This event is history, please check out the List of Upcoming Seminars, or send us an email
Check out our related in-house workshops:
Why do we organize this seminar ?
"Identity and Privilege Management" can be a true business enabler as well as an effective way to cut costs if it is correctly introduced in an organization. It can also help an organization to get control of whom has access to what (and as such provide critical assurance). Regrettably the market is full of noise with regard to Identity and Access Management and also the major topic / the key success factor being identity & privilege management is not well understood, so please come and join us for this seminar to demystify the subject and give management a clear understanding of the subject.
Many things drive organisations to set up an Identity, Access and Privilege Management (IAM/PRM) environment (and should be reasons to attend):
Who should attend this seminar ?
The goal of this seminar is to demystify the subject, to help management to understand what is involved, to give insight into the critical success factors to obtain business-enabling, cost-control, assurance, etc.
Therefore this seminar should be attended by:
Identity and Privilege Management is definitely a "hot topic". But what is Identity and Privilege Management exactly ? Do I need this ? What can it do for me ? During this introductory presentation, we will make an abstraction of the technical details and bring you a management overview. We'll sum up the most important business drivers and explain how these can be applied in your environment.
We will also show that Identity and Privilege Management is not only a technology, but a fundamental aspect of your daily business processes.
Controlling and managing identities in your organization is not as easy as it may look. But doing the same for the access they have is like adding a completely new dimension to the equation. In the last few years many new concepts and tools have been developed to address this corner of the IDM solution. They mostly focus on solving the issue by introducing an intermediary layer between the users and the resources: roles. Tools and technologies are exactly that what they claim to be: they do what you tell them to do and nothing more. So, how do you tell them which roles you need? How do you make sure they can work with the most up-to-date information ?
This module will show different approaches to these questions, describing their positive and negative aspect. The audience will get a good feel of what is involved in "role mining" and "role modeling" and will know in what general direction to go in search for the right solution and will know how to avoid some common pitfalls.
An identity process is a process that performs a control task on identities. An IDM solution is set up to support these processes. Hence, the processes and the process architecture are an ideal starting point for an IDM project.
During this presentation, we show what identity processes exactly are and how you can identify them in your organisation. In the next step, we examine these processes with a maturity model that was specially created for Identity Management.
The results of this analysis provide a good - and more importantly an objective - image of the maturity of our current Identity Management. It also shows where the weaknesses are, and where we will have to invest to get all processes at the same level.
Recent security incidents at companies and government bodies have triggered more and more regulations. Identity, Access and Privilege Management is also subject to this increased regulation, and auditing plays an increasingly important role. During this presentation, we show you how to realize auditing in your environment, but also how this can bring added value. We will not limit ourselves to the goals of compliance, but we will extend this to process- and architecture improvement.
The Internet has been a tremendous source for innovation. In the last 15 years we saw the birth of electronic messaging, the World Wide Web, video streaming, ... And without the collaborative nature of this Internet we wouldn't have many of the standards we can use today, including PKI, LDAP and Kerberos. But do you know the work that is being done in the area of Identity Management? One intermediate result is Federation, a conceptual architecture that already found its way into mainstream IDM suites thanks to SAML and Liberty. However, that merely scratches the surface. What about InfoCards, a meta identity system created by Microsoft and endorsed by most parties (including Novell, SUN and IBM). With IE7 and Vista having native support and other platforms and browsers not far behind, this will certainly be a big hit in the near future. This, Infocards, and other new concepts, trends and technologies will be presented in this module "Evolutions".
Identity processes and auditing are only 2 of the many building blocks: what is needed, is a full Identity Management architecture. To complete the picture, we present a reference architecture. We start with an example of a Governance model, add the policies and complete it with the data- and process architecture.
Federation architectures are a thing of the future for most companies, but they are becoming increasingly important, and a serious momentum is building around the opportunities of federation. An Identity Management Architecture is not a one-time nor a static project. It is a continuously evolving project with a typical lifecycle. There are many different ways to tackle such a project, e.g. bottom-up or top-down. We discuss a number of alternatives, as well as their advantages and disadvantages.
ir. Erik R. van Zuuren MBA is Business Unit Manager InfoSec Architectures and Principal InfoSec / RM Consultant and has an extensive experience in Information Security Governance and Risk Management related disciplines, both at strategic and tactical level and has an extensive experience at C-level in the private sector and management- / cabinet-level in the public sector.
ir. Erik R. van Zuuren MBA is active as consultant since over 10 years and since participated in and led a broad range of strategic and tactical projects mostly in Belgium and The Netherlands. Some examples of his experience are:
Bavo De Ridder is a Principal Information Security Consultant and Competence Center manager for Identity & Access Management at Ascure. He is an expert in Identity, Privilege and Access management. He started his professional career at the Catholic University of Leuven where he researched in the field of modeling and architectures. This experience gives Bavo an excellent background for creating Identity enabled enterprise architectures that align with the companies goals at the business process level. Bavo has experience with governments (Federal and Flemish), financial institutions and the private sector. Bavo is the primary architect of the Identity and Privilege management solutions at the Flemish Community. Bavo is also the leading Identity Management expert for the B2E/B2C/B2B-IAM-project which is currently being executed at DeLijn.
He also actively participates in Identity Gang and Identity Commons, a non-profit organisation grouping efforts for creating an Internet Identity layer. This gives Bavo a head start on new technologies, concepts and ideas in the world of Identity management.
Dave Vijzelman has worked in several large heterogeneous environments and has a large experience in designing and implementing architectural RBAC solutions. His focus is primarily on RBAC strategies and role mining. Besides this, he also has a wide knowledge towards the technical approach regarding identity and access management (IAM) strategies. In his current position as a Senior Information Security Consultant at Ascure, Dave is responsible for the architectural approach of analyzing and designing RBAC strategies for clients. Before this, he was an RBAC Consultant at BHOLD Company.
His variety of experience has been proven in a number of business and industry sectors. In Switzerland, he designed and implemented an RBAC strategic tool for audit and control for a large insurance company in Basel. Also for a banking company in The Netherlands, he successfully implemented a RBAC tool primarily based to audit a Active Directory environment.
Questions about this ? Interested but you can't attend ? Send us an email !