An Identity-focused Approach
to Compliance

Mark Worwetz                      Volker Scheuber
Senior Engineering Manager  ...
Novell Compliance Management
                            ®



    Platform
    •   Integrated Identity and Security Manage...
Novell Compliance Management
                            ®



    Platform (cont.)
    •   CMP 1.x Value Proposition
     ...
System Assets,
                                                                  Accounts, and
                           ...
Identity Browser – Accounts




5   © Novell, Inc. All rights reserved.
Identity Browser – Recent Activity




6   © Novell, Inc. All rights reserved.
Per-Identity Provisioning Report




7   © Novell, Inc. All rights reserved.
Per-Identity Account Management




8   © Novell, Inc. All rights reserved.
Role Mapping Administrator




9   © Novell, Inc. All rights reserved.
Where Are We Going From Here?
The Path to Compliance:
A Risk Management and Controls Lifecycle
IT Compliance Lifecycle
         Define business objectives, policies
        and Key Performance Indicators (KPIs)       ...
What's Next?
                                                                     System Assets,
                         ...
What Is My IT Risk?
                                                                     System Assets,
                  ...
IT Risk Calculation Enablers

     •   Asset Valuation Criteria Workflow
          –   $$$ High Value
          –   $$ Med...
IT Risk Calculation Enablers
     (cont.)

     •   Asset Valuation Workflows
          –   GroupWise =              ®



...
IT Risk Calculation Enablers
     (cont.)

     •   Identify Unmanaged/Privileged Accounts Workflows
          –   SAP*, D...
System and Authorization
     Assessment
                                                                     System Asset...
IT Risk Calculation and
     Monitoring Tools

     •   Threat-Enabled Role Mapping Administrator
          –   Bubble up ...
Role Mapping Administrator + Risk




20   © Novell, Inc. All rights reserved.
Risk Overview Dashboard




21   © Novell, Inc. All rights reserved.
Risk Calculation Enabled
                                                                     System Assets,
             ...
How Can I Mitigate these Risks?
                                                                     System Assets,
      ...
IT Risk Control Tools

     •   Threat-Enabled Role-based Provisioning Module
          –   Allow Business Owners to recog...
Provisioning Controls Enabled
                   Multiple Approvals based on Role Level

                                 ...
Identity Risk Dashboard




26   © Novell, Inc. All rights reserved.
Unpublished Work of Novell, Inc. All Rights Reserved.
This work is an unpublished work and contains confidential, propriet...
An Identity-focused Approach to Compliance
Upcoming SlideShare
Loading in …5
×

An Identity-focused Approach to Compliance

636 views

Published on

Come to this session to learn how Novell Compliance Management Platform addresses risk management, access management, and continuous controls testing and monitoring using an identity management based approach. See how Novell Identity Manager and Novell Sentinel provide an end-to-end solution for preventative and detective controls. We'll show you how the Role Mapping Administrator can manage roles-based access to authorizations in enterprise applications. We'll also show how Identity Tracking can not only report on user activity across enterprise applications, but also blend multi-source technical events with business-relevant data to provide identity-based dashboards and reports.

