Month: February 2007

The “Model-As” Problem

In my last post, I talked about Jeff Bardin’s excellent session about the reality of successfully deploying an enterprise IAM infrastructure. During his session, he touched upon one of the more interesting problems that we see in enterprises today – the “Model-As” problem. Jeff was referring to a practice that is very common in a

RSA Conf. Notes: Looking For Practical Approaches to IAM

I attended a very informative session entitled “Enterprise IAM Challenges – A Practical Approach to RBAC” given by Jeff Bardin, the CISO at Investors Bank and Trust. It was a frank, open account of his experience leading a team on an IAM project that took his previous employer from a failed audit to a successful

RSA Conf. Notes: Talking about Account Reconciliation

I attended a session titled “Delivering Security Integration with Compliance” by IBM’s Stuart McIrvine. During the session, he laid out the various governance frameworks for IdM (SOX, COSO and COBIT among others) and detailed how IBM’s Tivoli family of IdM products could be used to implement them as part of an IdM practice. As he

RSA Conf. Notes: Unfortunate Coincidence or…?

I’m here at the annual RSA Conference, and it is just as busy as every year. Everyone who is anyone in security is here, which is why certain vendors are conspicuous by their absence (talk about reverse marketing), but that’s a different issue. Every year, it seems like one topic is at the top of

My thoughts heading into 2007

It has been a long time since my last post. The fact that it coincided with the holiday season shouldn’t lead you to think that I was enjoying some well deserved time off. It has, in fact, been quite the opposite. Things have been really busy in the identity management group recently, and I have