Describe about the Report for Information Security Management of Case Study of Healthscope.
The report will depict a framework known as Identity and Access management (IAM) for the business processes that, facilitates the management of electronic identities of Healthscope. Healthscope is an Australian Company that uses IAM technologies in their organization to improve their management system from the traditional one. The aim is to build a secure and user friendly project. The report will illustrate the detail description of IAM and its application in the organizational practices. Additionally, it will also provide the importance of IAM in Healthscope and different ways in which the practices can be developed.
Description of IAM
Identity and access managements system is referred to as a critical foundation for the realization of business profit in terms of savings, management control system, electronic growth in E-commerce and managerial control system (Leandro et al. 2012). In internal and external applications, organizations need to manage the data scattered throughout the system, IAM technologies help the organization to create a balanced business strategy in order to achieve the ultimate objective initially set for the company. Lonea, Tianfield and Popescu (2013) stated that, four major categories such as Authentication, authorization, user management and central user Repository are found in IAM technology implementation. In IAM the identity and access management are complimentary to each other. IAM is used to provide appropriate access to authenticated person to reduce the risks occurring within the organization.
The goal of the organizations can be securely implemented with the help of the IAM technology (Nida Dhiman & Hussain 2014). IAM function performs correctly as it does not compromise with the security of sensitive information. The four categories are discussed below:
Authentication: This area is referred to as the authentication management and session management system. This is a particular module that helps the users to provide enough credentials to get initial level of access for a particular resource (Lonea Tianfield & Popescu 2013). The scope of risk reduced at a large rate with the proper implementation of IAM in different organizations. It basically, establishes a secure connection between the user and the application system. The authentication system generally comes up with a user identity and password functions for login in a particular web page. IAM framework helps different organizations to govern their overall system.
Authorization: Authorization analyses the resource management system of a particular organization (Uddin & Preston 2016). As, Healthscope is one of the leading health care organizations of Australia, thus, authorization is an important factor that come under consideration during the implementation of IAM technology within the system. It generally plays a vital role in access control in terms of complex management, access channels, resource data etc. It is activate as a URL form in different web based applications.
User management: It is a potential management system that comprises the user and password management system (Lonea Tianfield & Popescu 2013). It also maintains the privileges and different user identity to improve the accuracy of the system and integrated data. Friedman and Wagoner (2015) stated that, according to changing times proper updates and maintenance of data with delegations are utilizes by the user management system. An integrated workflow capability model is required to approve the user actions took place within the user management system.
Central user repository: This is a kind of database storage system, which has the capability to store and retrieve information regarding the organization (Friedman & Wagoner 2015). It represents an aggregation or logical view of identities of different organizations and generally it come up with 2-way data synchronization system. In central user repository the used database, is virtual but the content of the database is relevant to real time management system.
Figure 1: Identity access management
(Source: Friedman & Wagoner 2015, pp-50)
Importance of IAM
IT security management team and the security managers play vital role in the organization. The chief Information and security officer (CISO) said to prepare a report on IAM technology that is implemented in Healthscope health care organization. Comparison among products, people and processes are managed with the help of the IAM management system (Rittinghouse & Ransome 2016). The technology is implemented in different organizations to prepare and control the proper functionality to enhance the profitability and security of the organization. Apart from this, IAM technology is implemented due to some importance factors. The importance of IAM is as followed:
Security improvement: IAM technology can improve the security system and it has the capability to cut down the cost (Leandro et al. 2012). The invisible complexity is increasing everyday in the IT based security management system and the numbers of people are enhancing who are accessing the system at a time. In order to reduce the complexity the organization is incorporating cloud platform within their traditional system.
Task based approach: As Healthscope is a health care organization and it operates different private hospitals, medical centers and provides pathology services too (Nida, Dhiman & Hussain 2014), therefore, the task based approach is one of the important factors implemented by IAM technology services. As, many employees are working for the company, thus, information based privacy is a remedy to the overall information security system.
Single campus: In Healthscope organization IAM technology is implemented as it provides the facility of single campus utilization. Over 17,000 employees are working for the company and same time same key or tools are accessed by more than one employee (Cowles et al. 2014). Therefore, single campus system will help the organization to reduce the complexity level. It is a system of independent authority.
Multiple campuses: If any information of the organization is transfers to multiple organizations at a time then, efficiency and program benefit can be achieved. On the other hand, regularity compliances based issues can get solved by implementing IAM solutions (Alotaibi & Wald 2012). Password related problems and corporate network based can get solved with the help of the IAM solution implementation.
