Community Educational Online Seminar Series on IT Security

February 18, 2016, 9-10 AM PDT, 5-6 PM GMT, 6-7 PM CET

While identity & access management (IAM) have been around for years, the bulk of the focus was mostly on identity, authentication and account permission provisioning. Often only basic access policy management and enforcement are implemented (e.g. role-based). Today many newer technology approaches are available to implement richer, more granular, dynamic, contextual access control policies in a manageable and enforceable way. Let’s discuss opportunities and tech. challenges for the “A” in IAM.

Your organization’s “A” in IAM most likely sucks! Today many technology approaches are available to implement better access controls. Let’s discuss!

  • What’s are the shortcomings of today’s access (“A”) control implementations as part of IAM
  • What are the challenges (technical, organizational, etc.) around implementing better A in IAM?
  • What are the opportunities (i.e. why you should do it)? (discuss with audience)

Session flow

  1. Introduction to Identity & Access Management (IAM): What it is, what it isn’t, how it helps, the good/bad/ugly etc.
  2. Zoom-in: The “A” of “IAM”: Why and howaccess control and authorization management need to go beyond what is typically implemented as part of IAM; we will also cover that there is often a misunderstanding (or ignorance/denial) of what can/should be done, and what “best” practice is today.
  3. Available approaches : We cover examples of more advanced access control mechanisms and approaches, and how they are tied into IAM.
  4. How to manage “A” as part of the “IAM” program? A large number if IAM implementations fail because of many factors. We will cover potential pitfalls, and approaches for managing “A” in an “IAM” program
  5. Why this matters now? Today’s policy requirements are often highly complex, e.g. based on contextual dynamic access based on many deciding factors. While identity-related factors play a critical role, they are by no means the only factor involved in today’s access policy requirements.
  6. Reality check and conclusions: Summarize main take-home messages and recommendations, references.

This online seminar is purely educational. We will deep-dive into various technical access control technologies and look at how to implement them as an engineer or security professional. Our goal is to educate about these topics so that hopefully our industry can move forward and provide more effective security. Right now the industry I obviously largely failing…and most security people don’t even realize that they have the access control technical implementation problems they have, and also are not aware of leading-edge access control approaches and tools. So this is definitely going to be educational!

Presenter

Dr Ulrich Lang is a renowned access control expert with over 20 years in InfoSec (startup, large bank, academic, inventor, technical expert witness, conference program committee, proposal evaluator/reviewer etc.). He has produced over 150 publications/presentations and written an InfoSec book. He has a PhD on access control from Cambridge University (2003), a master’s in InfoSec (Royal Holloway). Ulrich is the co-founder, co-inventor and CEO of ObjectSecurity (Gartner “Cool Vendor 2008”), an innovative InfoSec company that focuses on making security policies more manageable. He is on the Board of Directors of the Cloud Security Alliance (Silicon Valley). Ulrich is a frequent conference speaker. Ulrich is an entertaining presenter who is not shy to discuss controversial views.

– this webinar is now full –

Please contact us to get on the list for the next one.