best practices for assessments - healthcare security … · · 2017-05-102017-05-09 · of...
Post on 31-Mar-2018
214 Views
Preview:
TRANSCRIPT
Proprietary & Confidential. Copyright IDMWORKS 2017.
1
Best Practices for Assessments
SanFrancisco.HealthPrivacyForum.com #HITprivacy
MAY 11–12, 2017SAN FRANCISCO, CA
Proprietary & Confidential. Copyright IDMWORKS 2017.
Assessing your Identity & Access Management Maturity
Proprietary & Confidential. Copyright IDMWORKS 2017.
3
ABOUT IDMWORKSWe are a group of problem solvers that deliver technological solutions for business through leadership and development with over 600+ successful Engagement with Clients Across Multiple Sectors
Vision Mission Finish
“Our team has always enjoyed a great working relationship with IDMWORKS over various projects spanning multiple years. Our experiences have always been professional and have resulted in excellent service delivery and highly effective outcomes.” –F. Como, Excellus Blue Cross Blue Shield
Operational since 2004135+ EmployeesD&B rating of 95%Offices in across the US and India
IDMWORKS Consulting: IAM Consulting (Advisory & Implementations)Hosted & Managed Services (MSP and Support Services)
IDMWORKS IdentityForge: Mobile/Custom DevelopmentManufacturer of Mainframe connectors (i.e. Cerner), EPIC web
service connector, and dozens more Non-Employee Identity Suite (NEIS) (i.e. traveling nurses,
affiliates, students, temps, contractors, etc)IDMWORKS Data Center (“DCMWORKS”): Data Center Migrations, MSP
FACTS
Proprietary & Confidential. Copyright IDMWORKS 2017.
4
Our Customers Come From Every Area Of Healthcare
Proprietary & Confidential. Copyright IDMWORKS 2017.
6
Once an organization achieves an “Optimized” status they must Rinse & Repeat the process.
This will allow the re-alignment of priorities and strategy as the IAM vision adapts with the business
Level 1Initial
Level 2Developing
Level 3Defined
Level 4Managed
Level 5Optimized
Governance is ad hoc and informal
Tools put in place on a piecemeal basis
An IAM vision is defined
An IAM architecture is defined
Tactical priorities set based on certain business drivers
Technology redundancy is likely
An IAM governance structure is defined
The IAM PMO is established
Multiyear projects are aligned with vision and strategy
IAM performance targets are actualized
Performance is continuously monitored
Transformational
value
Discrete technology projects
Business value is tactical
Responsibilities are poorly defined
Key stakeholders are actively involved in the IAM program
IAM architecture aligned with EA
The IAM program is dynamic and adaptive to changes in business conditions
Rinse & Repeat (aka Plan, Build, Run)
The Identity & Access Management (IAM) Maturity Model
Proprietary & Confidential. Copyright IDMWORKS 2017.
7
IAM provides a practical, structured and coherent approach to the management of users' identities and their access to systems and data.
What Should We Assess?
IAM ensures the right people get access to the right resources at the right times for the right reasons
Why Should We Assess?
The IAM Assessment
Proprietary & Confidential. Copyright IDMWORKS 2017.
8
IAM Technologies Grouped by Primary Functional Capability
What Should We Assess (expanded)?
Proprietary & Confidential. Copyright IDMWORKS 2017.
9
Best Practices For Assessments, Blueprints & Roadmaps: When To Refresh Your Identity Management Roadmap
Proprietary & Confidential. Copyright IDMWORKS 2017.
10
A Future State Blueprint defines what the organization believes can reasonably be accomplished incrementally within a phased long-term roadmap to successfully address the over-arching pursuit of the organizations’ Security Services vision.
The Blueprint endorses the Roadmap implementation of several core Identity & Access management component technologies to build a solid Identity & Access Management Services Framework to support more efficient, more secure and more effective delivery of Security services in the future.
Identity & Access Mgt.Component
Then Now
Roadmap? Change?
Automated Provisioning
Automated Identity Data Synchronization
Granular User Admin/Authentication and Authorization Mgmt
Password Management
Role Management
SSO & Federation
Privileged Identity Mgmt
Identity Analytics
Proprietary & Confidential. Copyright IDMWORKS 2017.
11
How do we maintain our IAM Maturity?• Strategy
• Responsibility
• Architecture
• Plan & Budget CP
ID Infrastructure design
Processes
Controls
• Identity andentitlementsprocesses
• Technologyselection &implementation
• Communications
GovernSteering Committee
Executive SupportDelegation of Authority
Risk Assessment
Plan Build
Run
And now that we have refreshed….
top related