« Sponsors, Supporters, Speakers Needed for BSides Austin | Main | The Three Domains of Application Security »

RSA 2010: Check Out This IAM 1-Day Tutorial

My friends Erik Heidt and Dan Houser have once again been granted the privilege of presenting their excellent 1-day tutorial on identity management. They have been working to refine this class over the last few years and it looks to be better than ever. Says Erik:

"Identity Management is at the core of a successful Information Security program. In many ways, it is the primary technical control for policy enforcement and oversight. In addition to the important role Identity Management plays in risk management and oversight, many of your business partners think of Identity Management “as” Information Security. The question of "how do I get access to X" is a question near and dear to the heart of your business partners. Many of the security controls we all work with day to day are largely invisible to business partners, but password problems, access request delays, and audit findings are very visible to them."

You can get more information about this session (TUT-M21 "Foundations for Success: Enterprise Identity Management Architecture" - see description below) at:


Foundations for Success: Enterprise Identity Management Architecture

Date & Time:
Monday March 1st
9:00am – 5:00pm

Dan Houser, Identity Architect, Cardinal Health
Erik T. Heidt Information Security Architect, Assistant Vice President Fortune 500 Financial

Identity and Access Management is the foundation for access controls in the Enterprise, a mission-critical IT function that is both the lifeblood of your business, and a frustrating and difficult beast to tame. Your IdM infrastructure is more complicated, with more moving parts, and more partners across the enterprise, than any other security related service.

This interactive session, taught by experienced IdM veterans and practitioners, provides an architectural view to resolving identity challenges, and will provide detailed and informative discussions on directory services, web access management, Single Sign-on, federated identity, authorization, provisioning and more. The morning session will provide an overview of the foundations of IdM, while the afternoon will provide a customized, detailed and interactive session to focus on the specific identity disciplines they find most challenging.

This workshop will cover:
* Principles of Identity and Access Management and implementation strategies
* Infrastructure architecture -- critical underlying processes to run a successful enterprise
* Web-based authentication & Web Access Management
* Selling Identity strategy in the C-suite
* Directory Services – Enterprise, meta-directories and virtual directories
* Provisioning - managing the processes of Identity and Access Management
* Identity mapping and roll-up
* Detailed Single Sign-on strategies: Getting off Identity islands
* Detailed Federated Identity discussion and case studies
* Gritty Reality of Federation SSO: Lessons learned from 14 major federation projects
* Multi-factor authentication: biometrics, tokens & more
* Functional IDs - real world considerations of this often forgotten access control
* User Access Audit: Proving only authorized users have access
* Auditing the identity systems

Key Learning Objectives:
Participants should have a basic background in Information Security, IT systems, and identity management. After the class, participants should feel well grounded in identity management, understand the broad landscape from both a technical as well as a business perspective, and have gained practical insight into the strategies which will enable them to meet identity challenges in their organization.


TrackBack URL for this entry:

Post a comment


This page contains a single entry from the blog posted on January 6, 2010 8:46 PM.

The previous post in this blog was Sponsors, Supporters, Speakers Needed for BSides Austin.

The next post in this blog is The Three Domains of Application Security.

Many more can be found on the main index page or by looking through the archives.

Creative Commons License
This weblog is licensed under a Creative Commons License.