Identity Management and Security Management

Security staff want to keep the bad guys out, and identity management (IdM) staff want to let the good guys in. This session will explore this generalization and how to bridge issues in technology, policy, process, and reporting structures relating to security and IdM to achieve shared institutional goals.

On behalf of several higher education associations, the American Council on Education submitted comments on the Family Educational Rights and Privacy Act

Comments of the EDUCAUSE/Internet2 Computer and Network Security Task Force on the Family Educational Rights and Privacy Act; Proposed Rule, Federal Register, Vol. 73, No. 57, U.S. Department of Education, Office of Planning, Evaluation and Policy Development

Auditing is an important and necessary step for establishing trust among relying parities when running a CA, PKI, and IdM system. This session will discuss what implementers should have ready when establishing their PKI, what auditors will expect from implementers, and what auditors will provide to implementers. It will also offer some illustrative real-world scenarios. You'll hear from an auditor from a Big Four firm and the CIO of a PKI shop who worked with auditors.

EDUCAUSE presents the top-ten IT-related issues in terms of strategic importance to the institution, as revealed by the ninth annual EDUCAUSE Current Issues Survey. This year, Security moves back to the top of the list.

Security and ERP Systems are numbers 1 and 2; Infrastructure rises; Change Management, E-Learning, and Staffing move into top ten.

Enterprise authorization requires the management of group, role, and privilege information to ensure consistent access policy across applications. This session will compare and contrast how multiple institutions have implemented this infrastructure and offer an initial view into shared practices for access management.

An identity management system often becomes a critical source of information for electronic services. Demands for data can result in tension between those who collect and safeguard the data and those who leverage it. This presentation will discuss the role that data governance plays at USC to both serve and protect.

With demands for identity and access management (IAM) paralleling the explosive growth in online interactions, it is imperative that existing business systems, infrastructure, planning, and technologies evolve to keep pace with the access needs of the future. Recognizing the importance of developing a comprehensive, forward-looking strategy to deal with this issue, the IAM initiative was formed by Kevin Morooney, vice provost for information technology, in April 2007. The group comprises 27 individuals who span many administrative areas at the university. The group is co-chaired by Renee Shuey, Information Technology Services (ITS) and Joel Weidner, Auxiliary and Business Services.

The group's primary charge was to create an IAM road map (or strategy) for Penn State. A secondary goal was to establish a community of people and organizations from across the university who understand each other's pressures, needs, and desires for developing an IAM infrastructure that will support and enhance academic, research, business, and collaborative processes.

Security staff want to keep the bad guys out and IAM folks want to let the good guys in. A hair is being split, to be sure, but it exposes a number of issues rooted in organizational politics and reporting structures. This panel session will explore how a number of institutions have encouraged their security and IAM staff to work together to achieve shared institutional goals.