Category: Identity Management

  • Industry and local laws and regulations

    Industry and local laws and regulations

    Introduction Protection of data, both commercial and public, is a grave concern for governmental bodies. Even after implementing several methods and layers of protections, corporations fail to ensure maximum security for all the data that they hold, both private and public third-party data. This is where the government IT department must take charge and impose…

  • Security Policy Framework

    Security Policy Framework

    Introduction We often talk about multi-layered security or the installation of MFA (multi-factor authentication) in our enterprise systems. However, do we know what joins the dots in the process of cybersecurity and Security Policy Framework? The Security Policy Framework. As the name states, it is a set of tasks or frameworks at the core of…

  • Identity Lifecycle Management (ILM)

    Identity Lifecycle Management (ILM)

    Introduction Identity Lifecycle Management(ILM) consists of various tools, policies, and software that are used to control different user accounts in an enterprise. However, the main role of all services under ILM is to control and allocate access to particular resources and controls. An ILM framework is not a physical setup. However, it ensures safety and…

  • Segregation of Duties, Auditing, and Reporting

    Segregation of Duties, Auditing, and Reporting

    Introduction The phrase, “with great power and authority comes great responsibility,” introduces the concept of segregation of duties (or SOD). For organizations and corporations, data has huge value. More than gold, a minor leak of confidential information could potentially devastate data security, begin controversies, and cripple the firm’s brand image and sales. Thinking that security…

  • Access validation and Certification

    Access validation and Certification

    Introduction Access to certain systems, network resources and data cannot be confirmed if the user request for access is not validated/certified. The process is mainly implemented in corporate firms to safeguard and comply with security risk management policies against fraud or alienated employees who may cause a major data breach. The access certification process is…

  • Access Controls and RBAC

    Access Controls and RBAC

    Introduction Access must be used as a tool or power to derive authority or privilege in an enterprise. If access to all enterprise resources is distributed equally amongst everyone, maintaining cybersecurity to protect confidential information and data would be impossible. Everyone in the company would have access to everything equally. Thus, tracing the root cause…

  • User termination and Role changes

    User termination and Role changes

    Introduction User termination and role changing is a regular task for the IT employees at an organization. The addition or promotion of employees would require the creation of accounts and user authentication. Similarly, the administration must make sure it deletes or removes accounts when they are not used anymore when the employee/associate is no longer…

  • Notifiable Data Breaches

    Notifiable Data Breaches

    Introduction A data breach is when a sensitive or confidential piece of information/data is illegally accessed by a third party or leaks without the owner’s permission. A data breach can very well occur if enterprises fail to deploy adequate protective measures and cybersecurity. It leads to a further string of problems in regards to protecting…

  • User Onboarding

    User Onboarding

    Introduction Utility and value engross customers or users to continue using the same product/service(e.g., application). User onboarding plays an important part in striking interest amongst the consumer group. User onboarding is a concept that could mean different things at different times. This forms a cloud of confusion around this term because, to some employees, onboarding…

  • Privileged Account Monitoring (PAM)

    Privileged Account Monitoring (PAM)

    Introduction First and foremost, why do privileged accounts need to be monitored at all times? A simple answer to this question is the protection of data. The ‘privilege’ in privilege accounts refers to greater authority and access to a pool of data that is not available to all users under normal circumstances. Greater access makes…