Hack-proofing ID and Access Management
Managing user privileges is among the most basic practices in any security strategy. Establishing a process also paves the way for other tactics, like provisioning and bridging the gap between IT and HR, that can keep internal and external threats at bay.
Security consultant Tom Walsh, Founder and Managing director of tw-Security shared tips and best practices for mastering identity and access management.
4 steps to geting started
The process of identity and access management consists of four steps, according to Tom Walsh, founder and managing partner of tw-Security.
The first is user identification. The next step, authentication, is where a user is asked to prove an ID that is authenticated with a password, token or biometrics.
Once the user is identified and proven, the next step is what Walsh called authorization or permission. Here, the system dictates what the user is permitted to see within the application or network.
And the last step is accountability, where the person is responsible for their actions, Walsh explained. In certain instances, a user must be able to give a reason why they are accessing certain information.
That is just the beginning. To really lockdown user identity and access management, Walsh also recommends a few more tactics ……