Supporting Compliant and Secure User Handling - A Structured Approach for In-House Identity Management

The catchword "compliance" dominates the actual debate about identity management and information security like few before. Companies need to comply with a variety of internal and external standards and regulations like the US SOX Act. Identity management is seen as a main provider of compliance in modern companies. However, its organisational aspects are underestimated in many projects, lacking a comprehensive approach to introduce in-house identity management. This work is based on the experiences gained from industry projects using identity management functionalities to strengthen security and to reach a high level of compliance. We develop a structured process-oriented methodology for introducing an identity management infrastructure for organisations using drivers from IT security management to evaluate, rank, and implement subprojects. The methodology consists of an iterative process which enables even large and unstructured organisations to reach a suitable and profitable level of identity management by emphasising on organisational aspects rather than taking a merely technical approach