Identity and Entitlement Management

Identity and Entitlement Management

Towards Effective Identity Management, Services and Controls

23 October 2008 (14-21)
Location: Pullman Diegem (Diegem)
Presented in English
Price: 590 EUR (excl. 21% VAT)

This event is history, please check out the List of Upcoming Seminars, or send us an email

Check out our related in-house workshops:

 Learning Objectives

Why do we organize this seminar ?

Identity & Access Management (IAM) has become a very unclear topic in the market these days. Many organizations, many stakeholders, and many suppliers & vendors understand very different things under the term IAM, so it is no wonder that 2 out of 3 IAM-projects fail. This seminar wants to give you a clear overview and understanding of this complex, but for most organizations quite essential solution to security, compliancy and risk management.

This seminar intends to:

  • Give you a clear picture of what identity (and access) management can mean for you and what the different components of such an environment are.
  • Make you understand which technical advantages and optimizations it can deliver, but also which business cases can justify the necessary (and often significant) budgets.
  • Show you how IAM can be used to support your business in the context of B2E, B2C, B2B, G2C, G2G, G2B, ...
  • Help you understand how to position identity management as a service within your enterprise architecture and how ERP, CRM and other systems can be integrated with it
  • Explain you how IAM can help you to get into control and improve compliance with SOX, Basel II, AEO and others
  • Give you an overall view on the actual situation with regards to Governance, Risk and Compliance (GRC).

The newest trend in IAM is called "entitlement management", which goes one step beyond authentication, leading to finer-grained access control. While authentication is about who is allowed on your network or in your application, entitlement management is about who is allowed to do what. Traditionally, such entitlements have been built into each of the applications your enterprise has. The new strategy is to remove access management from the applications, and to run it as a centralised shared service. Entitlement management can be used to strengthen the security of Web services, Web applications, legacy applications, documents and files, and physical security systems. This will lead to tighter, more granular security that is more specific to your set of users and their roles, easier to enforce and change policies, as well as better auditability and compliance.

Who should attend this seminar ?

This seminar wil help you to find your way in the IAM-jungle, to understand the issues to reckon with, and to bring your project/program towards a success. Therefore this seminar should be attended by:

  • Business managers needing to understand and ask the correct questions
  • B2B/B2C-project-leaders wanting a global picture and understand the issues
  • Auditors / Governance wanting/needing to obtain assurance
  • IT managers and Architects in search of a reality check

 Full Programme

13.30h - 14.00h
Registration, coffee/tea and croissants
14.00h - 14.45h
Identity management: global picture & (market) status

Identity Management solutions have been around for some time. A lot of fairy tales are being told, but:

  • What is the real market status of IAM today ?
  • What can you expect from current solutions ?
  • What is possible within a reasonable budget ?
  • What are the approaches taken on by current and successful IAM-projects ? Here we will treat business drivers like:
    • Business Facilitation,
    • Cost Containment,
    • Operational Efficiency,
    • IT Risk Management, and
    • Regulatory Compliance.
  • What are the different components of an IAM-architecture ?

14.45h - 15.30h
Understanding Identities, Roles, Profiles, ...

To build a good Identity Management environment, you need a solid understanding of its fundamentals: identities and entitlements. Here we will explain you:

  • What are e-identities ?
  • What are roles and group memberships ?
  • What are entitlements and profiles ?
  • What is the importance of delegations and mandates ?
  • What is DAC (Discretionary Access Control), RBAC (Role-Based Access Control), RuBAC (Rule-Based Access Control), EDAC (Enterprise Dynamic Access Control), ... ?

15.30h - 16.15h
Governance & Processes

No environment will survive as it does not have a governance model. It should be clear that next to e.g. ITIL-practice some specific IAM-issues need to be considered. It is important to have a clear view of roles & responsibilities and to draft the needed (exception) processes.

16.15h - 16.45h
Coffee/Tea and Refreshments
16.45h - 17.30h
Compliance & Control

Every organization has to be in control and be compliant with its own (security) policy. In most organizations this has become an important topic due to regulations like Basel II, SOX, AEO, etc. But even in generally applicable law there are drivers for IAM to be compliant with. One clear example is the privacy legislation. Also we will make the link here between IAM and GRC (Governance, Risk and Compliance).

