that you are studying and actively thinking about the field. You will find a more common acronym for the area is IDAM , IDntity and Access Management, to distinguish from other meanings of IAM. Related, in any conversation it is wise to explain every acronym in full on first use.

 

Now, are you simply looking for more sub topics to make sure you study sufficiently? or are oy interested in diving into the topic more deeply for your own career?

As for a high view of IDAM, think about how do you know who an entity (human, computer, or company) is, and how can you verify tha identity? How do you decide who cn access what information? How can you protect the access and be sure only the right entities get to teh information?

ALl tha tleads to a variety of topics, including encryption, Public Keys, multi-factor identification, access control lists, and more.

 

Keep diving in and asking more refined questions as they occur to you.

 

Craig

 

 

D. Cragin Shelton, DSc
Dr.Cragin@iCloud.com
My Blog
My LinkeDin Profile
My Community Posts
MichelC
Newcomer I

Hi Craig

Thanks for your answer and sorry for my poor english.

I am in the process of developing an IdAM/IAM concept for the company I work for and I thought I could find here the main sub-topics I need to address.

Regards

Michel

CraginS
Defender I


@MichelC wrote:

Hi Craig

Thanks for your answer and sorry for my poor english.

I am in the process of developing an IdAM/IAM concept for the company I work for and I thought I could find here the main sub-topics I need to address.

Regards

Michel


MIchael,

Please, never apologize for your use of  second language; you owe no one an apology for being more capable than they are. I, like so many Americans, get by with only English, because we can. I envy those who grew up in cultures where a learning started in the formative years and are now multi-lingual.

  As for your task at work, we now have a better idea of your challenge. Reading your original post, I thought you were studying for an exam. Now our community can suggest some questions to ask and suggest ares of concern. I'll start.

 

Suggestion: have your physical security specialists work hand in hand with your information system teams to address physical spaces needing access control in addition to information systems needing access control. Think in terms of an integrated process for identifying and verifying humans for facility access and system access. Depending on the scope, you may or may not find it reasonable cost for a single ID system technology, but in any event you will need an integrated record system for the people on the list.

Have you listed the categories of entities that need to have verified identities? Remember to include corporations and computer systems, not just humans?

Have you classified your information types and collections so you can adequately control access without over-taxing systems and people?

 

There is more to consider, but I suggest you begin your list and look for more input here.

 

Good luck!

 

Craig

 

 

 

 

D. Cragin Shelton, DSc
Dr.Cragin@iCloud.com
My Blog
My LinkeDin Profile
My Community Posts