Development of IAM in Healthscope
In Healthscope health care organization several information security based issues are occurring, in order to mitigate the issues, introduction of IT in terms of Identity access and management system (IAM) is required (Friedman & Wagoner 2015). From the enterprise context it can be said that IAM is a five layered architecture. The last or fifth layer is consists of endpoint based access control system and the fourth layer is consists of web tire based access control system. The second and third layers are respectively identity credential access control governance and audit and access integration. The first layer is audit and compliance layer.
In order to develop IAM technology in Healthscope these steps are needed to be implemented in an organized manner. Appropriate implementation of the technology reduces the level of difficulties (Chadwick et al. 2014). The development of IAM architecture is a top down approach. The process encompasses different functionalities such as corporate governance, enterprise risk management system etc. the second layer deals with the identity credentials and data integration. According to Cowles et al. (2014), before implementation of the architecture within the organization a feasibility study is required to made so that the management will come to understand weather the technology is commercially fruitful or not. The third layer and second layer are used for digital certification for authentication of the system and apart from this, it also enable the web applications to be more active and corporate.
Therefore, the developed IAM based architecture implies that the system is completely secured and the data integrity is also functionally active. Additionally, third party vendors have been figured as the weak link in certain recently used security breaches (Rittinghouse & Ransome 2016). The developed system helps to keep the system secured. Safeguarding enterprise system and data security can help to achieve their business goals.
Recommendations regarding recent IAM technologies
The IAM technology is beneficial for the organizations but still some risk factors are associated to this technology (Friedman & Wagoner 2015). Therefore, being a security manager of the Healthscope healthcare center certain recommendations are provided to the company. These are as followed:
Planning: Appropriate planning should be done before the implementation of the project, so that, the IAM framework can reaches the entire business target.
Participation: Cloud technology development: SaaS and PaaS should be incorporated properly so that the company, get more benefits from the commercial marketplace (Uddin & Preston 2016).
Expert employees: As the company is implementing cloud service technology thus, expert team is required who are having enough knowledge regarding the cloud.
From the overall discussion it can be concluded that Healthscope, health care organization has implemented IAM (Identity and Access Management) technology in order to reduce the risks related to IT. Apart from this, the information security related threats can also be removed. The report illustrated the importance of IAM technology from the organizational context and development practices of the technology. Additionally, being a security manager of the company certain recommendations are also provided to the company.
Alotaibi, S.J & Wald, M 2012,June. Security, user experience, acceptability attributes for the integration of physical and virtual identity access management systems. In Information Society (i-Society), 2012 International Conference on (pp. 277-282). IEEE.
Chadwick, D.W, Siu, K., Lee, C, Fouillat, Y& Germonville, D 2014, Adding federated identity management to openstack. Journal of Grid Computing, 12(1), pp.3-27
Cowles, R, Jackson, C, Welch, V & Cholia, S 2014, March. A Model for Identity Management in Future Scientific Collaboratories. InInternational Symposium on Grids and Clouds (ISGC).
Fremantle, P, Aziz, B, Kopecký, J & Scott, P 2014, September. Federated identity and access management for the internet of things. InSecure Internet of Things (SIoT), 2014 International Workshop on (pp. 10-17). IEEE.
Friedman, A.R & Wagoner, L.D 2015, The Need for Digital Identity in Cyberspace Operations. Warfare, 14, pp.42-52.
Hu, V.C Kuhn, D.R & Ferraiolo, D.F 2015, Attribute-Based Access Control. IEEE Computer, 48(2), pp.85-88.
Leandro, M.A, Nascimento, T.J, dos Santos, D.R, Westphall, C.M & Westphall, C.B 2012, Multi-tenancy authorization system with federated identity for cloud-based environments using shibboleth. In Proceedings of the Eleventh International Conference on Networks (pp. 88-93)
Lonea, A.M, Tianfield, H & Popescu, D.E 2013, Identity management for cloud computing. In New concepts and applications in soft computing(pp. 175-199). Springer Berlin Heidelberg.
Nida, P, Dhiman, H& Hussain, S 2014, A survey on identity and access management in cloud computing. Int. J. Eng. Res. Technol, 3(4).
Richthammer, C, Kunz, M, Sänger, J, Hummer, M & Pernul, G 2015, Dynamic Trust-based Recertifications in Identity and Access Management.
Rittinghouse, J.W & Ransome, J.F 2016, Cloud computing: implementation, management, and security. CRC press.
Uddin, M & Preston, D 2016, in , Systematic Review of Identity Access Management in Information Security, viewed 18 August 2016.