Posts Tagged ‘security architecture’

It’s been 13 years since I last authored a book so to avoid any comparisons to J. D. Salinger, known for his virtual disappearance from the publishing scene after releasing his most famous work (people often get us confused), I dipped a toe in the book business again in at least a small way …

ISMH CoverIf you’ve ever tried studying for the CISSP (Certified Information Systems Security Professional) exam, often referred to as the “gold standard” of professional certs for the IT security industry,  you’ve probably run across the Information Security Management Handbook. Now in its 6th edition, this collection of essays covering the 10 domains of what is referred to as the CBK (Common Body of Knowledge) is updated annually with new chapters on issues relevant to practitioners. 

This year’s update (Volume 7), includes 27 new chapters including my $0.02’s worth (maybe less) on Identity and Access Management (a.k.a. IAM) architecture. I adapted this from a presentation that the publisher saw me give at InfoSec World 2012 and hope you find it useful.

It’s an honor to have my words alongside those from some of the true leaders of the industry, many of whom are probably now scanning the table of contents and wondering how I slipped in.  🙂



Actually the conference is in Scottsdale but Glen Campbell probably wouldn’t think that has quite the same ring to it, hence the poetic license.

Anyway, I’ll be presenting on the topic of “Creating an End-to-End Identity Management Architecture” at the IT Audit & Controls Conference on Oct 31, 2012. You can click on graphic below to view logistics and detailed agenda. Hope to see you there…

I’ll be presenting at InfoSec World 2012 in Orlando, which runs April 2-4. My talk will be on the first day at 1:30 on the subject of “Creating an End-to-End Identity Management Architecture” and will cover the following:

• A holistic view of the various components that comprise an enterprise-wide identity and access management infrastructure
• The appropriate role of directories, metadirectories and virtual directories – what they reasonably can and cannot do
• The elements of an automated account provisioning/de-provisioning system
• How role management can help you get a better handle on identities
• Lessons learned and best practices of identity management

I’ve been attended and presented at this conference numerous times over the past decade and found it always to be one of the best of its kind. If you can make it down to Orlando, please stop by and say “hi.”