Join Our Mailing List Here

INsecurity Conference 2018 Schedule Builder

View, browse and sort the list of sessions by pass type, track, and format. Sessions do fill up and seating is first come, first serve, so arrive early to sessions that you would like to attend. Check back as we add more sessions soon.

Securing IdAM

Harry Perper (Chief Engineer, MITRE)

Date: Thursday, October 25

Time: 1:30pm - 2:30pm

Session Type: Track Session

Track: Operations and Practices

Vault Recording: TBD

Audience Level: Advanced

Managing user access in organizations requires frequent changes to user identity and role information and to user access profiles for systems and data. Employees using these various identity and access management (IdAM) systems may lack methods to coordinate access across the corporation effectively to ensure that IdAM changes are executed consistently throughout the enterprise. This inconsistency is inefficient and can result in security risks. The National Cybersecurity Center of Excellence (NCCoE) at the National Institute of Standards and Technology (NIST) addresses the challenge to provide a more secure and efficient way to manage access to data and systems.

This session will describe the reference design and an example implementation for this problem that utilized commercially available products. The approach delivers an Access Rights Management (ARM) system that coordinates changes throughout the organization, thereby reducing the risk of unauthorized access caused by malicious actors or human error. Based on risk analysis, this design is intended to help companies gain efficiencies in ARM, while saving money and time during the research and proof-of-concept phases of a project.

This session will present an architecture for implementing ARM that improves the control of user access information using automation. It also quickly identifies unapproved changes such as privilege escalations by including multiple methods of monitoring the user access information repositories (directories).