Identity and Privilege Management

Identity and Privilege Management

How to avoid an identity crisis in your company

28 March 2007 (14-21)
Location: Sofitel Diegem (Diegem near Brussels (Belgium))
Presented in English
Price: 540 EUR (excl. 21% VAT)

This event is history, please check out the List of Upcoming Seminars, or send us an email

Check out our related in-house workshops:

 Learning Objectives

Why do we organize this seminar ?

"Identity and Privilege Management" can be a true business enabler as well as an effective way to cut costs if it is correctly introduced in an organization. It can also help an organization to get control of whom has access to what (and as such provide critical assurance). Regrettably the market is full of noise with regard to Identity and Access Management and also the major topic / the key success factor being identity & privilege management is not well understood, so please come and join us for this seminar to demystify the subject and give management a clear understanding of the subject.

Many things drive organisations to set up an Identity, Access and Privilege Management (IAM/PRM) environment (and should be reasons to attend):

  • (e)Business and the requirement to open up internal resources and applications to business partners, clients, etc, drive organisations to set up environments that allow them to do so securely. IAM/PRM helps organisations to securely enable (e)business.
  • Regulations like HIPAA, SOX, Basel II and others drive organisations to be able to prove that they have things under control and have taken the required measures. IAM/PRM is one of the cornerstones to achieve this.
  • Many organisations have a huge amount of systems and applications, and in each of them users have an account. The management of all those identities and authorisations (and coinciding costs) is tremendous. A solid IAM/PRM-environment helps to drastically limit costs.
  • Security and especially control (e.g. separation of duties) is becoming increasingly important. The ways in which organisations now manage identities and access rights make it very difficult if not impossible to audit access rights. Modern IAM/PRM-architectures allow you to get a controllable and auditable environment.

Who should attend this seminar ?

The goal of this seminar is to demystify the subject, to help management to understand what is involved, to give insight into the critical success factors to obtain business-enabling, cost-control, assurance, etc.

Therefore this seminar should be attended by:

  • Business managers needing to understand and ask the correct questions
  • B2B/B2C-project-leaders wanting a global picture and understand the issues
  • Auditors / Governance wanting/needing to obtain assurance
  • IT managers and Architects in search of a reality check

 Full Programme

13.30h - 14.00h
Registration, coffee/tea and croissants
14.00h - 14.50h
Identity & Privilege Management, Reality Check & Market Status

Identity and Privilege Management is definitely a "hot topic". But what is Identity and Privilege Management exactly ? Do I need this ? What can it do for me ? During this introductory presentation, we will make an abstraction of the technical details and bring you a management overview. We'll sum up the most important business drivers and explain how these can be applied in your environment.

We will also show that Identity and Privilege Management is not only a technology, but a fundamental aspect of your daily business processes.

  • Business Drivers
    • Business Facilitation
    • Cost Containment
    • Operational Efficiency
    • IT Risk Management
    • Regulatory Compliance
  • Complexity
    • Authentication (eID, Infocard, ...)
    • Multiple digital identities
    • Processes
    • Management models (delegation, federation, ...)
14.50h - 15.40h
Privileges, Profiles, Roles and RBAC

Controlling and managing identities in your organization is not as easy as it may look. But doing the same for the access they have is like adding a completely new dimension to the equation. In the last few years many new concepts and tools have been developed to address this corner of the IDM solution. They mostly focus on solving the issue by introducing an intermediary layer between the users and the resources: roles. Tools and technologies are exactly that what they claim to be: they do what you tell them to do and nothing more. So, how do you tell them which roles you need? How do you make sure they can work with the most up-to-date information ?

This module will show different approaches to these questions, describing their positive and negative aspect. The audience will get a good feel of what is involved in "role mining" and "role modeling" and will know in what general direction to go in search for the right solution and will know how to avoid some common pitfalls.

  • Privilege Management
    • DAC (Discretionary Access Control)
    • RBAC (Role-Based Access Control)
    • RuBAC (Rule-Based Access Control)
    • EDAC (Enterprise Dynamic Access Control)
    • ...
  • Role Mining and Modeling
    • Conceptual model
    • Pragmatic approach
    • Adaptive processes
    • Measuring is knowing and knowing is controlling!
15.40h - 16.00h
Coffee/Tea and Refreshments
16.00h - 16.50h
IDM Fundamentals: Processes

An identity process is a process that performs a control task on identities. An IDM solution is set up to support these processes. Hence, the processes and the process architecture are an ideal starting point for an IDM project.

During this presentation, we show what identity processes exactly are and how you can identify them in your organisation. In the next step, we examine these processes with a maturity model that was specially created for Identity Management.

The results of this analysis provide a good - and more importantly an objective - image of the maturity of our current Identity Management. It also shows where the weaknesses are, and where we will have to invest to get all processes at the same level.

  • The importance of a good overview of:
    • Data
    • Digital identities
    • Entitlements
    • Tasks
    • Processes
  • How to map:
    • Applications
    • Authorisations
    • Identity Model of your Data Architecture
  • How to map:
    • Tasks
    • Processes (TO-BE)
16.50h - 17.40h
IDM ROI: Compliance, Auditing & Control

Recent security incidents at companies and government bodies have triggered more and more regulations. Identity, Access and Privilege Management is also subject to this increased regulation, and auditing plays an increasingly important role. During this presentation, we show you how to realize auditing in your environment, but also how this can bring added value. We will not limit ourselves to the goals of compliance, but we will extend this to process- and architecture improvement.

