Considerations in Role Design

The connected world of business today requires that people perform various tasks culminating in a desired goal while having different responsibilities. The level of complexity creates problems for anyone managing access to various systems. Roles, being a collection of permissions to be assigned to users, are being used to manage the complexity.

Design of roles is fast becoming a subject of interest in both the academic and corporate world for obvious reasons. Every organization attempts to perform its own exercise, due to the fact that they all have different functional needs and structures. The attempt is made mainly as a bottom-up or top-down exercise. It must be understood that role design is not an activity; it is a process which keeps evolving. The changes can occur due to corporate restructuring or business demands.

In both cases, the roles can be structured in multi-level hierarchies to represent business and technical capabilities. These levels can depend on the complexity of the existing system and the number of functionalities that needs to be assigned; the bigger the size of the business, the greater the number of roles and levels.

Developing Useful Information Security Policies

Going through the process of developing a set of policies for your workplace is a must as you reach some point of growth within your organization. Many companies operate for years without taking the time to develop a standard set of information security policies. We have started to see an uptick in the number of organizations making the move toward budgeting time for policy development, testing, and implementation as a result of the various regulatory requirements the business may be subject to. I want to take a moment of your time to cover some areas I recommend you think about as you go through the process of putting together the necessary policies for your organization.

Tivoli Directory Integrator – On Multiple Entries

Tivoli Directory Integrator (TDI) is a pretty neat tool that comes packaged with IBM Tivoli Identity Manager (ITIM).  TDI comes out to the box with a multitude of connectors that are used to as the name says, connect to different sources.  One of the most common business processes where TDI is used is to extract data, transform the data and then load the data into different data source (ETL).  For an example, it is common to use TDI to extract Human Resources data and using a DMSL connector, send the data over to the ITIM Application for processing.

One of the main considerations in extracting data from different sources is the data.  The data values, the data relationships and attributes do not always exist as advertised.

For example:  The process pulls the employee information from SAP and then does a lookup to Active Directory using the employee number.  Active Directory is only supposed to have one entry for each employee.  “Supposed to” is the key word.  In some cases, there are multiple AD accounts for one employee.

Internet Enable your Applications using WebSEAL with Active Directory Authentication

Let’s say you have a set of applications you use within your organization that you want to make available for access from the Internet. Let’s further say you want remote users to login using their Active Directory credentials. That way, there is no additional password maintenance to worry about – for users or for support staff.

Sounds great, but can you pull it off without exposing your organization to the countless threats lurking out there on the Internet?

In most cases, it can be achieved with minimal risk to your systems and applications. Furthermore, PathMaker can help you design and deploy a solution, as well as help you analyze your applications and infrastructure for potential vulnerabilities.

Minding your P’s and P’s

It seems that there is a constant barrage of regulations and standards that businesses must comply with. Every quarter there is a new audit; SOX, GLBA, HIPAA, PCI, and the list goes on. Businesses try to accommodate these requirements by adopting structured governance model which presents their own requirements, seldom aligning perfectly with the others. Fortunately, there is a common thread woven into all these business detractions. If managed properly, that thread can be a lifeline to save much of the time and effort required to meet regulatory requirements. So what is this thread? It’s your policies and procedures.

Policies and procedures are the foundations of your businesses activities. They are the rules that you play by. They also can make up much of the evidence required by auditors to show that you understand and intend to comply with whatever regulation or standard being applied at that moment. Policies are high level management directives. They are designed to indicate to the company’s workers that management has made a commitment to something which they expect the staff to uphold. Policies are typically general in nature. Specifics are usually in the domain of the procedure.