I read two interesting articles on different topics today and wanted to comment on both.
The first article is simply called "Identity Management" and appears on the Nextgov website. This was a very nice high level introduction to what happens in Identity Management. Just when you get to the point of "I've heard all of this before," it turns around and goes into a quick discussion of US Government requirements for Identity Management technology, particularly in light of Homeland Security Presidential Directive-12, which sets Identity and Access Management standards in the Executive branch of US Government. There are those who feel that this level of security is an excellent blueprint or at least inspiration for how private sector security should be executed.
The second article comes courtesy of the perspectives in the United Kingdom. In the article "Treat data like cash and the leaks will cease" the author, John Higgins makes a point that I think is long overdue. We do not put the same emphasis on data, particularly Identity data that we put on other parts of business and day to day transactions. It's such a basic observation in our field, and one I'm surprised has not been made before. Given recent lapses maybe it is time we started looking at how we treat data a little more carefully. I think it can put legislation like SOX in a whole new light. It might also be something to make us think again about how we make our business case for Identity Management and GRC solutions in the Private Sector.
No comments:
Post a Comment