  • Corporate Governance & Compliance
  • Compliant IDM
    • ISO 17799
  • Auditing (+ managing expectations of auditors)
  • Approaches
    • Post mortem
    • On Incident
    • Preventive
    • Some examples
17.40h - 19.00h
19.00h - 19.50h
IDM Evolutions & Current Technology

The Internet has been a tremendous source for innovation. In the last 15 years we saw the birth of electronic messaging, the World Wide Web, video streaming, ... And without the collaborative nature of this Internet we wouldn't have many of the standards we can use today, including PKI, LDAP and Kerberos. But do you know the work that is being done in the area of Identity Management? One intermediate result is Federation, a conceptual architecture that already found its way into mainstream IDM suites thanks to SAML and Liberty. However, that merely scratches the surface. What about InfoCards, a meta identity system created by Microsoft and endorsed by most parties (including Novell, SUN and IBM). With IE7 and Vista having native support and other platforms and browsers not far behind, this will certainly be a big hit in the near future. This, Infocards, and other new concepts, trends and technologies will be presented in this module "Evolutions".

  • Identity on the Internet
  • Existing (Usable) Work
    • Federation (SAML, Liberty)
    • Identity Silos (best practices)
  • Work in Progress
    • Liberty WS-F
    • Meta Identity System
    • OpenID
  • Applicability in the Enterprise
19.50h - 20.40h
IDM Architecture: The Overall Picture and Critical Success Factors

Identity processes and auditing are only 2 of the many building blocks: what is needed, is a full Identity Management architecture. To complete the picture, we present a reference architecture. We start with an example of a Governance model, add the policies and complete it with the data- and process architecture.

Federation architectures are a thing of the future for most companies, but they are becoming increasingly important, and a serious momentum is building around the opportunities of federation. An Identity Management Architecture is not a one-time nor a static project. It is a continuously evolving project with a typical lifecycle. There are many different ways to tackle such a project, e.g. bottom-up or top-down. We discuss a number of alternatives, as well as their advantages and disadvantages.

  • Reference Architecture
    • Burton Group
  • Evolution
    • Federation
      • User Centric
      • Standards (SAML 1.1, ID-FF, ID-WSF, ID-SIS, Shibboleth, SAML 2.0)
      • Belgian Federal Token
  • Critical Success Factors
    • Process
    • Compliance
20.40h - 21.00h
Final Q & A
End of this seminar


Erik R. van Zuuren (Ascure NV/BV)
Erik R. van Zuuren

ir. Erik R. van Zuuren MBA is Business Unit Manager InfoSec Architectures and Principal InfoSec / RM Consultant and has an extensive experience in Information Security Governance and Risk Management related disciplines, both at strategic and tactical level and has an extensive experience at C-level in the private sector and management- / cabinet-level in the public sector.

ir. Erik R. van Zuuren MBA is active as consultant since over 10 years and since participated in and led a broad range of strategic and tactical projects mostly in Belgium and The Netherlands. Some examples of his experience are:

  • extensive experience in governments (Belgian Federal and Flemish) and related agencies and wide experience in a diverse spectrum of private industry (financial/insurance/industry/energy/...).
  • one of the fathers/authors of the blueprint for the Belgian Personal Identity Card Project (BelPIC) and e.g. program manager for the Flemish government’s identity and access management platform.
  • assistant to several CIO/CTO/CISO’s and coach in several Information- and ICT- Security projects (incl. strategic level, tactical level, architectural angle, organisational/procedural angle, ...)
  • creator of security strategies, policies, frameworks and architectures for medium/large organisations, multinationals and government agencies
  • creator of e-business- and e-government enabling Identity and Access Control Management as well as Public Key Infrastructure blueprints, concepts and architectures
  • co-organiser/chairman/speaker/moderator at several security- and ICT-related events (CSI US, LSEC, esec2001-esec2004, ITworks, ...)

Bavo De Ridder (Ascure NV/BV)
Ascure NV/BV

Bavo De Ridder is a Principal Information Security Consultant and Competence Center manager for Identity & Access Management at Ascure. He is an expert in Identity, Privilege and Access management. He started his professional career at the Catholic University of Leuven where he researched in the field of modeling and architectures. This experience gives Bavo an excellent background for creating Identity enabled enterprise architectures that align with the companies goals at the business process level. Bavo has experience with governments (Federal and Flemish), financial institutions and the private sector. Bavo is the primary architect of the Identity and Privilege management solutions at the Flemish Community. Bavo is also the leading Identity Management expert for the B2E/B2C/B2B-IAM-project which is currently being executed at DeLijn.

He also actively participates in Identity Gang and Identity Commons, a non-profit organisation grouping efforts for creating an Internet Identity layer. This gives Bavo a head start on new technologies, concepts and ideas in the world of Identity management.

Dave Vijzelman (Ascure NV/BV)
Dave Vijzelman

Dave Vijzelman has worked in several large heterogeneous environments and has a large experience in designing and implementing architectural RBAC solutions. His focus is primarily on RBAC strategies and role mining. Besides this, he also has a wide knowledge towards the technical approach regarding identity and access management (IAM) strategies. In his current position as a Senior Information Security Consultant at Ascure, Dave is responsible for the architectural approach of analyzing and designing RBAC strategies for clients. Before this, he was an RBAC Consultant at BHOLD Company.

His variety of experience has been proven in a number of business and industry sectors. In Switzerland, he designed and implemented an RBAC strategic tool for audit and control for a large insurance company in Basel. Also for a banking company in The Netherlands, he successfully implemented a RBAC tool primarily based to audit a Active Directory environment.

Questions about this ? Interested but you can't attend ? Send us an email !