KuppingerCole's Advisory stands out due to our regular communication with vendors and key clients, providing us with in-depth insight into the issues and knowledge required to address real-world challenges.
Unlock the power of industry-leading insights and expertise. Gain access to our extensive knowledge base, vibrant community, and tailored analyst sessions—all designed to keep you at the forefront of identity security.
Get instant access to our complete research library.
Access essential knowledge at your fingertips with KuppingerCole's extensive resources. From in-depth reports to concise one-pagers, leverage our complete security library to inform strategy and drive innovation.
Get instant access to our complete research library.
Gain access to comprehensive resources, personalized analyst consultations, and exclusive events – all designed to enhance your decision-making capabilities and industry connections.
Get instant access to our complete research library.
Gain a true partner to drive transformative initiatives. Access comprehensive resources, tailored expert guidance, and networking opportunities.
Get instant access to our complete research library.
Optimize your decision-making process with the most comprehensive and up-to-date market data available.
Compare solution offerings and follow predefined best practices or adapt them to the individual requirements of your company.
Configure your individual requirements to discover the ideal solution for your business.
Meet our team of analysts and advisors who are highly skilled and experienced professionals dedicated to helping you make informed decisions and achieve your goals.
Meet our business team committed to helping you achieve success. We understand that running a business can be challenging, but with the right team in your corner, anything is possible.
Hi, I'm David Doy. I am manager and founder of the open measure. Wiki four IM professionals, IM programs are known for high failure rates, and there are certainly multitude of reasons for that. But end of the day, IM is hard. And in this short presentation, I will present you one perspective on IM that may contribute to making it more successful. So what are the building blocks of a successful IM program within an organization? Technology, of course, technology is per technology is everywhere. Technology provides you the features and capabilities that will sustain your IM program.
So technology is a building block, but in the IM field, we know for a fact for more than 20 years of research, that IM is not a technology. It is not a tool first and foremost, IM is a process or a set of processes. And if you get the right technology, but fail to implement the right process, your IM program will fail. So process is a fundamental building block of any successful IM program, but what would be your process without people you need IM professionals to operate and to manage the process. And people are much larger than just the, the process agents and they are also your stakeholders.
People are top management that provide you budget financing for your IM program and people or your stakeholders, HR it, your workforce, your customers. So people really is an even more fundamental building block than process for any successful I program. But people in silos will not achieve anything. If you have some experience in management or project management or program management, you know, for a fact that communication is the critical success factor of every single initiative that you undertake in your organization.
And that is especially true for IM communication is the glue that puts people together and enables them to achieve things. So communication is an even more fundamental building blog for a successful IM program. And what are the building blocks of communication itself? Well it's and words, concepts and words are the constituent of any communication thus using accurate concepts and words is a prerequisite for great communication.
So this simple realization on the importance of having accurate definitions to sustain our IM communication plans, this simpler realization was at the origin of the open measure initiative. And the goal of this initiative is to develop a reference dictionary for all IM professionals to help them communicate on IM with, within the industry and with outside stakeholders as well. So what I will do now is that I will show you a few simple dictionary entries extracted from the open measure dictionary. My hope is that it'll be informative, that you will learn something.
But my real goal is to convince you of the critical importance of using accurate definitions in the IM industry. And because most people are better at learning things visually rather than through reading, I will use here a tool that we use in the open measure dictionary called conceptual diagrams. And as you will see, conceptual diagrams are diagrams that are used to summarize the key components of a concept let's get us started. Here's the conceptual diagram that summarizes the, the orphan account concept. So what is an orphan account?
Well, it is a security risks and sometimes a compliance risk, but it is also a digital identity. And in a normal situation, you would have an entity that has an active alleged with ownership over its identity. And here what characterizes an orphan account is that there is no longer this active and legitimate ownership of the identity by the, the, the entity orphan accounts can be found in all IM SubD domains. We all often think of the workforce IM domain, but of course, for example, identity federations is plagued with or orphan accounts.
There are multitude, a number of causes or sources for orphan accounts in an information system. And if you think of orphan accounts as being the byproduct of failed lever process, you may be missing something important here because in fact, orphan accounts may pop up from a multitude of circumstances that go far beyond deliver process.
Well, orphan accounts of course have a number of security consequences and here with them show a few possible counter measures to mitigate the risks of orphan accounts. What is an identity quo?
Well, this is an interesting concept because sometimes even I am professionals don't know what an Identitywa is. So basically an identity guardian is a role played by a person in an identity management system. When we have an identity that is representing a subject or an entity, an identity den is a person that has legal authority to act on behalf of the subject. So this is a complimentary whole to the subject role within an identity management system. And it may be extremely important if you have minors or adult under legal guardianships or person who grant power of attorney.
These are circumstances where the identity management system require as a functional requirement and sometimes as a legal requirement to support the identity guard in a role. So what is an information security domain?
