This event is history, please check out the List of Upcoming Seminars, or send us an email
Check out our related in-house workshops:
Why do we organize this seminar ?
Identity & Access Management (IAM) has become a very unclear topic in the market these days. Many organizations, many stakeholders, and many suppliers & vendors understand very different things under the term IAM, so it is no wonder that 2 out of 3 IAM-projects fail. This seminar wants to give you a clear overview and understanding of this complex, but for most organizations quite essential solution to security, compliancy and risk management.
This seminar intends to:
The newest trend in IAM is called "entitlement management", which goes one step beyond authentication, leading to finer-grained access control. While authentication is about who is allowed on your network or in your application, entitlement management is about who is allowed to do what. Traditionally, such entitlements have been built into each of the applications your enterprise has. The new strategy is to remove access management from the applications, and to run it as a centralised shared service. Entitlement management can be used to strengthen the security of Web services, Web applications, legacy applications, documents and files, and physical security systems. This will lead to tighter, more granular security that is more specific to your set of users and their roles, easier to enforce and change policies, as well as better auditability and compliance.
Who should attend this seminar ?
This seminar wil help you to find your way in the IAM-jungle, to understand the issues to reckon with, and to bring your project/program towards a success. Therefore this seminar should be attended by:
Identity Management solutions have been around for some time. A lot of fairy tales are being told, but:
To build a good Identity Management environment, you need a solid understanding of its fundamentals: identities and entitlements. Here we will explain you:
No environment will survive as it does not have a governance model. It should be clear that next to e.g. ITIL-practice some specific IAM-issues need to be considered. It is important to have a clear view of roles & responsibilities and to draft the needed (exception) processes.
Every organization has to be in control and be compliant with its own (security) policy. In most organizations this has become an important topic due to regulations like Basel II, SOX, AEO, etc. But even in generally applicable law there are drivers for IAM to be compliant with. One clear example is the privacy legislation. Also we will make the link here between IAM and GRC (Governance, Risk and Compliance).
When you build an IAM-environment, how will you know it will pass the ever changing requirements of business ? The only way to survive is to have a clear IAM-architecture which answers to your requirements in short term and within available budgets but at the same time which are built for growth. To be able to do that, it is necessary to look at the reference architectures around, to look at the abilities of vendors, to look at the role of ERP- and CRM-packages and to look at upcoming new insights like e.g. federation.
Federation, Liberty, SAML, ADFS (Active Directory Federation Services), WS-Federation, CardSpace, OpenID, etc. Goal of this chapter is to have a look at these increasingly emerging technologies and to look at how these could impact or influence your IAM-strategy.
Knowing that 2 out of 3 IAM-projects fail, what are the projects and approaches which seem to gain sufficient budget within organizations ? Here we will run through some cases which were more IT-oriented, some which were more business-oriented, others which were more compliance-oriented.
ir. Erik R. van Zuuren MBA is Senior Manager at Deloitte Enterprise Risk Services and has an extensive experience in Information Security Governance and Risk Management related disciplines, both at strategic and tactical level and has an extensive experience at C-level in the private sector and management- / cabinet-level in the public sector.
ir. Erik R. van Zuuren MBA is active as consultant since over 10 years and since participated in and led a broad range of strategic and tactical projects mostly in Belgium and The Netherlands. Some examples of his experience are:
Wouter Janssen (CISSP CISA CISM CFE) is a security specialist working as senior manager for Deloitte Enterprise Risk Services in Belgium. Working in the consultancy and audit field for many years, he has been able to combine his technical skills and security knowledge with business insight and experience to assist customers in finding tailored solutions for security challenges.
He has over 10 years of professional experience in the areas of IT security, ERP security, identity & access management, data privacy, internal control, compliance, audit and IT governance. He has been involved in and managed various large-scale IT security projects and advised multinationals in various industries across Europe.
Jan Vanhaecht is a leading IAM-architect at Deloitte Enterprise Risk Services and has an extensive practical experience in Identity, Access and Privilege management projects. During the past years, he had a leading role with an integrator in Identity, Access and Privilege management, where he build a team of experienced Identity, Access and Privilege Management engineers delivering multiple successful IAM Projects.
Before joining Deloitte, Jan Vanhaecht regularly worked as consultant with most major IDM deployments, and is widely recognized for his knowledge and experience. In this role he was and still is in close contact with the product develepment teams. Amongst the projects Jan delivered, are advanced deployments of IAM projects:
Questions about this ? Interested but you can't attend ? Send us an email !