1 / 9

Once upon a time…

Once upon a time…. Identity management issues were seen as tactical business process matters that could be dealt with easily through “simple” technology solutions Campus-wide identity management policy questions were rare and, if raised, were dealt with locally

barid
Download Presentation

Once upon a time…

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Once upon a time… • Identity management issues were seen as tactical business process matters that could be dealt with easily through “simple” technology solutions • Campus-wide identity management policy questions were rare and, if raised, were dealt with locally • Does anyone remember the ID Card Committee? • Then, one dark and stormy night (just kidding), talk turned to integration of services, collaboration tools, “e-everything,” service oriented architecture and enterprise this and enterprise that…

  2. …and then the questions started: “how do we provide secure access to this service? how do we know that they are who they say they are? how can this new technology protect privacy rights? and finally, who is responsible for making these decisions?” In response, IMLG was launched. It was 2004.

  3. IMLGOriginal Charge • Define IdM process roles and responsibilities for obtaining access to information and services • Establish criteria about how decisions are made • Coordinate and negotiate access to information and services • Seek efficiencies, especially in the area of eliminating duplicative cards for ID and security purposes

  4. New Provosts, New CIO, then interim CIO, New Director of DoIT, New Chancellor, New Deans, Interim Registrar, New HR Director, New Enterprise Systems… Change happens Impacts • Update IMLG Charter and Membership • Define role of IMLG in support of CIO strategic plan • Define role of IMLG in IT policy • Define role of IMLG in support of campus information security • Charter working group to recommend governance and process issues around new affiliations (ARG) • Establish policy to define sensitive data • Establish (define) a data stewards group

  5. Despite the chaos, we did make progress… • New UDS Appropriate Use Policy • Template for assigning Net IDs to new affiliations • Combined ID/Access cards • Campus awarded InCommon membership • Created definition for sensitive data and endorsed the policy on encryption of sensitive data • Restricted data security standards defined • Agreed to become steering committee for the Madison portion of the UW System IAM initiative • Established technical subcommittees (ID card, NetID policy, affiliation review group….)

  6. What “influences” IMLG policy discussions? • Laws and institutional policy (state and federal laws, UW System rules, faculty rules and regulations, etc.) • Enterprise systems (IAM, HRS, ISIS, etc.) • UW-Madison campus projects and systems owned by schools, colleges and administrative units (APR, business process review, emerging technologies, departmental systems

  7. April 29, 2010 Identity Management Policy-Related Influences Laws and institutional policy (state and federal laws, policy etc.) IMLG UW Campus projects and systems owned by Schools and Colleges (APR, business process review, emerging technologies, departmental systems) Enterprise systems that influence policy (IAM, HRS, ISIS, etc.)

  8. What’s next? • Focus on Security Standards as they relate to Identity Management • Focus on Stewardship • What do we need in terms of policy guidance?

  9. Safeguarding the Information Entrusted to Us Data Governance and Management (Data Stewardship) Policy and Law Individual Education Services College, School and Unit Institution Tools Communication/ Collaboration Accountability Assessment and Audit

More Related