Toolkit for Developing an Identity and Access Management (IAM) Program

Published:
Briefs, Case Studies, Papers, Reports
Author(s) and Contributors:
Author(s): Erik Decker Andrea Beesing Matthew Dalton Jacob Farmer Shirley Payne Miguel Soldi Don Volz David Sherry Steve Vieira Vieira
Source(s) and Collection(s):
Sources(s): Community
ParentTopics:
Cybersecurity Identity and Access Management Health Insurance Portability and Accountability Act (HIPAA) Privacy

Abstract

The IAM Program Outline has been created as a roadmap for institutions to use in developing an IAM program (or to address gaps in their current offerings) including:

  • Providing a structure or guidance for those starting IAM
  • Identifying a policy framework that institutions may need to consider
  • Developing a policy template (or set of policy templates) that other campuses can use
  • Providing guidance or awareness about IAM governance
  • Identifying existing IAM policies or programs and providing use cases
  • Otherwise strengthening the business side of the IAM program

 

Target Audience: 

  • Those responsible for IAM policy development.
  • Those who have IAM policies in place that need to be updated.
  • People or functions impacted by regulatory requirements regarding access control (e.g., GLBA, HIPAA).
  • Institutions developing an IAM program or set of policies for the first time.

 

The Columbia University IAM Use Case, provided as a companion piece to the IAM Program Outline, was develeoped and written by Erik Decker (Assistant Director of Information Security, Columbia University).

Download Resources