What are some important components of IAM policy?

Risk Management Security Strategy & Roadmap

936 views2 Comments

Sort by:

Information Security Analyst5 months ago

I would recommend NIST CSF (Identify, Protect, Detect, and Respond) structure and develop under each piler.
As other members have mentioned below, define Identity stores and types, authentication types (NIST SP 800-63B), encryption requirements, LCM, Logging, etc.

Sr Software Principal engineer (Gen AI and ML Security) in Hardware5 months ago

who - can access (Authentication)
what - actions are allowed in that environment (Authorization)
Audit & Reporting
Administration

Content you might like

I’ve been digging into ways to strengthen Zero Trust on IBM i systems, especially as more orgs shift toward hybrid cloud. I’m curious, how are others approaching threat detection around shadow AI use and supplier exposure in these environments?

I'm looking to go for the Certified CISO certification & training as I'm an aspiring CISO. Any recommendations and additional certifications that I should be doing along with that? I already have CISSP.

How do you manage elevated access for your workforce?

Provision privilege user account separate from regular user account, and expect workforce to use privilege account for elevated access70%

Provision standing privilege\elevated access on the regular user account 30%

Use Just-In-Time (JIT) provisioning to elevate privileges on demand for regular user account26%

View Results

Which of the following does your organization already consume as-a-service, or is planning to do so in the next 12 months?

Security Operation Center (SOC)27%

IT / Network Operation Center (NOC)46%

DevOps45%

Managed cloud services, incl. FinOps (cloud cost optimization)35%

IT & Hardaware procurement25%