Well, this is an interesting concept because it is often confused with the Microsoft active Dary domain and in information security domain is a much more general concept that has been defined in computer science. It is a specialized system. The key components of an information security domains are entities that may perform operations on resources. That's a basic it system. We need also the presence of authorities, that issue policies that prescribe authorizations telling what entities can do on these resources, but more importantly, because this would be just a basic it system.
An information security domain is characterized by the fact that the entities and the authorities together form a community of interest. And this is really a key word. Also an information security domain is a system that is bounded, and that is quant.
In fact, within your organization, there may be a multitude of information, security domains, and sub domains and so on and so forth. What is an account takeover?
Well, an account takeover is one particular subclass of an identity theft that is a marginal term. An account takeover is generally illegal. It is committed by a perpetrator that is distinct from a victim. The victim owns an identity. So the victim has authorization to control the identity, but in the context of an account takeover, the perpetrator takes control of the identity.
Thus, the victim loses control of the identity and the perpetrator perpetrator may have different motivations, may have different, different motivations, money, reputation, or identity deception. So what is an insider? An insider obviously is not an outsider. It is an entity that is often a person. If we consider your extended organization, your organization was its suppliers, business partners, vendors, OTOs contractors, former employees, whomever.
If we consider this your extended organization and insider is defined as an entity that has knowledge and trust and maybe capabilities related to this extended organization and thus the insider poses, the insider threat, because it may damage your organization. In general, we distinguish two subclasses of insiders, the unprivileged, insider, and previewed insider because the PED insiders have more capabilities to cause damage to the organization. So here is the conceptual diagram that summarizes what the login ID is.
Basically it is an identity attribute and more particularly a unique identifier. When we have an, an entity that makes a claim related in relation to an identity, then the claim references, a looking ID that uniquely identifies the identity within an information security domain. That's the fundamental definition of logging 80, but there is a lot of confusion. People tend to login ID with other similar, but distinct identity attributes, such as identity system ID, profile, display names, entity, names, emails, and so on and so forth. So these are really distinct identity attributes.
We are not going to go into all the details here. We, we see a number of naming conventions that may be used for logging ID and some particular such as for example, the immutability of logging IDs in certain legacy Systems. So here is the conceptual diagram summarizing what a privilege abuse is. So a privilege abuse is a subclass of a more generic concept called the insider threat. It consists in an abusive usage of effective access permissions.
And this is very interesting because it really depicts a situation where the entity was granted those access permissions, but abuses these a privilege abuse is intentional. And when we have accidental issues with access permissions, it is not named a privilege abuse motivations for abusive usage of effective access. Permissions is very often fun and curiosity. Surprisingly, of course, also financial gains and, and, and, and other motivations. We sub divide privilege abuses in two subcategories, excessive privilege abuse and legitimate privilege abuse.
And basically the difference between the two is the compliance with the need to know principle. If the need to know principle was complied with, we will talk about legitimate privilege abuse while if the need to know principle was not complied with, and we were granting too much access permissions to the entity. Then we would talk about excessive privilege. And here we can see a number of possible counter measures for the P use risk. What is a password spraying attack?
Well, it is a sub class of a more general class of attacks called brute force attacks. It is used by threat actors who will compile a database of probable passwords that may be either common passwords or passwords built from public information that is related to the target user population. The threat actor uses a rotation shame that reuses this database of passwords to guess the passwords of identities and attempt authentication with these identities.
Of course, it is related to systems that have that use passwords as an ion factor. Obviously, password spraying ethics are more effective when the user population is large, because the assumption is that among these large population, there will be a number of identities that have weak passwords password spraying attack may be used both during initial exploit exploitation or for lateral movement. And there are a number of countermeasures that may mitigate the risk of password spraying attacks. And here is yet another example of conceptual diagram extracted from the dictionary here.
It depicts the credential harvesting attack concept, but I think you've, you've got a general point. I believe that this conceptual diagrams, why not perfect of course may be an interesting tool to teach identity and access managements to both I am professionals and to people outside the industry.
So next, the next question is how much does it cost to purchase the dictionary? And the good news for you is that it is perpetually free. The dictionary is owned by the open measure non-profit association and all the, the, the material that is being produced is under creative commons license, which means that you can with total freedom, use it and reuse it. So what's next?
Well, the dictionary is online. So just use it be user of the dictionary, but writing a reference dictionary of high quality for the IM industry is a gigantic task and we need contributors. So we need authors to write new dictionary entries, and we need reviewers to reread comments and critique the dictionary entries that we publish. So if you would like, if you are interested in contributing, you would be warmly. Welcome. Just reach out to us. We also have a, a slack workspace where people may have lively conversations on, on this.
And finally, the development and publication of this dictionary involves a number of costs. So we are also looking for patterns to donate some money for the project. I hope that this short presentation was informatic and useful. I hope that you will find some value in this work that we are doing for the IM community and noted to each out to me. If you have any question, goodbye,