17.30h - 18.15h
Reference Architecture

When you build an IAM-environment, how will you know it will pass the ever changing requirements of business ? The only way to survive is to have a clear IAM-architecture which answers to your requirements in short term and within available budgets but at the same time which are built for growth. To be able to do that, it is necessary to look at the reference architectures around, to look at the abilities of vendors, to look at the role of ERP- and CRM-packages and to look at upcoming new insights like e.g. federation.

18.15h - 19.30h
19.30h - 20.15h
Emerging Technologies, such as Federation and Service-Oriented Architectures

Federation, Liberty, SAML, ADFS (Active Directory Federation Services), WS-Federation, CardSpace, OpenID, etc. Goal of this chapter is to have a look at these increasingly emerging technologies and to look at how these could impact or influence your IAM-strategy.

20.15h - 21.00h
IAM-Approaches and Reference Projects

Knowing that 2 out of 3 IAM-projects fail, what are the projects and approaches which seem to gain sufficient budget within organizations ? Here we will run through some cases which were more IT-oriented, some which were more business-oriented, others which were more compliance-oriented.

End of this seminar


Erik van Zuuren

ir. Erik R. van Zuuren MBA is Senior Manager at Deloitte Enterprise Risk Services and has an extensive experience in Information Security Governance and Risk Management related disciplines, both at strategic and tactical level and has an extensive experience at C-level in the private sector and management- / cabinet-level in the public sector.

ir. Erik R. van Zuuren MBA is active as consultant since over 10 years and since participated in and led a broad range of strategic and tactical projects mostly in Belgium and The Netherlands. Some examples of his experience are:

  • extensive experience in governments (Belgian Federal and Flemish) and related agencies and wide experience in a diverse spectrum of private industry (financial/insurance/industry/energy/...).
  • one of the fathers/authors of the blueprint for the Belgian Personal Identity Card Project (BelPIC) and e.g. program manager for the Flemish government’s identity and access management platform.
  • assistant to several CIO/CTO/CISO’s and coach in several Information- and ICT- Security projects (incl. strategic level, tactical level, architectural angle, organisational/procedural angle, ...)
  • creator of security strategies, policies, frameworks and architectures for medium/large organisations, multinationals and government agencies
  • creator of e-business- and e-government enabling Identity and Access Control Management as well as Public Key Infrastructure blueprints, concepts and architectures
  • co-organiser/chairman/speaker/moderator at several security- and ICT-related events (CSI US, L-SEC, esec2001-esec2004, I.T. Works, ...)

Deloitte Enterprise Risk Services

Wouter Janssen (CISSP CISA CISM CFE) is a security specialist working as senior manager for Deloitte Enterprise Risk Services in Belgium. Working in the consultancy and audit field for many years, he has been able to combine his technical skills and security knowledge with business insight and experience to assist customers in finding tailored solutions for security challenges.

He has over 10 years of professional experience in the areas of IT security, ERP security, identity & access management, data privacy, internal control, compliance, audit and IT governance. He has been involved in and managed various large-scale IT security projects and advised multinationals in various industries across Europe.

Jan Vanhaecht

Jan Vanhaecht is a leading IAM-architect at Deloitte Enterprise Risk Services and has an extensive practical experience in Identity, Access and Privilege management projects. During the past years, he had a leading role with an integrator in Identity, Access and Privilege management, where he build a team of experienced Identity, Access and Privilege Management engineers delivering multiple successful IAM Projects.

Before joining Deloitte, Jan Vanhaecht regularly worked as consultant with most major IDM deployments, and is widely recognized for his knowledge and experience. In this role he was and still is in close contact with the product develepment teams. Amongst the projects Jan delivered, are advanced deployments of IAM projects:

  • Enterprise wide Rule Based Access Control system, controlling access to applications of an 30 000+ employee environment. This project linked an Identity Management (provisioning) and Web Access Control system.
  • Enterprise wide Policy Administration Point, allowing business users to centrally define access control policies for custom build webapplications. This system now enables this Telco to more easily comply with applicable regulations.

Questions about this ? Interested but you can't attend ? Send us an email !