Title :
Supporting Compliant and Secure User Handling - A Structured Approach for In-House Identity Management
Author :
Fuchs, Ludwig ; Pernul, Günther
Author_Institution :
Dept. of Inf. Syst., Regensburg Univ.
Abstract :
The catchword "compliance" dominates the actual debate about identity management and information security like few before. Companies need to comply with a variety of internal and external standards and regulations like the US SOX Act. Identity management is seen as a main provider of compliance in modern companies. However, its organisational aspects are underestimated in many projects, lacking a comprehensive approach to introduce in-house identity management. This work is based on the experiences gained from industry projects using identity management functionalities to strengthen security and to reach a high level of compliance. We develop a structured process-oriented methodology for introducing an identity management infrastructure for organisations using drivers from IT security management to evaluate, rank, and implement subprojects. The methodology consists of an iterative process which enables even large and unstructured organisations to reach a suitable and profitable level of identity management by emphasising on organisational aspects rather than taking a merely technical approach
Keywords :
legislation; security of data; IT security management; US SOX Act; compliant user handling; identity management infrastructure; information security; organisational aspects; regulations; secure user handling; standards; Availability; IP networks; ISO standards; Identity management systems; Information management; Information security; Iterative methods; Management information systems; Organizational aspects; Project management;
Conference_Titel :
Availability, Reliability and Security, 2007. ARES 2007. The Second International Conference on
Conference_Location :
Vienna
Print_ISBN :
0-7695-2775-2
DOI :
10.1109/ARES.2007.145