  • Be the first to comment

An Identity-focused Approach to Compliance

  1. 1. An Identity-focused Approach to Compliance Mark Worwetz Volker Scheuber Senior Engineering Manager Senior Engineering Manager Novell Inc./mworwetz@novell.com Novell Inc./vscheuber@novell.com
  2. 2. Novell Compliance Management ® Platform • Integrated Identity and Security Management Platform – Software Components > Identity Vault > Novell Identity Manager with Roles Based Provisioning Module ® > Novell Sentinel ® ™ > Novell Access Manager ® ™ – Tools > Designer for Novell Identity Manager > Analyzer for Novell Identity Manager – Solution Content > Integrated Provisioning and Access Control Policies and Workflows > Identity Tracking > Identity and Security Monitoring and Reporting 2 © Novell, Inc. All rights reserved.
  3. 3. Novell Compliance Management ® Platform (cont.) • CMP 1.x Value Proposition – To which systems do people have access? > Identity Tracking – How did people get access to systems? > Automated provisioning events > Workflow provisioning events – What are people doing with their access? > Identity-based Reporting 3 © Novell, Inc. All rights reserved.
  4. 4. System Assets, Accounts, and Authorizations Role Provisioning Monitoring and Reporting 4 © Novell, Inc. All rights reserved.
  5. 5. Identity Browser – Accounts 5 © Novell, Inc. All rights reserved.
  6. 6. Identity Browser – Recent Activity 6 © Novell, Inc. All rights reserved.
  7. 7. Per-Identity Provisioning Report 7 © Novell, Inc. All rights reserved.
  8. 8. Per-Identity Account Management 8 © Novell, Inc. All rights reserved.
  9. 9. Role Mapping Administrator 9 © Novell, Inc. All rights reserved.
  10. 10. Where Are We Going From Here?
  11. 11. The Path to Compliance: A Risk Management and Controls Lifecycle
  12. 12. IT Compliance Lifecycle Define business objectives, policies and Key Performance Indicators (KPIs) Evaluate processes and to help meet objectives business objectives to identify and qualify risks Monitor Real time risk and detect risk response Analyze risk versus thresholds Allow business to determine best long-term response 12 © Novell, Inc. All rights reserved.
  13. 13. What's Next? System Assets, Accounts, and Authorizations Role Provisioning Monitoring and Reporting 13 © Novell, Inc. All rights reserved.
  14. 14. What Is My IT Risk? System Assets, Accounts, and Authorizations Role Provisioning IT Risk = ??? Monitoring and Reporting 14 © Novell, Inc. All rights reserved.
  15. 15. IT Risk Calculation Enablers • Asset Valuation Criteria Workflow – $$$ High Value – $$ Medium Value – $ Low Value • Identify and Assign Asset Owners Workflow – John Smith – System Owner, GroupWise ® – Abby Spencer – System Owner, Financials Database – Chip Nano – System Owner, Golf Tournament Database 15 © Novell, Inc. All rights reserved.
  16. 16. IT Risk Calculation Enablers (cont.) • Asset Valuation Workflows – GroupWise = ® – Financials = – Golf Tournament Database = • Authorizations Threat Assessment Workflows – High Threat – Medium Threat – Low Threat 16 © Novell, Inc. All rights reserved.
  17. 17. IT Risk Calculation Enablers (cont.) • Identify Unmanaged/Privileged Accounts Workflows – SAP*, DDIC – Administrator – Root • Customized Risk Analysis – Allows partners and customers to add additional criteria for calculating IT risk > Threat Communities and Capabilities > Locale-Specific Threats > Industry-Specific Threats > Compliance Regulation Concerns 17 © Novell, Inc. All rights reserved.
  18. 18. System and Authorization Assessment System Assets, Accounts, and Authorizations Role Provisioning Monitoring and Reporting 18 © Novell, Inc. All rights reserved.
  19. 19. IT Risk Calculation and Monitoring Tools • Threat-Enabled Role Mapping Administrator – Bubble up system authorization threat level to business roles – Approval workflows for role mappings • Risk Analysis Tools – Monitor authorization entitlement grants – Monitor activities of User communities – Risk-related Reports and Dashboards 19 © Novell, Inc. All rights reserved.
  20. 20. Role Mapping Administrator + Risk 20 © Novell, Inc. All rights reserved.
  21. 21. Risk Overview Dashboard 21 © Novell, Inc. All rights reserved.
  22. 22. Risk Calculation Enabled System Assets, Accounts, and Authorizations Role Provisioning IT Risk = Monitoring and Reporting 22 © Novell, Inc. All rights reserved.
  23. 23. How Can I Mitigate these Risks? System Assets, Accounts, and Authorizations Role Provisioning IT Risk = Monitoring and Reporting 23 © Novell, Inc. All rights reserved.
  24. 24. IT Risk Control Tools • Threat-Enabled Role-based Provisioning Module – Allow Business Owners to recognize and mitigate risk in provisioning activities • Impact Reports and Dashboards – Did Risk turn into Damage? What was the cost? – Risk Heat Maps – Should Controls be added, modified, removed? • Controls Content – Packaged policy, monitoring, and reporting content to apply controls to areas of risk 24 © Novell, Inc. All rights reserved.
  25. 25. Provisioning Controls Enabled Multiple Approvals based on Role Level System Asset Values and Authorization Threats Valued by Asset Owner Automated Approvals based on Role Level IT Risk = Monitoring and Reporting 25 © Novell, Inc. All rights reserved.
  26. 26. Identity Risk Dashboard 26 © Novell, Inc. All rights reserved.
  27. 27. Unpublished Work of Novell, Inc. All Rights Reserved. This work is an unpublished work and contains confidential, proprietary, and trade secret information of Novell, Inc. Access to this work is restricted to Novell employees who have a need to know to perform tasks within the scope of their assignments. No part of this work may be practiced, performed, copied, distributed, revised, modified, translated, abridged, condensed, expanded, collected, or adapted without the prior written consent of Novell, Inc. Any use or exploitation of this work without authorization could subject the perpetrator to criminal and civil liability. General Disclaimer This document is not to be construed as a promise by any participating company to develop, deliver, or market a product. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. Novell, Inc. makes no representations or warranties with respect to the contents of this document, and specifically disclaims any express or implied warranties of merchantability or fitness for any particular purpose. The development, release, and timing of features or functionality described for Novell products remains at the sole discretion of Novell. Further, Novell, Inc. reserves the right to revise this document and to make changes to its content, at any time, without obligation to notify any person or entity of such revisions or changes. All Novell marks referenced in this presentation are trademarks or registered trademarks of Novell, Inc. in the United States and other countries. All third-party trademarks are the property of their respective owners.

×