Toolkit for Developing an Identity and Access Management (IAM) Program

Published:: Tuesday, May 7, 2013
: Briefs, Case Studies, Papers, Reports

Author(s) and Contributors:: Author(s): Erik Decker Andrea Beesing Matthew Dalton Jacob Farmer Shirley Payne Miguel Soldi Don Volz David Sherry Steve Vieira Vieira

Source(s) and Collection(s):: Sources(s): Community

ParentTopics:: Cybersecurity Identity and Access Management Health Insurance Portability and Accountability Act (HIPAA) Privacy

Abstract

The IAM Program Outline has been created as a roadmap for institutions to use in developing an IAM program (or to address gaps in their current offerings) including:

Providing a structure or guidance for those starting IAM
Identifying a policy framework that institutions may need to consider
Developing a policy template (or set of policy templates) that other campuses can use
Providing guidance or awareness about IAM governance
Identifying existing IAM policies or programs and providing use cases
Otherwise strengthening the business side of the IAM program

Target Audience:

Those responsible for IAM policy development.
Those who have IAM policies in place that need to be updated.
People or functions impacted by regulatory requirements regarding access control (e.g., GLBA, HIPAA).
Institutions developing an IAM program or set of policies for the first time.

The Columbia University IAM Use Case, provided as a companion piece to the IAM Program Outline, was develeoped and written by Erik Decker (Assistant Director of Information Security, Columbia University).

Download Resources

Download PDF
Columbia University Case Study
Download PDF
Toolkit